On Tue, Aug 19, 2008 at 10:57 AM, Jonathan Dickinson <[EMAIL PROTECTED]> wrote: > Maybe something based on Diffie Hellman (which RSP uses)?
I'm not sure what you're suggesting. Basically, there are PAKE (aka zero knowledge password proof) systems and non-PAKE systems. All the non-PAKE systems are subject to dictionary attacks, whatever technology they're based on (though the public key ones can be made to be require an active attack on one connection). What Dave is suggesting, I think, would be a garden variety TLS handshake with whatever ciphersuites you already support and self-signed certs. Then you'd run SASL with some challenge/response protocol and channel bindings (you'd almost certainly want mutual auth here) and then on the basis of the C/R note that you trusted the peer's self-signed cert. -Ekr
