IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd

Trevor Perrin <trevp@trevp.net> Tue, 10 December 2013 17:01 UTC

Return-Path: <trevp@trevp.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AEB11AE136 for <tls@ietfa.amsl.com>; Tue, 10 Dec 2013 09:01:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PhU2pPlfS9Y0 for <tls@ietfa.amsl.com>; Tue, 10 Dec 2013 09:01:41 -0800 (PST)
Received: from mail-we0-f175.google.com (mail-we0-f175.google.com [74.125.82.175]) by ietfa.amsl.com (Postfix) with ESMTP id 702431ADF74 for <tls@ietf.org>; Tue, 10 Dec 2013 09:01:41 -0800 (PST)
Received: by mail-we0-f175.google.com with SMTP id t60so5224252wes.20 for <tls@ietf.org>; Tue, 10 Dec 2013 09:01:35 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=oA5F7MIJKXpYa9lOZ+ZukccAq0tJQLi8wzL4i8MoMYg=; b=Za//oCT5b0sUxufObzi/MTm6Pdqx0Tn8m5BxOHveFr1CHr0wjwwITxI+GMhfz6ZEtl kMzxHrB0e+pfqxyAGpwzEp421VZFimP3UlcDg7bkEhetVQlmo80F0fUavFgs1wrqkMyD hVChL6xtXXknnRyi369NMOWEVnDC7sgUN15S48BtD7SM9Z/akdL3Q3LrfYKmROnjgi10 O0PF2D1RQxrmN0/aiLAIYu7t7LACul/3TJfcgIWsi8KIG1xMD3kUIFJYnAJNa9mWstdt k4FfUz9QSCf6QC36iD1DU6MEBLdmlfhdAS0iDYsS76ZxmZAZXL6qv0GXBWniN1UcW1Kz oMQg==
X-Gm-Message-State: ALoCoQkZkakP0JzzYvgJM4pa8IzMF7GdXKQkjJy9eWu5hjRMnd4hz96d64eN7Bnmq69ix8o5YFNQ
MIME-Version: 1.0
X-Received: by 10.194.2.108 with SMTP id 12mr3113617wjt.64.1386694895238; Tue, 10 Dec 2013 09:01:35 -0800 (PST)
Received: by 10.216.214.134 with HTTP; Tue, 10 Dec 2013 09:01:35 -0800 (PST)
X-Originating-IP: [199.83.223.81]
In-Reply-To: <CA+BZK2p70bYGGMjJC-Dm2r4bzP_YzKh0ZODiNvnwVcSDJSLZAw@mail.gmail.com>
References: <3065D910-832C-47B6-9E0B-2F8DCD2657D2@cisco.com> <CA+BZK2p70bYGGMjJC-Dm2r4bzP_YzKh0ZODiNvnwVcSDJSLZAw@mail.gmail.com>
Date: Tue, 10 Dec 2013 09:01:35 -0800
Message-ID: <CAGZ8ZG0UyhXurxgqaUazK+KHMsy495sKjeG+8XPhGhoq7L9deg@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Ralf Skyper Kaiser <skyper@thc.org>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2013 17:01:43 -0000

On Tue, Dec 10, 2013 at 8:45 AM, Ralf Skyper Kaiser <skyper@thc.org> wrote:
> Hi,
>
> I only joined the conversation recently. Had a quick read of
> http://tools.ietf.org/html/draft-ietf-tls-pwd-02 and have a question:
>
> In a scenario where multiple users use the same password (group password):
>
> What prevents a user (who knows the password) to impersonating the server
> and mount a MITM between another user and the real server?

Hi Ralf,

I believe that's possible.

In the TLS PAKE described in RFC 5054 (TLS/SRP), the server may
additionally be authenticated via a server certificate.


Trevor

v2.23.0 | Report a Bug | By Email