"James A. Donald" <[EMAIL PROTECTED]> writes:
>From: [EMAIL PROTECTED] (Peter Gutmann)
>> TLS-PSK fixes this problem by providing mutual
>> authentication of client and server as part of the key
>> exchange.  Both sides demonstrate proof-of- possession
>> of the password (without actually communicating the
>> password), if either side fails to do this then the
>> TLS handshake fails.  Its only downside is that it
>> isn't widely supported yet, it's only just been added
>> to OpenSSL, and who knows when it'll appear in
>> Windows/MSIE, Mozilla, Konqueror, Safari,
>This will take out 90% of phishing spam, when widely adopted.

And that's it's killer feature: Although you can still be duped into handing
out your password to a fake site, you simply cannot connect securely without
prior mutual authentication of client and server if TLS-PSK is used.

What'd be necessary in conjunction with this is two small changes to the
browser UI:

- Another type of secure-connect indicator (maybe light blue or light green in
  the URL bar instead of the current yellow) to show that it's a mutually
  authenticated connection, along with a "Why is this green?" tooltip for it.

- A non-spoofable means of password entry that only applies for TLS-PSK
  passwords.  In other words, something where a fake site can't trick the user
  into revealing a TLS-PSK key.

Anyone know how to communicate this to the Mozilla guys?  The only mechanism
I'm aware of is bugzilla, which doesn't seem very useful for this kind of


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to