Markus Friedl <[EMAIL PROTECTED]> writes:
> > o Support for the Secure Remote Password (SRP) protocol.
>
> do you have any details about how this could be done?
> i have been looking into this a few times, but i think
> SRP does not fit into SSH2's model for doing hostauth
> first and userauth second. are you planing to a SRP as
> an alternative KEX?
I have looked into it, but I don't have a detailed design yet. There
are three things I'm considering:
1. SRP userauthentication only. This should be easy. You should be
able to either use the system's /etc/tpasswd (or whereever SRP
verifiers are stored), or verifiers in the user's home directory.
2. Provide some mechanism for using SRP to download the host key in an
authenticated fashion. Such a mechanism could be useful also in
other contexts, and perhaps it could even be a separate tool.
3. The last is to use full (host and userauth) SRP in the userauth
step, and figure out a good way to mix in the session id from the
previous key exchange. I think this can be done in such a way that
SRP can protrect against MITM-attacks even if the host key itself
is not properly authenticated (and if that succeeds, successful
execution of the SRP protocol will also be rather strong evidence
for the autenticity of the host key). Of course, this has to be
done very carefully, it's far too easy to designed flawed
protocols.
I think I'd prefer not to use SRP as an alternative KEX-method.
/Niels
