Re: [perpass] Stopping password sniffing
"Learmonth, Iain Ross" <iain.learmonth.09@aberdeen.ac.uk> Wed, 13 November 2013 16:30 UTC
Return-Path: <iain.learmonth.09@aberdeen.ac.uk>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8034721F9D5E for <perpass@ietfa.amsl.com>; Wed, 13 Nov 2013 08:30:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.099
X-Spam-Level:
X-Spam-Status: No, score=-3.099 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iqstz3HmXWK9 for <perpass@ietfa.amsl.com>; Wed, 13 Nov 2013 08:30:14 -0800 (PST)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1lp0010.outbound.protection.outlook.com [213.199.154.10]) by ietfa.amsl.com (Postfix) with ESMTP id D3D5B21F9CA4 for <perpass@ietf.org>; Wed, 13 Nov 2013 08:30:13 -0800 (PST)
Received: from DB3PR01MB153.eurprd01.prod.exchangelabs.com (10.141.2.151) by DB3PR01MB153.eurprd01.prod.exchangelabs.com (10.141.2.151) with Microsoft SMTP Server (TLS) id 15.0.820.5; Wed, 13 Nov 2013 16:30:12 +0000
Received: from DB3PR01MB153.eurprd01.prod.exchangelabs.com ([169.254.11.235]) by DB3PR01MB153.eurprd01.prod.exchangelabs.com ([169.254.11.235]) with mapi id 15.00.0820.005; Wed, 13 Nov 2013 16:30:12 +0000
From: "Learmonth, Iain Ross" <iain.learmonth.09@aberdeen.ac.uk>
To: Ted Lemon <mellon@fugue.com>
Thread-Topic: [perpass] Stopping password sniffing
Thread-Index: AQHO38EMi+m3JSb4uUeoAPlhMDxny5ohxQeAgAABGtOAAAjYgIABJII9gAAbNYCAABYVyIAAGlmAgAAAKUeAABeWgIAAAlbs
Date: Wed, 13 Nov 2013 16:30:11 +0000
Message-ID: <6edb5f581f134c919b77b1ff53178a2e@DB3PR01MB153.eurprd01.prod.exchangelabs.com>
References: <CAMm+Lwh1QPgYzd8Y2DRKsLE7LDq3a5k=T0KCs+9xKxZyptRe2w@mail.gmail.com> <CACsn0cmVWN4a3_zM72Y02y0jw6ZyCdAJYwf+7N2fP7=0mFK=Sg@mail.gmail.com> <68a47e25e4e0476796de2a6c990a9416@DB3PR01MB153.eurprd01.prod.exchangelabs.com> <0A23EF00-0C3F-4C0B-94B2-0FB416157C9D@isoc.org> <44193667d6c94d43808e85eaa5a254e0@DB3PR01MB153.eurprd01.prod.exchangelabs.com> <CABrd9ST1a6CykOjDtF2dMmqDj2feBXg_WgVNVrE+0ddcSDBOWw@mail.gmail.com> <34454651a7684b91861bcbc7783225b2@DB3PR01MB153.eurprd01.prod.exchangelabs.com>, <CABrd9SRNaSzn5Suh16b0e4OyK5dWFBSFA9KLH-xO9v3jpYM6bw@mail.gmail.com> <749160fb143d49a88e70324c9c4e1bee@DB3PR01MB153.eurprd01.prod.exchangelabs.com>, <44F367BF-0082-4A96-A275-BA2F5705A633@fugue.com>
In-Reply-To: <44F367BF-0082-4A96-A275-BA2F5705A633@fugue.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:630:241:204:2c90:8397:34e2:dae8]
x-forefront-prvs: 0029F17A3F
x-forefront-antispam-report: SFV:NSPM; SFS:(51704005)(189002)(199002)(377454003)(24454002)(87936001)(2656002)(51856001)(33646001)(69226001)(76786001)(76482001)(53806001)(76796001)(54356001)(59766001)(77982001)(551544002)(77096001)(74876001)(46102001)(87266001)(85306002)(54316002)(56816003)(56776001)(74706001)(49866001)(74316001)(65816001)(80022001)(74502001)(47736001)(74482001)(81816001)(81342001)(47446002)(50986001)(63696002)(47976001)(4396001)(81542001)(81686001)(74366001)(79102001)(83072001)(74662001)(19580405001)(83322001)(31966008)(19580395003)(80976001)(24736002)(3826001); DIR:OUT; SFP:; SCL:1; SRVR:DB3PR01MB153; H:DB3PR01MB153.eurprd01.prod.exchangelabs.com; CLIP:2001:630:241:204:2c90:8397:34e2:dae8; FPR:; RD:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: aberdeen.ac.uk
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Stopping password sniffing
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Nov 2013 16:30:19 -0000
> What would be ideal would be for the site to provide a site ID that can be validated using existing PKI. combined with > one master key per site does sound good. This is going to require modifications (an extension) to TLS though, which is possible but does mean developing new technology, not just new ways of leveraging existing ones. I'm not against this, just pointing it out. > single-purpose key server How would this key server work? Looking at X.509 key servers, they only ever seem to store the public key, which the website would already have anyway. I know with gpg-agent you can forward that to remote servers, but I've never seen anyone pulling it from somewhere. A privacy bonus: if you have a key for each site you have an account on, you know where you have accounts and don't have old inaccessible accounts leaking information (unless you lose the keys). Iain. -- Iain R. Learmonth MBCS Electronics Research Group School of Engineering University of Aberdeen Kings College Aberdeen AB24 3UE Tel: +44 1224 27 2799 The University of Aberdeen is a charity registered in Scotland No.SCO13683 ________________________________________ From: Ted Lemon <mellon@fugue.com> Sent: 13 November 2013 16:12 To: Learmonth, Iain Ross Subject: Re: [perpass] Stopping password sniffing On Nov 13, 2013, at 9:56 AM, Learmonth, Iain Ross <iain.learmonth.09@aberdeen.ac.uk> wrote: > I was about to say signing client keys with a master key was a good idea. It would remove the need for a cloud sync as once set up, the browsers would inherit the access from the master key without the need for synchronization. > > Then, yes, re-use would allow for tracking across websites. So maybe not such a great idea. Yeah, that's a flaw. > Maybe the compromise is not a cert per service, but a cert per identity (in the loosest possible sense of the word). Maybe your social media accounts where you are you are under one, and your reddit and slashdot accounts under another, etc. There's no particular reason not to have one key per site, other than that it's hard to define what "site" means. This could generalize to one master key per site, so you preserve privacy but still get the nice properties of a master key versus a cloud keychain. Of course now you need to generate keys more frequently, so that places some new pressure on the key server. > With a smartcard, this is as easy as plugging the smartcard into the device you're using, but - another thought - would probably mean requiring multiple smartcards as I am logged into my email on about 4 different devices at a time. I don't think the smartcard works, because your devices may not have a convenient way to connect to it other than over the network. And in that case, why not just have a single-purpose key server? > I'm not sure with TLS client authentication if it just tries all the personal keys it has or if the server advertises which keys would be accepted. I'm guessing it'll be the former so even if there is one key per service, the other certs would still become known to the server when authentication using them is attempted? What would be ideal would be for the site to provide a site ID that can be validated using existing PKI. Once the site ID has been validated, you look in your key cache for an identity that is associated with that site ID. If you find one, you use the cert to log in. If you don't fine one, you don't have an account on that site.
- [perpass] Stopping password sniffing Phillip Hallam-Baker
- Re: [perpass] Stopping password sniffing Watson Ladd
- Re: [perpass] Stopping password sniffing Learmonth, Iain Ross
- Re: [perpass] Stopping password sniffing Tim Bray
- [perpass] Stopping packet injection: the network … Nicholas Weaver
- Re: [perpass] Stopping password sniffing Robin Wilton
- Re: [perpass] Stopping packet injection: the netw… Robin Wilton
- Re: [perpass] Stopping packet injection: the netw… Nicholas Weaver
- Re: [perpass] Stopping password sniffing Bjoern Hoehrmann
- Re: [perpass] Stopping packet injection: the netw… Tim Bray
- Re: [perpass] Stopping password sniffing Robin Wilton
- Re: [perpass] Stopping password sniffing Joe St Sauver
- Re: [perpass] Stopping password sniffing Phillip Hallam-Baker
- Re: [perpass] Stopping packet injection: the netw… Phillip Hallam-Baker
- Re: [perpass] Stopping password sniffing Learmonth, Iain Ross
- Re: [perpass] Stopping password sniffing Ben Laurie
- Re: [perpass] Stopping password sniffing Learmonth, Iain Ross
- Re: [perpass] Stopping password sniffing Ted Lemon
- Re: [perpass] Stopping password sniffing Ben Laurie
- Re: [perpass] Stopping password sniffing Learmonth, Iain Ross
- Re: [perpass] Stopping password sniffing Learmonth, Iain Ross
- Re: [perpass] Stopping password sniffing Ted Lemon
- Re: [perpass] Stopping password sniffing Phillip Hallam-Baker
- Re: [perpass] Stopping password sniffing Stephane Bortzmeyer
- Re: [perpass] Stopping password sniffing Leo Vegoda
- Re: [perpass] Stopping password sniffing Tim Bray
- Re: [perpass] Stopping password sniffing Stephane Bortzmeyer
- Re: [perpass] Stopping password sniffing Phillip Hallam-Baker
- Re: [perpass] Stopping password sniffing Joe St Sauver
- Re: [perpass] Stopping password sniffing Paul Ferguson
- Re: [perpass] Stopping password sniffing Learmonth, Iain Ross
- Re: [perpass] Stopping password sniffing Ted Lemon
- Re: [perpass] Stopping password sniffing Learmonth, Iain Ross
- Re: [perpass] Stopping password sniffing Learmonth, Iain Ross
- Re: [perpass] Stopping password sniffing Ted Lemon
- Re: [perpass] Stopping password sniffing ned+perpass
- Re: [perpass] Stopping password sniffing Ted Lemon
- Re: [perpass] Stopping password sniffing John Levine
- Re: [perpass] Stopping password sniffing Christian Huitema
- Re: [perpass] Stopping password sniffing Ted Lemon
- Re: [perpass] Stopping password sniffing Christian Huitema
- Re: [perpass] Stopping password sniffing Ted Lemon
- Re: [perpass] Stopping password sniffing Ted Lemon
- Re: [perpass] Stopping password sniffing Christian Huitema
- Re: [perpass] Stopping password sniffing Stephen Farrell