"James A. Donald" <jam...@echeque.com> writes:

>This, however, requires both client UI software, and an api to server side
>scripts such as PHP, Perl, or Python (the P in LAMP).  On the server side, we
>need a request object in the script language that tells the script that this
>request comes from an entity that established a secure connection using
>shared secrets associated with such and such a database record entered in
>response to such and such a web page, an object to which the script
>generating a page can associate data that persists for the duration of the
>session - an object that has session scope rather than page scope, scope
>longer and broader than that of the thread of execution that generates the
>page, but shorter and narrower than that of the database record containing
>the shared secrets, a script accessible object that can only be associated
>with one server, one server side process and one server side thread at a
>time. This is non trivial to implement in an environment where servers are
>massively multithreaded, and often massively multiprocess.

Ah, that is a good point, you now need the credential information present at
the TLS level rather than the tunneled-protocol level (and a variation of
this, although I think one that way overcomplicates things because it starts
diverting into protocol redesign, is the channel binding problem (see RFC 5056
and, specific to TLS, draft-altman-tls-channel-bindings-05.txt)).  On the
other hand is this really such an insurmountable obstable?  For client-cert
usage you already need to perform a lookup based on a given cert (well, unless
you blindly trust anyone displaying a cert coming from a particular CA or set
of CAs, which I know some sites do), so now all you'd be doing is looking up a
shared-secret value instead of a cert based on a client ID.  I don't really
see why you'd need complex scripting interfaces though, just "return the
shared-secret value associated with this ID" in response to a request from the
TLS layer.  The only problem I can see is if you have an auth system built
around "is this authenticator valid" rather than "return the authenticator for
this ID".


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to