On Aug 26, 2009, at 6:26 AM, Ben Laurie wrote:
On Mon, Aug 10, 2009 at 6:35 PM, Peter Gutmann<pgut...@cs.auckland.ac.nz
> wrote:
More generally, I can't see that implementing client-side certs
gives you much
of anything in return for the massive amount of effort required
because the
problem is a lack of server auth, not of client auth. If I'm a
phisher then I
set up my bogus web site, get the user's certificate-based client
auth
message, throw it away, and report successful auth to the client.
The browser
then displays some sort of indicator that the high-security
certificate auth
was successful, and the user can feel more confident than usual in
entering
their credit card details. All you're doing is building even more
substrate
for phishing attacks.
Without simultaneous mutual auth, which -SRP/-PSK provide but PKI
doesn't,
you're not getting any improvement, and potentially just making
things worse
by giving users a false sense of security.
I certainly agree that if the problem you are trying to solve is
server authentication, then client certs don't get you very far. I
find it hard to feel very surprised by this conclusion.
If the problem you are trying to solve is client authentication then
client certs have some obvious value.
That said, I do tend to agree that mutual auth is also a good avenue
to pursue, and the UI you describe fits right in with Chrome's UI in
other areas. Perhaps I'll give it a try.
This returns us to the previously-unsolved UI problem: how -- with
today's users, and with something more or less like today's browsers
since that's what today's users know -- can a spoof-proof password
prompt be presented?
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com