On Tue, 24 Sep 2013, Karl Malbrain wrote:
I've begun to propose an alternative to DNS/DANE, the PERSPECTIVES project from CMU, in version 01 of the problem statement: http://datatracker.ietf.org/doc/draft-malbrain-tls-strong-authentication. Have you considered what changes to the DNS system would address your concerns? I've proposed encrypted and authenticated connections in another thread.
strong authentication in clients will lead to less anonimity. What is wrong with the model of the (anonymous) client authenticating the TLS server against MITM, and than on that private channel, do client auth, eg via basic auth? I'm not sure what you are trying to solve by moving the client authentication from the inner protected layer to the outer layer. I'm also not sure what the draft is supposed to convey.... Paul _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
