On Fri, 01 Feb 2008 13:29:52 +1300
[EMAIL PROTECTED] (Peter Gutmann) wrote:

> Actually it doesn't even require X.509 certs.  TLS-SRP and TLS-PSK
> provide mutual authentication of client and server without any use of
> X.509.  The only problem has been getting vendors to support it,
> several smaller implementations support it, it's in the (still
> unreleased) OpenSSL 0.99, and the browser vendors don't seem to be
> interested at all, which is a pity because the mutual auth (the
> server has to prove possession of the shared secret before the client
> can connect) would significantly raise the bar for phishing attacks.
> (Anyone have any clout with Firefox or MS?  Without significant
> browser support it's hard to get any traction, but the browser
> vendors are too busy chasing phantoms like EV certs).
The big issue is prompting the user for a password in a way that no one
will confuse with a web site doing so.  Given all the effort that's
been put into making Javascript more and more powerful, and given
things like picture-in-picture attacks, I'm not optimistic.   It might
have been the right thing, once upon a time, but the horse may be too
far out of the barn by now to make it worthwhile closing the barn door.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to