Why on earth would someone authenticate with SRP then drop in TLS?
TLS/SSL was designed to authenticate a server to an anonymous client,
which it does very well. But if the client has an account/password
pair, TLS/SSL is unnecessary, is unreasonably expensive in round trips,
and is unnecessarily insecure.
The essential problem with TLS is that it uses a public key crypto
system, aka PKIS aka certificates, to exchange session keys. If the
server's certificate's private key is exposed by accident, leak, hack,
or governmental authority, anyone with that key can decrypt all past and
future sessions that use that certificate. In the United States, a
company is legally obliged to surrender keys on secret demand from the
FBI. Once the company has complied, all sessions on that key are blown
-- and the company is forbidden to warn other customers.
SRP performs mutual authentication between client and server in a single
round trip which can piggy back on the initial connection protocol
packet. In the process, it generates a completely secure key that can
be used as a session key to encrypt the next packet to the server. If
the server validates the first encrypted message, the handshake is
done. And, even better, the session key exists only in memory on the
client and server, so there is never anything to fork over to a snooping
government.
SRP/RC4 is robust, efficient, secure, and provides perfect forward
security. TLS is none of these.
On 10/13/2014 5:22 AM, marius adrian popa wrote:
My guess is that after srp auth we can create a secure tls channel
usually is solved by creating and opening another port like 4443 or
with protocol modifications using the firebird port
http://superuser.com/questions/567594/how-to-set-up-a-server-to-use-tls-srp-authentication
http://matthewarcus.wordpress.com/2014/05/10/srp-in-openssl/
ps: we can start using openssl even if only need to mention it
http://stackoverflow.com/questions/6720610/when-and-where-to-mention-usage-of-openssl
http://en.wikipedia.org/wiki/OpenSSL#Licensing
pps: or i would use the boringssl from cromium/android
https://www.imperialviolet.org/2014/06/20/boringssl.html
http://arstechnica.com/security/2014/06/google-unveils-independent-fork-of-openssl-called-boringssl/
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://p.sf.net/sfu/Zoho
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://p.sf.net/sfu/Zoho
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
