On Sat, Aug 23, 2008 at 5:46 AM, Pedro Melo <[EMAIL PROTECTED]> wrote: > Hi, > > On Aug 23, 2008, at 1:18 PM, Jonathan Schleifer wrote: > >> Am 23.08.2008 um 11:04 schrieb Dirk Meyer: >> >>> SAS does not work for me when I use bots. It also reduces it to one >>> way removing the option of X.509 certificates which is something I >>> need. >> >> I never said SAS should be the only way, we need multiple ways. I suggest >> those: >> >> * SAS with mnemonics >> * Fingerprint verification >> * CA, but no CA added in the client by default (so the user has to trust >> the CA manually, for example useful in a company so you don't have to verify >> every co-worker) > > Exactly. For bots, I personally would create my own CA and tell those pesky > little devils just to trust certificates signed by that. > > Profit!. > > >>>> Having a 32-bit SAS encoded with Mnemonics (like already suggested >>>> here) really sounds like a great idea. >>> >>> Why not encode a key fingerprint with Mnemonics? Looks like the same >>> to the user. >> >> Only taking 32 bit of the fingerprint and using Mnemonics is insecure as >> this is easy to forge - we already discussed it here. >> >> BTW: It was argued a lot that ESessions misses a cryptanalysis, but if we >> are going to do extensions to TLS, we might need a cryptanalysis for this >> stuff too. TLS is useless if we add a verification method that is insecure. > > Well, SAS and SRP are IETF (draft?) extensions. SRP has more than 10 years > of field tests and debate (up to current SRP-6, I believe).
SRP isn't a draft. It's an RFC. I agree we would need to do an SAS extension to TLS if we wanted SAS and yes, that would need analysis. However, it's a relatively small piece of work compared to a whole new protocol. -Ekr
