Re: [TLS] User Defined Key Pair
"Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu> Tue, 25 June 2013 18:11 UTC
Return-Path: <prvs=9888b28b76=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D457821E80AC for <tls@ietfa.amsl.com>; Tue, 25 Jun 2013 11:11:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.201
X-Spam-Level:
X-Spam-Status: No, score=-5.201 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TFBw8geLz0SS for <tls@ietfa.amsl.com>; Tue, 25 Jun 2013 11:11:19 -0700 (PDT)
Received: from mx2.ll.mit.edu (MX2.LL.MIT.EDU [129.55.12.46]) by ietfa.amsl.com (Postfix) with ESMTP id 7EF3811E8127 for <tls@ietf.org>; Tue, 25 Jun 2013 11:11:08 -0700 (PDT)
Received: from LLE2K7-HUB02.mitll.ad.local (LLE2K7-HUB02.mitll.ad.local) by mx2.ll.mit.edu (unknown) with ESMTP id r5PIAg3Y031704 for <tls@ietf.org>; Tue, 25 Jun 2013 14:10:42 -0400
From: "Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu>
To: "tls@ietf.org" <tls@ietf.org>
Date: Tue, 25 Jun 2013 14:10:39 -0400
Thread-Topic: [TLS] User Defined Key Pair
Thread-Index: Ac5xz03cWpA1eA+cRGW/uIIR1hNMcQ==
Message-ID: <CDEF518B.16897%uri@ll.mit.edu>
In-Reply-To: <377FB9023E313048955F1A4A54DB21009A5670B6@365EXCH-MBX-P3.nbttech.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.5.130515
acceptlanguage: en-US
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="B_3455014239_5335628"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8794, 1.0.431, 0.0.0000 definitions=2013-06-25_07:2013-06-25, 2013-06-25, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000 definitions=main-1306250145
Subject: Re: [TLS] User Defined Key Pair
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jun 2013 18:11:24 -0000
>From the answers provided so far, it looks like there is no server authentication. So if you pretend to be a server, get user name and password, then pretend to be that user to, e.g., Facebook you should get complete access, including the ability to generate your own key pair. :) I'd much prefer dependence on a 3rd party Certificate Authority, to be precise. -- Regards, Uri Blumenthal From: Paras Shah <Paras.Shah@riverbed.com> Date: Tuesday, June 25, 2013 1:25 To: "Stephan T." <rheoli08@gmail.com>, "OMAR HASSAN (RIT Student)" <omh1835@rit.edu>, "tls@ietf.org" <tls@ietf.org> Subject: Re: [TLS] User Defined Key Pair > That is exactly the question I had. How is Server Authentication done with > this approach? > > > From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of Stephan > T. > Sent: Monday, June 24, 2013 10:24 PM > To: OMAR HASSAN (RIT Student); tls@ietf.org > Subject: Re: [TLS] User Defined Key Pair > > > Hi, > > > > How you made sure that the user (client) is connected with the intended > server? > > > > > > -Stephan > > > > > Am 21.06.2013 um 20:35 schrieb OMAR HASSAN (RIT Student) <omh1835@rit.edu>: > > > Hello All, > > > > I have uploaded a new version of the User Defined Key pair protocol that is > cleaner and briefer, I will appreciate any comments or suggestions. > > > > Just to remind you: > > > > http://tools.ietf.org/html/draft-omar-tls-udkp-01 > <http://tools.ietf.org/html/draft-omar-tls-udkp-01> > > > The new protocol is a new way of securing the traffic to websites without > being depending on any third party to secure the traffic between the user and > the website, so it will be possible for the user to secure his browsing using > his credential information, smart card, or a random file on usb. That will > make the use of two factor for authentication and traffic security is > separated from the application code, the website admin only needs to configure > how the users are going to access the website. Additionally there are no > passwords required to be transferred any more on the network, which will > render the Phishing attack useless. > > > > The motivation behind the new protocol is to make the security the > responsibility of the two involved parties, because as you know, the security > and confidentiality of user browsing in TLS depend upon the number of > Certificate Authorities (CAs), major web browsers trust hundreds of different > firms to issue certificates. Each of these > firms can be compelled by their national government, or being compromised to > issue a certificate for any particular website that all web browsers will > trust without warning.Thus, users around the world are put in a position where > their browser entrusts their private data, indirectly, to a large number of > governments, and entities. (http://cryptome.org/ssl-mitm.pdf > <http://cryptome.org/ssl-mitm.pdf> ) > > > > Thank You > > Best Regards > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] User Defined Key Pair OMAR HASSAN (RIT Student)
- Re: [TLS] User Defined Key Pair Salz, Rich
- Re: [TLS] User Defined Key Pair OMAR HASSAN (RIT Student)
- Re: [TLS] User Defined Key Pair Salz, Rich
- Re: [TLS] User Defined Key Pair OMAR HASSAN (RIT Student)
- Re: [TLS] User Defined Key Pair Salz, Rich
- Re: [TLS] User Defined Key Pair OMAR HASSAN (RIT Student)
- Re: [TLS] User Defined Key Pair Stephan T.
- Re: [TLS] User Defined Key Pair Juho Vähä-Herttua
- Re: [TLS] User Defined Key Pair Robert Cragie
- Re: [TLS] User Defined Key Pair Salz, Rich
- Re: [TLS] User Defined Key Pair OMAR HASSAN (RIT Student)
- Re: [TLS] User Defined Key Pair Paras Shah
- Re: [TLS] User Defined Key Pair Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] User Defined Key Pair OMAR HASSAN (RIT Student)
- Re: [TLS] User Defined Key Pair Hannes Tschofenig
- Re: [TLS] User Defined Key Pair OMAR HASSAN (RIT Student)
- Re: [TLS] User Defined Key Pair OMAR HASSAN (RIT Student)
- Re: [TLS] User Defined Key Pair Juho Vähä-Herttua
- Re: [TLS] User Defined Key Pair Juho Vähä-Herttua
- Re: [TLS] User Defined Key Pair OMAR HASSAN (RIT Student)
- Re: [TLS] User Defined Key Pair Paras Shah
- Re: [TLS] User Defined Key Pair Dan Harkins
- Re: [TLS] User Defined Key Pair OMAR HASSAN (RIT Student)
- Re: [TLS] User Defined Key Pair Dan Harkins
- Re: [TLS] User Defined Key Pair Alex Elsayed
- Re: [TLS] User Defined Key Pair OMAR HASSAN (RIT Student)
- Re: [TLS] User Defined Key Pair OMAR HASSAN (RIT Student)