Re: [TLS] draft on new TLS key exchange
"Dan Harkins" <dharkins@lounge.org> Fri, 07 October 2011 05:57 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04D0A21F8B47 for <tls@ietfa.amsl.com>; Thu, 6 Oct 2011 22:57:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.207
X-Spam-Level:
X-Spam-Status: No, score=-6.207 tagged_above=-999 required=5 tests=[AWL=0.058, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y0O4ZHBupjt0 for <tls@ietfa.amsl.com>; Thu, 6 Oct 2011 22:57:40 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 8A91321F8B07 for <tls@ietf.org>; Thu, 6 Oct 2011 22:57:40 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id C82891022404C; Thu, 6 Oct 2011 23:00:51 -0700 (PDT)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Thu, 6 Oct 2011 23:00:52 -0700 (PDT)
Message-ID: <56bb9808f168ea916762ceb844cea755.squirrel@www.trepanning.net>
In-Reply-To: <4E8E3819.2000907@cisco.com>
References: <ce78cf414ed82d44135ebbb88e32959b.squirrel@www.trepanning.net> <4E8E3819.2000907@cisco.com>
Date: Thu, 06 Oct 2011 23:00:52 -0700
From: Dan Harkins <dharkins@lounge.org>
To: Philip Gladstone <pgladstone@cisco.com>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: tls@ietf.org
Subject: Re: [TLS] draft on new TLS key exchange
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2011 05:57:41 -0000
Hi, On Thu, October 6, 2011 4:22 pm, Philip Gladstone wrote: > On 10/5/2011 2:12 AM, Dan Harkins wrote: >> Hi, >> >> I just uploaded a -00 draft that defines a new key exchange >> for TLS that does not require certificates-- authentication using >> a simple password only. It can be found at: >> >> http://tools.ietf.org/html/draft-harkins-tls-pwd-00 >> >> Please take a look. The authors solicit comments. >> >> > There is a note in Security Considerations section that indicates that > an active attack that tried a hundred thousand passwords would be easily > detected. The problem is that, in many cases, finding the password of a > single user is sufficient (and you don't care which user it is). This > means that you iterate over all users, only trying a single password for > each user. This is *much* more difficult to detect and stop. [It does > assume that usernames are drawn from a small pool. This may well be the > case for electricity meters where the username might well be the device > serial number -- and these are in a small, consecutive, range] That's a great observation. It does suppose that for some given password there is at least one user in the pool of usernames that has that password. I'm not sure how true that is in general, but some text in the security considerations on this is probably needed. Do you have any? Dan.
- [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Geoffrey Keating
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Jean-Marc Desperrier
- Re: [TLS] draft on new TLS key exchange Peter Gutmann
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Peter Gutmann
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Marsh Ray
- Re: [TLS] draft on new TLS key exchange Yoav Nir
- Re: [TLS] draft on new TLS key exchange Marsh Ray
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Marsh Ray
- Re: [TLS] draft on new TLS key exchange Martin Rex
- [TLS] TLS-EAP. Was: draft on new TLS key exchange Anders Rundgren
- Re: [TLS] TLS-EAP. Was: draft on new TLS key exch… Marsh Ray
- Re: [TLS] draft on new TLS key exchange Marsh Ray
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Philip Gladstone
- Re: [TLS] draft on new TLS key exchange Peter Gutmann
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Peter Gutmann
- Re: [TLS] draft on new TLS key exchange Dan Harkins
- Re: [TLS] draft on new TLS key exchange Jean-Marc Desperrier
- Re: [TLS] draft on new TLS key exchange Martin Rex
- Re: [TLS] draft on new TLS key exchange Rene Struik
- Re: [TLS] draft on new TLS key exchange Nico Williams
- Re: [TLS] draft on new TLS key exchange Peter Gutmann
- Re: [TLS] draft on new TLS key exchange Nico Williams
- Re: [TLS] draft on new TLS key exchange Peter Gutmann
- Re: [TLS] draft on new TLS key exchange Steven Bellovin
- Re: [TLS] draft on new TLS key exchange Anders Rundgren
- Re: [TLS] draft on new TLS key exchange Steven Bellovin