James A. Donald [EMAIL PROTECTED] writes:
From: [EMAIL PROTECTED] (Peter Gutmann)
TLS-PSK fixes this problem by providing mutual
authentication of client and server as part of the key
exchange. Both sides demonstrate proof-of- possession
of the password (without actually communicating the
Peter Gutmann wrote:
And that's it's killer feature: Although you can still be duped into handing
out your password to a fake site, you simply cannot connect securely without
prior mutual authentication of client and server if TLS-PSK is used.
If I have understood the draft correctly, using
Simon Josefsson wrote:
No, the certificate is verifiable in deterministic polynomial time.
The test is probabilistic, though, but as long as it works, I don't
see why that matters. However, I suspect the ANSI X9.80 or ISO 18032
paths are more promising. I was just tossing out URLs.
Surely