> We've dipped deeply into solutions in this discussion and I wouldn't blame the moderators for asking us to > go elsewhere, but having said that, I think we are talking about two different things. You are talking about > a fairly minor enhancement that makes things a little nicer, and what some other folks have talked about > is a redesign that might add a lot more value, at the cost of being less easy to adopt.
You are right, this is going a bit far from defense against passive monitoring. The tangential relation Is the protection against active attacks. We may have reasons to believe that if we manage to "encrypt everything," the attackers will move from passive to active, using various MITM attacks. In that case, client authentication has value, especially if we can somehow tie client authentication to a validation of the TLS session key. > I would appreciate it if some of the security folks would point out obvious flaws in what we've been discussing >—I still don't have the privacy model clear in my head, for example. But if we are going to do something new, > IMHO we should get it right, and not do a bandaid that is just a little bit better. Actually, allowing PGP-style authentication of clients could be much more than a band aid, and would have the advantage of not involving third parties in the relation between server and client. Intuitively, that seems easier than requiring all clients to get a PKI style certificate. -- Christian Huitema _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
