[TLS] Fwd: draft-badra-tls-password-ext and challenge/response schemes

Nathaniel W Filardo <nwf@cs.jhu.edu> Tue, 29 July 2008 23:47 UTC

Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 914033A6AE5; Tue, 29 Jul 2008 16:47:11 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C03903A691E for <tls@core3.amsl.com>; Tue, 29 Jul 2008 14:27:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rEwVxS0LOgtB for <tls@core3.amsl.com>; Tue, 29 Jul 2008 14:27:15 -0700 (PDT)
Received: from blaze.cs.jhu.edu (blaze.cs.jhu.edu [128.220.13.50]) by core3.amsl.com (Postfix) with ESMTP id D678B3A67E1 for <tls@ietf.org>; Tue, 29 Jul 2008 14:27:14 -0700 (PDT)
Received: from masters13.cs.jhu.edu (masters13.cs.jhu.edu [128.220.70.33]) by blaze.cs.jhu.edu (8.13.7/8.13.7) with ESMTP id m6TLRLce029679 for <tls@ietf.org>; Tue, 29 Jul 2008 17:27:22 -0400 (EDT)
Received: from masters13.cs.jhu.edu (localhost [127.0.0.1]) by masters13.cs.jhu.edu (8.14.1/8.13.1) with ESMTP id m6TLRLSx027743 for <tls@ietf.org>; Tue, 29 Jul 2008 17:27:21 -0400
Received: (from nwf@localhost) by masters13.cs.jhu.edu (8.14.1/8.13.8/Submit) id m6TLRHP8027734 for tls@ietf.org; Tue, 29 Jul 2008 17:27:17 -0400
Date: Tue, 29 Jul 2008 17:27:17 -0400
From: Nathaniel W Filardo <nwf@cs.jhu.edu>
To: tls@ietf.org
Message-ID: <20080729212717.GA27017@masters13.cs.jhu.edu>
MIME-Version: 1.0
User-Agent: Mutt/1.5.17 (2007-11-01)
Subject: [TLS] Fwd: draft-badra-tls-password-ext and challenge/response schemes
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0928235129=="
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org

I originally sent this to the I-D author but have not recieved a response in
the interim.  Reflecting further, I thought that perhaps the list would know
the answer, thus this email. :)
Thanks,
--nwf;

----- Forwarded message from Nathaniel W Filardo <nwf@masters13.cs.jhu.edu> -----

Date: Sat, 26 Jul 2008 06:12:41 -0400
From: Nathaniel W Filardo <nwf@masters13.cs.jhu.edu>
To: badra@isima.fr
Subject: draft-badra-tls-password-ext and challenge/response schemes
User-Agent: Mutt/1.5.17 (2007-11-01)

Salutations.

I was thinking about how to secure TLS with S/Key and wasn't able to find an
immediate solution (though if you know of one, it could render my question
moot).  I happened across your Internet Draft and, after reading through it,
I wondered if changing

>   Servers that receive an extended hello containing a "password" 
>   extension MAY agree to authenticate the client using passwords by 
>   including an extension of type "password", with empty 
>   "extension_data", in the extended server hello.

to allow servers to specify some kind of textual data in the
"extension_data" field would be sufficient?  The server could then provide,
e.g., the S/Key challenge to the client this way.

Is this a silly thought?
Thanks much for your time.
--nwf;



----- End forwarded message -----
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls