On Tue Aug 19 18:33:53 2008, Eric Rescorla wrote:
Actually, this is a lot more complicated than it has to be. TLS has
two
features that make this trivial to do and that don't rely on
certificates
1. A PAKE mode (SRP)[0]
I see how this works, but you're asking for quite a bit of less than
usual TLS magic involved.
Could we use a simple, channel-binding, shared-secret based SASL
mechanism?
I've the thought in my head that we could make this essentially the
same as Bluetooth keying, using the channel binding to "learn" the
certificates.
That ought to be using essentially out-of-the-box bits of software,
whereas I'm not so sure that SRP quite ranks there yet, and may well
not for a long while.
Dave.
--
Dave Cridland - mailto:[EMAIL PROTECTED] - xmpp:[EMAIL PROTECTED]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
