"James A. Donald" <jam...@echeque.com> writes:

>For password-authenticated key agreement such as TLS-SRP or TLS-PSK to work, 
>login has to be in the chrome.

Sure, but that's a relatively tractable UI problem (and see the comment below 
on Camino).  Certificates on the other hand are an apparently intractable 
business, commercial, user education, programming, social, and technical 
problem.  I'd much rather try and solve the former than the latter.

The problem with password auth is that no browser (with the exception of 
Camino) has made even the most basic attempt to do the UI for this properly.  
In all cases the browser pops up a dialog box, unconnected to the underlying 
operation or web page, that says "Gimme your password" in one way or another. 
This could be coming from anywhere, the browser, Javascript on the web page, 
another web page, who knows where, but since everyone knows that passwords are 
insecure there's no point in expending any effort to try and make them 
secure, and that's been the status quo for fifteen years.

What Camino does (and it's been awhile since I played with it, so I'll qualify 
that with "what I hope it still does") is roll the password-entry box down out 
of the browser menu bar in a circular motion that's both hard to spoof and 
that unmistakably ties the credential-entry request both to the web page that 
it's associated with and to the browser rather than being some floating popup 
coming from who knows where or what.  This can no doubt be nitpicked, but it's 
better than any other browser (that I've seen) does.

More generally, I can't see that implementing client-side certs gives you much 
of anything in return for the massive amount of effort required because the 
problem is a lack of server auth, not of client auth.  If I'm a phisher then I 
set up my bogus web site, get the user's certificate-based client auth 
message, throw it away, and report successful auth to the client.  The browser 
then displays some sort of indicator that the high-security certificate auth 
was successful, and the user can feel more confident than usual in entering 
their credit card details.  All you're doing is building even more substrate 
for phishing attacks.

Without simultaneous mutual auth, which -SRP/-PSK provide but PKI doesn't, 
you're not getting any improvement, and potentially just making things worse 
by giving users a false sense of security.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to