Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd
Trevor Perrin <trevp@trevp.net> Tue, 10 December 2013 17:01 UTC
Return-Path: <trevp@trevp.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AEB11AE136 for <tls@ietfa.amsl.com>; Tue, 10 Dec 2013 09:01:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PhU2pPlfS9Y0 for <tls@ietfa.amsl.com>; Tue, 10 Dec 2013 09:01:41 -0800 (PST)
Received: from mail-we0-f175.google.com (mail-we0-f175.google.com [74.125.82.175]) by ietfa.amsl.com (Postfix) with ESMTP id 702431ADF74 for <tls@ietf.org>; Tue, 10 Dec 2013 09:01:41 -0800 (PST)
Received: by mail-we0-f175.google.com with SMTP id t60so5224252wes.20 for <tls@ietf.org>; Tue, 10 Dec 2013 09:01:35 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=oA5F7MIJKXpYa9lOZ+ZukccAq0tJQLi8wzL4i8MoMYg=; b=Za//oCT5b0sUxufObzi/MTm6Pdqx0Tn8m5BxOHveFr1CHr0wjwwITxI+GMhfz6ZEtl kMzxHrB0e+pfqxyAGpwzEp421VZFimP3UlcDg7bkEhetVQlmo80F0fUavFgs1wrqkMyD hVChL6xtXXknnRyi369NMOWEVnDC7sgUN15S48BtD7SM9Z/akdL3Q3LrfYKmROnjgi10 O0PF2D1RQxrmN0/aiLAIYu7t7LACul/3TJfcgIWsi8KIG1xMD3kUIFJYnAJNa9mWstdt k4FfUz9QSCf6QC36iD1DU6MEBLdmlfhdAS0iDYsS76ZxmZAZXL6qv0GXBWniN1UcW1Kz oMQg==
X-Gm-Message-State: ALoCoQkZkakP0JzzYvgJM4pa8IzMF7GdXKQkjJy9eWu5hjRMnd4hz96d64eN7Bnmq69ix8o5YFNQ
MIME-Version: 1.0
X-Received: by 10.194.2.108 with SMTP id 12mr3113617wjt.64.1386694895238; Tue, 10 Dec 2013 09:01:35 -0800 (PST)
Received: by 10.216.214.134 with HTTP; Tue, 10 Dec 2013 09:01:35 -0800 (PST)
X-Originating-IP: [199.83.223.81]
In-Reply-To: <CA+BZK2p70bYGGMjJC-Dm2r4bzP_YzKh0ZODiNvnwVcSDJSLZAw@mail.gmail.com>
References: <3065D910-832C-47B6-9E0B-2F8DCD2657D2@cisco.com> <CA+BZK2p70bYGGMjJC-Dm2r4bzP_YzKh0ZODiNvnwVcSDJSLZAw@mail.gmail.com>
Date: Tue, 10 Dec 2013 09:01:35 -0800
Message-ID: <CAGZ8ZG0UyhXurxgqaUazK+KHMsy495sKjeG+8XPhGhoq7L9deg@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Ralf Skyper Kaiser <skyper@thc.org>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2013 17:01:43 -0000
On Tue, Dec 10, 2013 at 8:45 AM, Ralf Skyper Kaiser <skyper@thc.org> wrote: > Hi, > > I only joined the conversation recently. Had a quick read of > http://tools.ietf.org/html/draft-ietf-tls-pwd-02 and have a question: > > In a scenario where multiple users use the same password (group password): > > What prevents a user (who knows the password) to impersonating the server > and mount a MITM between another user and the real server? Hi Ralf, I believe that's possible. In the TLS PAKE described in RFC 5054 (TLS/SRP), the server may additionally be authenticated via a server certificate. Trevor
- Re: [TLS] Working Group Last Call for draft-ietf-… Douglas Stebila
- [TLS] Working Group Last Call for draft-ietf-tls-… Joseph Salowey (jsalowey)
- Re: [TLS] Working Group Last Call for draft-ietf-… Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Working Group Last Call for draft-ietf-… SeongHan Shin
- Re: [TLS] Working Group Last Call for draft-ietf-… Love Hörnquist Åstrand
- Re: [TLS] Working Group Last Call for draft-ietf-… Love Hörnquist Åstrand
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Love Hörnquist Åstrand
- Re: [TLS] Working Group Last Call for draft-ietf-… SeongHan Shin
- Re: [TLS] Working Group Last Call for draft-ietf-… Ralf Skyper Kaiser
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Ralf Skyper Kaiser
- Re: [TLS] Working Group Last Call for draft-ietf-… oscar.koeroo
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Peter Sylvester
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Rene Struik
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Robert Ransom
- Re: [TLS] Working Group Last Call for draft-ietf-… Robert Ransom
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… CodesInChaos
- Re: [TLS] Working Group Last Call for draft-ietf-… Rene Struik
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Mohamad Badra
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Mohamad Badra
- Re: [TLS] Working Group Last Call for draft-ietf-… Eric Rescorla
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Robert Ransom
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Mohamad Badra
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… SeongHan Shin
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… SeongHan Shin
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… SeongHan Shin
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… CodesInChaos
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Joseph Birr-Pixton
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Ralf Skyper Kaiser
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Ralf Skyper Kaiser
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins