Re: [TLS] the use cases for GSS-based TLS and the plea for integrating

pgut001@cs.auckland.ac.nz Fri, 27 July 2007 15:34 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IERq2-0004Be-KF; Fri, 27 Jul 2007 11:34:46 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IERq1-0004BQ-2p for tls@lists.ietf.org; Fri, 27 Jul 2007 11:34:45 -0400
Received: from moe.its.auckland.ac.nz ([130.216.12.35] helo=mailhost.auckland.ac.nz) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IERpz-00071K-Mt for tls@lists.ietf.org; Fri, 27 Jul 2007 11:34:45 -0400
Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id E7AE84804E6; Sat, 28 Jul 2007 03:34:42 +1200 (NZST)
X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz
Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (moe.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EMgjkbuC4QSZ; Sat, 28 Jul 2007 03:34:42 +1200 (NZST)
Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id CB7124804D5; Sat, 28 Jul 2007 03:34:42 +1200 (NZST)
Received: from eris.cs.auckland.ac.nz (eris.cs.auckland.ac.nz [130.216.33.46]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 65AA7D14CFC; Sat, 28 Jul 2007 03:34:40 +1200 (NZST)
Received: from 125-238-114-81.broadband-telecom.global-gateway.net.nz (125-238-114-81.broadband-telecom.global-gateway.net.nz [125.238.114.81]) by webmail.cs.auckland.ac.nz (Horde) with HTTP for <pgut001@webmail.cs.auckland.ac.nz>; Sat, 28 Jul 2007 03:34:36 +1200
Message-ID: <20070728033436.yw17ei6qfc80oo0g@webmail.cs.auckland.ac.nz>
Date: Sat, 28 Jul 2007 03:34:36 +1200
From: pgut001@cs.auckland.ac.nz
To: Kyle Hamilton <aerowolf@gmail.com>
Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for integrating
References: <200707171840.l6HIeg9M018099@fs4113.wdf.sap.corp> <48A6320349FD1EDBE937A357@dhcp-26f9.ietf69.org><C4E819FF73EA6ED22A3906CD@446E7922C82D299DB29D899F> <46A8FD4F.7050203@it.su.se> <FA998122A677CF4390C1E291BFCF598907DF564E@EXCH.missi.ncsc.mil> <20070728020702.2x3rc53g7bksocc0@webmail.cs.auckland.ac.nz> <67C405F1-EAEA-46DF-A6F5-2F2397A32D43@gmail.com>
In-Reply-To: <67C405F1-EAEA-46DF-A6F5-2F2397A32D43@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.0.1)
X-Originating-IP: 125.238.114.81
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 1ac7cc0a4cd376402b85bc1961a86ac2
Cc: tls@lists.ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Kyle Hamilton <aerowolf@gmail.com> writes:
> Why wouldn't the SSH paradigm work here?

You mean "connect to anything listening on port 22, then hand over your
password in the clear (inside the SSH tunnel)"?  How does it differ from the
current phishing-enabling TLS usage of "connect to anything listening on port
443, then hand over your password in the clear (inside the TLS tunnel)"?

(You're assuming that people check SSH key fingerprints.  Please cite a real-
world usability study supporting this assumption.  NB: That's a booby-trapped
question :-).

Peter.


_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls