Re: [TLS] User Defined Key Pair

"OMAR HASSAN (RIT Student)" <omh1835@rit.edu> Thu, 11 July 2013 09:42 UTC

Return-Path: <omh1835@g.rit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 906B221F9298 for <tls@ietfa.amsl.com>; Thu, 11 Jul 2013 02:42:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Eaol5vRfPMnW for <tls@ietfa.amsl.com>; Thu, 11 Jul 2013 02:42:45 -0700 (PDT)
Received: from sc3app27.rit.edu (sc3app27.rit.edu [129.21.35.56]) by ietfa.amsl.com (Postfix) with ESMTP id BD2E121F9263 for <tls@ietf.org>; Thu, 11 Jul 2013 02:42:45 -0700 (PDT)
Received: from mail-ie0-f176.google.com (mail-ie0-f176.google.com [209.85.223.176]) by smtp-server.rit.edu (PMDF V6.3-x14 #31420) with ESMTPS id <0MPR00K2WMYPUI@smtp-server.rit.edu> for tls@ietf.org; Thu, 11 Jul 2013 05:42:26 -0400 (EDT)
Received: by mail-ie0-f176.google.com with SMTP id ar20so17308410iec.21 for <tls@ietf.org>; Thu, 11 Jul 2013 02:42:25 -0700 (PDT)
Received: by 10.42.232.200 with HTTP; Thu, 11 Jul 2013 02:42:25 -0700 (PDT)
X-Received: by 10.50.6.16 with SMTP id w16mr13383934igw.29.1373535745820; Thu, 11 Jul 2013 02:42:25 -0700 (PDT)
X-Received: by 10.50.6.16 with SMTP id w16mr13383932igw.29.1373535745737; Thu, 11 Jul 2013 02:42:25 -0700 (PDT)
Date: Thu, 11 Jul 2013 12:42:25 +0300
From: "OMAR HASSAN (RIT Student)" <omh1835@rit.edu>
In-reply-to: <764a0c52c3800444b69cca4b5b26157c.squirrel@www.trepanning.net>
Sender: omh1835@rit.edu
To: Dan Harkins <dharkins@lounge.org>
Message-id: <CALxQUYFwZ8WyFDmCebvLyHoqsOGNBuCaEjiWhZPx0QyExWzcrw@mail.gmail.com>
MIME-version: 1.0
Content-type: multipart/alternative; boundary="047d7ba9797236198704e13936a0"
X-RIT-Received-From: 209.85.223.176
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :x-gm-message-state; bh=RwL89OrcosLoczDMU43F13hyBZDRVDbPH05/Gc7X2ik=; b=PsApTpWU+UD2rxSYwoYsqT1lD0TdG4nX6evId6oATqaB6kRi3KP77XOtP5M+RCp76E kFMCpcCijdv/gmPQ2ZH0Jb6hHllitywHhOZBhn535YZssITdndyJrD5rcaVt4ldrgI+2 K1qpel1gdshmB27vOczUIIKsgnLuzjsFH8ilCt7w02AAnrXA742w0wM+kHi4wRXd7s6w YIioqBf9cPADDDOMWSdrlT/Yr3XXAyyaBEsLLOPdCbSW5PeMlRQGNZNLacn/93xnZ0YI 5FYwFi6n+7ze3Ia70z0UFskTcj1U3L/9Y2//Zl0Lq7o4TIYZUwtKCNaNIVLf6VzQGWdJ i2fA==
X-Google-Sender-Auth: 5JKMOHqwxcSr4x-L6_TmyvFxDas
X-Gm-Message-State: ALoCoQldA8TVx0U405Ie9S3IrOnoXmPIJvJjDb4u8XzG/n5ojDSnUKiI0om+9K3aVbpY8lJvGIZ2a0+Q7ApYJKNnM2HS5zG9UBjWOnGVl60BRXCc01X2/ZJpYRj0uWjUhRVuUQpofwqy
References: <CALxQUYGdagDHr+A4EKN5qPD1jZG+dH8PHwb0-fKJVUN_vC1MSg@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C711B251EE97@USMBX1.msg.corp.akamai.com> <CALxQUYGpcKPOAoZ8J56AoUGx8B3JhdmMche8MdQuqD_S=Y22ZQ@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C711B251EF0E@USMBX1.msg.corp.akamai.com> <CALxQUYF1=oFBk=WZFoey+28j7MV7YvSkAD-YzJSeQ0Dp7uXmEA@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C711B251EFFF@USMBX1.msg.corp.akamai.com> <764a0c52c3800444b69cca4b5b26157c.squirrel@www.trepanning.net>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] User Defined Key Pair
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jul 2013 09:42:50 -0000

Hi Dan,

I had a quick look at your work item, and I have some questions:

What will be the consequences if the server data has be stolen? will the
attacker be able to impersonate as the user?

How will the password be stored in the server initially?

How will you handle TLS termination that is used many websites to
centralize the related measurements and protection against the common SSL
attacks in one place, and to allow the application firewalls to validate
and check the incoming requests for application-level attacks such as SQL
injection and cross-site scripting?

Thanks



On Wed, Jul 10, 2013 at 8:49 PM, Dan Harkins <dharkins@lounge.org> wrote:

>
> On Mon, June 24, 2013 11:34 am, Salz, Rich wrote:
> [snip]
> > If you are trying to avoid CA's, then why not just use self-signed
> > certificates or similar like PGP?
>
>   Or why not use a protocol that is already a work item of the
> TLS working group:
>
>      http://tools.ietf.org/html/draft-ietf-tls-pwd-00
>
>   Dan.
>
>
>
>