IETF Logo Mail Archive

Re: [TLS] User Defined Key Pair

"Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu> Tue, 25 June 2013 18:11 UTC

Return-Path: <prvs=9888b28b76=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D457821E80AC for <tls@ietfa.amsl.com>; Tue, 25 Jun 2013 11:11:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.201
X-Spam-Level:
X-Spam-Status: No, score=-5.201 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TFBw8geLz0SS for <tls@ietfa.amsl.com>; Tue, 25 Jun 2013 11:11:19 -0700 (PDT)
Received: from mx2.ll.mit.edu (MX2.LL.MIT.EDU [129.55.12.46]) by ietfa.amsl.com (Postfix) with ESMTP id 7EF3811E8127 for <tls@ietf.org>; Tue, 25 Jun 2013 11:11:08 -0700 (PDT)
Received: from LLE2K7-HUB02.mitll.ad.local (LLE2K7-HUB02.mitll.ad.local) by mx2.ll.mit.edu (unknown) with ESMTP id r5PIAg3Y031704 for <tls@ietf.org>; Tue, 25 Jun 2013 14:10:42 -0400
From: "Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu>
To: "tls@ietf.org" <tls@ietf.org>
Date: Tue, 25 Jun 2013 14:10:39 -0400
Thread-Topic: [TLS] User Defined Key Pair
Thread-Index: Ac5xz03cWpA1eA+cRGW/uIIR1hNMcQ==
Message-ID: <CDEF518B.16897%uri@ll.mit.edu>
In-Reply-To: <377FB9023E313048955F1A4A54DB21009A5670B6@365EXCH-MBX-P3.nbttech.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.5.130515
acceptlanguage: en-US
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="B_3455014239_5335628"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8794, 1.0.431, 0.0.0000 definitions=2013-06-25_07:2013-06-25, 2013-06-25, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000 definitions=main-1306250145
Subject: Re: [TLS] User Defined Key Pair
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jun 2013 18:11:24 -0000

>From the answers provided so far, it looks like there is no server
authentication. So if you pretend to be a server, get user name and
password, then pretend to be that user to, e.g., Facebook ­ you should get
complete access, including the ability to generate your own key pair. :)

I'd much prefer dependence on a 3rd party ­ Certificate Authority, to be
precise.
--
Regards,
Uri Blumenthal

From:  Paras Shah <Paras.Shah@riverbed.com>
Date:  Tuesday, June 25, 2013 1:25
To:  "Stephan T." <rheoli08@gmail.com>, "OMAR HASSAN (RIT Student)"
<omh1835@rit.edu>, "tls@ietf.org" <tls@ietf.org>
Subject:  Re: [TLS] User Defined Key Pair

> That is exactly the question I had. How is Server Authentication done with
> this approach?
>  
> 
> From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of Stephan
> T.
> Sent: Monday, June 24, 2013 10:24 PM
> To: OMAR HASSAN (RIT Student); tls@ietf.org
> Subject: Re: [TLS] User Defined Key Pair
>  
> 
> Hi,
> 
>  
> 
> How you made sure that the user (client) is connected with the intended
> server?
> 
>  
> 
>  
> 
> -Stephan
> 
>  
>  
> 
> Am 21.06.2013 um 20:35 schrieb OMAR HASSAN (RIT Student) <omh1835@rit.edu>:
> 
> 
> Hello All,
> 
>  
> 
> I have uploaded a new version of the User Defined Key pair protocol that is
> cleaner and briefer, I will appreciate any comments or suggestions.
> 
>  
> 
> Just to remind you:
> 
>  
> 
> http://tools.ietf.org/html/draft-omar-tls-udkp-01
> <http://tools.ietf.org/html/draft-omar-tls-udkp-01>
> 
>  
> The new protocol is a new way of securing the traffic to websites without
> being depending on any third party to secure the traffic between the user and
> the website, so it will be possible for the user to secure his browsing using
> his credential information, smart card, or a random file on usb. That will
> make the use of two factor for authentication and traffic security is
> separated from the application code, the website admin only needs to configure
> how the users are going to access the website. Additionally there are no
> passwords required to be transferred any more on the network, which will
> render the Phishing attack useless.
> 
>  
> 
> The motivation behind the new protocol is to make the security the
> responsibility of the two involved parties, because as you know, the security
> and confidentiality of user browsing in TLS depend upon the number of
> Certificate Authorities (CAs), major web browsers trust hundreds of different
> firms to issue certificates. Each of these
> firms can be compelled by their national government, or being compromised to
> issue a certificate for any particular website that all web browsers will
> trust without warning.Thus, users around the world are put in a position where
> their browser entrusts their private data, indirectly, to a large number of
> governments, and entities. (http://cryptome.org/ssl-mitm.pdf
> <http://cryptome.org/ssl-mitm.pdf> )
> 
>  
> 
> Thank You
> 
> Best Regards
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email