Jean-Marc Desperrier wrote: > But Curl, that supports secret keys from version 7.21.4, with GnuTLS > only at the moment but is pushing hard to get in in Openssl also, > apparently has simply given up about having TSP-SRP support when > compiled with NSS. > > I see in an old doc that Johnathan was considering SRP support in > Firefox for 3.next ( https://wiki.mozilla.org/Firefox/3.next/hitlist > ).
An augmented PAKE user authentication protocol might be very useful for some things, but TLS-SRP seems very troublesome. IIRC, there are at least four deal-breaking problems with TLS-SRP as a substitute for PKI: 1. The user's username is sent in the clear. The user's username should be protected. 2. The strength of the authentication of the website to the user is a function of the strength of that user's password; that is, a user with a weak password will have a very weak assurance of the server's identity. (I don't remember if this is exactly correct, but I think so.) 3. The user cannot verify the identity of the server until after the password has been entered. However, we've trained users to enter their passwords only after verifying the server's identity. 4. You cannot identify the server until after you've created a username/password on that server. But, account creation usually requires giving the server personally identifying information that should be protected by encryption and only sent after the server has been authenticated. Using the TLS_SRP_SHA_RSA_* cipher suites avoids problems #2 and #3 and using a non-SRP ciphersuite for account signup solves #4. But, that requires using PKI and #1 is still a big problem. - Brian -- dev-tech-crypto mailing list email@example.com https://lists.mozilla.org/listinfo/dev-tech-crypto