Jean-Marc Desperrier wrote:
> But Curl, that supports secret keys from version 7.21.4, with GnuTLS
> only at the moment but is pushing hard to get in in Openssl also,
> apparently has simply given up about having TSP-SRP support when
> compiled with NSS.
>
> I see in an old doc that Johnathan was considering SRP support in
> Firefox for 3.next ( https://wiki.mozilla.org/Firefox/3.next/hitlist
> ).

An augmented PAKE user authentication protocol might be very useful for some 
things, but TLS-SRP seems very troublesome. IIRC, there are at least four 
deal-breaking problems with TLS-SRP as a substitute for PKI:

1. The user's username is sent in the clear. The user's username should be 
protected.

2. The strength of the authentication of the website to the user is a function 
of the strength of that user's password; that is, a user with a weak password 
will have a very weak assurance of the server's identity. (I don't remember if 
this is exactly correct, but I think so.)

3. The user cannot verify the identity of the server until after the password 
has been entered. However, we've trained users to enter their passwords only 
after verifying the server's identity. 

4. You cannot identify the server until after you've created a 
username/password on that server. But, account creation usually requires giving 
the server personally identifying information that should be protected by 
encryption and only sent after the server has been authenticated. 

Using the TLS_SRP_SHA_RSA_* cipher suites avoids problems #2 and #3 and using a 
non-SRP ciphersuite for account signup solves #4. But, that requires using PKI 
and #1 is still a big problem.

- Brian
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to