Leif,
I don't own the technical ability to spell out specific changes to the TLS
strong authentication protocol needed to implement the proposed changes. I've
only been exposed to this as a client to a strong authentication server.
I had hoped to open a general discussion on the topic of strong authentication
for every connection to every server as a means to preclude MITM. Do you have
any input on that?
Thanks,
Karl
________________________________
From: Leif Johansson <[email protected]>
To: [email protected]
Sent: Thursday, September 12, 2013 11:13 AM
Subject: Re: [perpass] proposed enhancement to TLS strong authentication
protocol
On 09/12/2013 07:37 PM, Karl Malbrain wrote:
> I'm not an expert in TLS -- my technical background is SRP/AES. I thought
> every client already has a private key in order to negotiate with the server
> for a session key.
>
> If that's not true, then yes, authentication by the server that the
> connection is with the client directly, and not through MITM, requires each
> user to have a private key.
>
I believe Stephen is asking you to spell out details like that in an
internet-draft. I would also like to move on to other things while we
wait for that draft to appear.
thx /leif
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
