[18362] in cryptography@c2.net mail archive
Re: Another entry in the internet security hall of shame....
daemon@ATHENA.MIT.EDU (Damien Miller)
Fri Sep 2 09:49:16 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 2 Sep 2005 09:59:53 +1000 (EST)
From: Damien Miller <djm@mindrot.org>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: cryptography@metzdowd.com, jamesd@echeque.com
In-Reply-To: <E1E9yJ5-0003iz-00@medusa01.cs.auckland.ac.nz>
On Tue, 30 Aug 2005, Peter Gutmann wrote:
> - A non-spoofable means of password entry that only applies for TLS-PSK
> passwords. In other words, something where a fake site can't trick the user
> into revealing a TLS-PSK key.
This sounds like a solution replete with all the problems that passwords
have had all along: users choosing bad ones, using the same ones for
different sites, never changing them, servers getting hacked (disclosing
the probably-shared passwords of thousands of users), etc. ad nauseum...
The last threat is particularly pertainent because it appears there is a
requirement for servers to retain the PSK in cleartext. (To be fair, the
draft does RECOMMENDED that implementations provide a way to generate
random PSKs, but this has been recommeded for passwords in general for
decades, to little effect.)
Given the complete lack of good password management practice in the vast
majority of websites, what will make them start doing things right with
TLS-PSK?
Maybe some of this could be solved with a good UI in the web browser (e.g.
by treating the PSK as a key rather than a password), but arm-waving about
UI refinements applies to improving certificate handling too.
-d
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
