> I want to use TLS to handle authentication/encryption but am not sure if > it's feasible. Specifically - I don't want users to have passwords, it > must be public key authentication only (like SSH) with bilateral > authentication. This is a critical point - I would like the only realistic > way to compromise a user account to be actually stealing the private key > of that user and cracking the password on it (assuming a lack of other > software bugs and/or poor user interfaces allowing social engineering).
That's precisely what certificates and TLS is for. > I'm not 100% certain how to implement this securely, however. Would the > server cache a copy of each user's public certificate? Only if you need to for some reason. It usually makes more sense to have the user supply his certificate, and this is what TLS is designed to do. For side A to authenticate to side B, side A sends the certificate and then proves that it possesses the private key corresponding to the public key in the certificate. > I'm trying to work > out what guarantees TLS actually provides (on the strongest settings - > which both the client and server would enforce). I have a feeling that > I would store the username in one of the fields of the user's certificate > but am not absolutely sure. Exactly. You can store it in the common name field if you want. > Any input would be appreciated. I appreciate the question is a little > vague, hopefully I'll be able to expand on it after some responses. The > main reason I'm trying to get a better picture of this stuff is that I'm > no cryptographer and obviously any protocol I invented would no doubt be > subject to many cryptographic flaws... It sounds like straightforward TLS should do exactly what you want. On the server side, make sure you request the client's certificate. Each side will need to know how to verify the other side's certificate. On the client side, it should be making sure the certificate is valid, for the server the client wishes to reach, and signed by the correct CA (yours). On the server side, it should be making sure the certificate is valid, signed by the correct CA, and the server will need to extract the user name from the certificate. You are lucky, this is completely standard usage. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
