>From what I can tell from Wikipedia [1] it's not possible to authenticate >using a symmetric key. When TLS was designed, they must have considered the >computation expense of using PKI with public and private keypairs and decided >that it was fine, so I think we can trust them.
[1]: http://en.wikipedia.org/wiki/Transport_Layer_Security#Client-authenticated_TLS_handshake As for revoking certificates, no extension to TLS is required as long as there's a method of notifying the server of revocations. With one keypair per service, it shouldn't be too hard to push a revocation to the service the keypair is linked to that it can add to its list. I'd really like to avoid making changes to TLS if possible, as then this might get complicated. We could define a scheme for HTTP only (we'd have to pay attention to section 5.1.2 of draft-ietf-httpbis-p7-auth) then we could do crazier things, but working out how to do this at the TLS layer using TLS as it exists means it's portable to things like mail clients, FTP clients and clients no one's even thought of yet. Iain. -- Iain R. Learmonth MBCS Electronics Research Group School of Engineering University of Aberdeen Kings College Aberdeen AB24 3UE Tel: +44 1224 27 2799 The University of Aberdeen is a charity registered in Scotland No.SCO13683 ________________________________________ From: Ted Lemon <[email protected]> Sent: 16 November 2013 15:21 To: Learmonth, Iain Ross Subject: Re: [perpass] Stopping password sniffing On Nov 16, 2013, at 9:31 AM, Learmonth, Iain Ross <[email protected]> wrote: > But can this authentication be performed using TLS as it currently exists? > That was my concern. You're asking the wrong person—I am as innocent as I can manage as to the details of TLS. _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
