Re: [TLS] draft on new TLS key exchange
Geoffrey Keating <geoffk@geoffk.org> Wed, 05 October 2011 21:06 UTC
Return-Path: <geoffk@geoffk.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 617931F0C6F for <tls@ietfa.amsl.com>; Wed, 5 Oct 2011 14:06:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ycJC6vJ3U9aN for <tls@ietfa.amsl.com>; Wed, 5 Oct 2011 14:06:16 -0700 (PDT)
Received: from dragaera.releasedominatrix.com (dragaera.releasedominatrix.com [216.129.118.138]) by ietfa.amsl.com (Postfix) with ESMTP id F0B361F0C5F for <tls@ietf.org>; Wed, 5 Oct 2011 14:06:15 -0700 (PDT)
Received: by dragaera.releasedominatrix.com (Postfix, from userid 501) id E492933D1D7; Wed, 5 Oct 2011 21:09:19 +0000 (UTC)
Sender: geoffk@localhost.localdomain
To: Dan Harkins <dharkins@lounge.org>
References: <ce78cf414ed82d44135ebbb88e32959b.squirrel@www.trepanning.net>
From: Geoffrey Keating <geoffk@geoffk.org>
Date: Wed, 05 Oct 2011 14:09:19 -0700
In-Reply-To: <ce78cf414ed82d44135ebbb88e32959b.squirrel@www.trepanning.net>
Message-ID: <m2ipo3cfi8.fsf@localhost.localdomain>
Lines: 25
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.4
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: tls@ietf.org, dhalasz@intwineenergy.com
Subject: Re: [TLS] draft on new TLS key exchange
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2011 21:06:16 -0000
"Dan Harkins" <dharkins@lounge.org> writes: > http://tools.ietf.org/html/draft-harkins-tls-pwd-00 > > Please take a look. The authors solicit comments. It would be helpful to have a comparison between this proposal and RFC5054, since both protocols appear to have the same aim ("secure authentication using only a simple, low-entropy, password"). Some features of RFC5054 I noticed that could be used to improve this draft are: - RFC5054 requires that the server store only the 'verifier', while this protocol appears to require storing the plaintext password. There doesn't seem to be any discussion on the risks of storing the plaintext password or any mitigations (for example, using a salted hash of the password instead of the password directly). - RFC5054 already specifies an extension for the user name. I would suggest using the same extension for this protocol rather than creating a new one. - RFC5054 has test vectors, this draft doesn't.
- [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Geoffrey Keating
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Jean-Marc Desperrier
- Re: [TLS] draft on new TLS key exchange Peter Gutmann
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Peter Gutmann
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Marsh Ray
- Re: [TLS] draft on new TLS key exchange Yoav Nir
- Re: [TLS] draft on new TLS key exchange Marsh Ray
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Marsh Ray
- Re: [TLS] draft on new TLS key exchange Martin Rex
- [TLS] TLS-EAP. Was: draft on new TLS key exchange Anders Rundgren
- Re: [TLS] TLS-EAP. Was: draft on new TLS key exch… Marsh Ray
- Re: [TLS] draft on new TLS key exchange Marsh Ray
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Philip Gladstone
- Re: [TLS] draft on new TLS key exchange Peter Gutmann
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Peter Gutmann
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Jean-Marc Desperrier
- Re: [TLS] draft on new TLS key exchange Martin Rex
- Re: [TLS] draft on new TLS key exchange Rene Struik
- Re: [TLS] draft on new TLS key exchange Nico Williams
- Re: [TLS] draft on new TLS key exchange Peter Gutmann
- Re: [TLS] draft on new TLS key exchange Nico Williams
- Re: [TLS] draft on new TLS key exchange Peter Gutmann
- Re: [TLS] draft on new TLS key exchange Steven Bellovin
- Re: [TLS] draft on new TLS key exchange Anders Rundgren
- Re: [TLS] draft on new TLS key exchange Steven Bellovin