-- Forwarded message --
From: Igor Bukanov i...@mir2.org
Date: 11 October 2013 15:02
Subject: Re: Defending against malicious SSL proxy
To: Brian Smith br...@briansmith.org
From a practical point of view anything that requires changes in the
existing SSL infrastructure cannot be deployed quickly. Moreover,
until all clients support new protocols the server must keep
supporting the old way bringing extra deployment headaches. Perhaps
that is the reason why everybody still rely on certificate and trust
chains. To move forward it would be nice to reuse the existing
infrastructure. Hence the idea of using mutual password authentication
just to verify SSL certificates. This can be implemented on the
application level without updating HTTP servers and with minimal
application-specific code.
On 11 October 2013 10:33, Brian Smith br...@briansmith.org wrote:
On Mon, Sep 30, 2013 at 10:35 AM, Igor Bukanov i...@mir2.org wrote:
To fight with this issue a help from the browser is essential. One
possibility is to replace HTTPS with SRP (srp.stanford.edu) or J-PAKE
like protocol that allows for the user and the server *mutually*
verify each other without leaking a password. However, this is very
drastic as it require to switch the whole site to the new protocol.
What is essential is to allow a gradual switch where a site can
quickly protect few important pages without significant changes in the
current setup.
http://tools.ietf.org/html/draft-oiwa-http-mutualauth-12
See http://tools.ietf.org/html/draft-balfanz-tls-channelid-01 for a
different approach. I also posted a message about ChannelID on this
list recently.
Cheers,
Brian
--
Mozilla Networking/Crypto/Security (Necko/NSS/PSM)
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security