Re: [TLS] draft on new TLS key exchange

Geoffrey Keating <geoffk@geoffk.org> Wed, 05 October 2011 21:06 UTC

Sender: geoffk@localhost.localdomain
To: Dan Harkins <dharkins@lounge.org>
References: <ce78cf414ed82d44135ebbb88e32959b.squirrel@www.trepanning.net>
From: Geoffrey Keating <geoffk@geoffk.org>
Date: Wed, 05 Oct 2011 14:09:19 -0700
In-Reply-To: <ce78cf414ed82d44135ebbb88e32959b.squirrel@www.trepanning.net>
Message-ID: <m2ipo3cfi8.fsf@localhost.localdomain>
Lines: 25
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.4
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: tls@ietf.org, dhalasz@intwineenergy.com
Subject: Re: [TLS] draft on new TLS key exchange
Precedence: list

"Dan Harkins" <dharkins@lounge.org> writes:

>          http://tools.ietf.org/html/draft-harkins-tls-pwd-00
> 
>   Please take a look. The authors solicit comments.

It would be helpful to have a comparison between this proposal and
RFC5054, since both protocols appear to have the same aim ("secure
authentication using only a simple, low-entropy, password").


Some features of RFC5054 I noticed that could be used to improve this
draft are:

- RFC5054 requires that the server store only the 'verifier', while
  this protocol appears to require storing the plaintext password.
  There doesn't seem to be any discussion on the risks of storing the
  plaintext password or any mitigations (for example, using a salted
  hash of the password instead of the password directly).

- RFC5054 already specifies an extension for the user name.  I would
  suggest using the same extension for this protocol rather than
  creating a new one.

- RFC5054 has test vectors, this draft doesn't.

[TLS] draft on new TLS key exchange Dan Harkins
Re: [TLS] draft on new TLS key exchange Geoffrey Keating
Re: [TLS] draft on new TLS key exchange Dan Harkins
Re: [TLS] draft on new TLS key exchange Jean-Marc Desperrier
Re: [TLS] draft on new TLS key exchange Peter Gutmann
Re: [TLS] draft on new TLS key exchange Dan Harkins
Re: [TLS] draft on new TLS key exchange Peter Gutmann
Re: [TLS] draft on new TLS key exchange Dan Harkins
Re: [TLS] draft on new TLS key exchange Dan Harkins
Re: [TLS] draft on new TLS key exchange Marsh Ray
Re: [TLS] draft on new TLS key exchange Yoav Nir
Re: [TLS] draft on new TLS key exchange Marsh Ray
Re: [TLS] draft on new TLS key exchange Dan Harkins
Re: [TLS] draft on new TLS key exchange Marsh Ray
Re: [TLS] draft on new TLS key exchange Martin Rex
[TLS] TLS-EAP. Was: draft on new TLS key exchange Anders Rundgren
Re: [TLS] TLS-EAP. Was: draft on new TLS key exch… Marsh Ray
Re: [TLS] draft on new TLS key exchange Marsh Ray
Re: [TLS] draft on new TLS key exchange Dan Harkins
Re: [TLS] draft on new TLS key exchange Philip Gladstone
Re: [TLS] draft on new TLS key exchange Peter Gutmann
Re: [TLS] draft on new TLS key exchange Dan Harkins
Re: [TLS] draft on new TLS key exchange Dan Harkins
Re: [TLS] draft on new TLS key exchange Dan Harkins
Re: [TLS] draft on new TLS key exchange Peter Gutmann
Re: [TLS] draft on new TLS key exchange Dan Harkins
Re: [TLS] draft on new TLS key exchange Jean-Marc Desperrier
Re: [TLS] draft on new TLS key exchange Martin Rex
Re: [TLS] draft on new TLS key exchange Rene Struik
Re: [TLS] draft on new TLS key exchange Nico Williams
Re: [TLS] draft on new TLS key exchange Peter Gutmann
Re: [TLS] draft on new TLS key exchange Nico Williams
Re: [TLS] draft on new TLS key exchange Peter Gutmann
Re: [TLS] draft on new TLS key exchange Steven Bellovin
Re: [TLS] draft on new TLS key exchange Anders Rundgren
Re: [TLS] draft on new TLS key exchange Steven Bellovin