On Thu, Aug 21, 2008 at 4:09 AM, Jonathan Dickinson <[EMAIL PROTECTED]> wrote: >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On >> Behalf Of Dirk Meyer >> Sent: Thursday, August 21, 2008 12:52 PM >> To: XMPP Security >> Subject: [Security] TLS-SRP Questions >> >> Hi, >> >> I have two questions if I understand RFC 5054 correctly. In our >> scenario we have two clients with unverified certificates and a shared >> secret we use as password. One acts as TLS client, the other as TLS >> server. Now I want to be sure that not only the TLS server can verify >> the client knows the password but also the other way around. Looking >> at the RFC I see that the premaster secret is calculated by both >> parties using x with x = SHA1(s | SHA1(I | ":" | P)) and P is the >> password. The server uses this indirectly by using v and v = g^x % N. > > May be a n00b comment, but If we had verifiable certificates (via an IC) the > client is given the opportunity to present their certificate. I am not sure > how this works, all that I have to go on is that in .net TLS streams there is > an event called PresentClientCertificate (or something along those lines).
I'm not sure I understand the question... -Ekr
