IETF Logo Mail Archive

Re: [TLS] SAS extension?

Eric Rescorla <ekr@networkresonance.com> Sun, 03 August 2008 05:14 UTC

Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 015D53A6B03; Sat, 2 Aug 2008 22:14:41 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8A6F43A6B03 for <tls@core3.amsl.com>; Sat, 2 Aug 2008 22:14:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.469
X-Spam-Level:
X-Spam-Status: No, score=-0.469 tagged_above=-999 required=5 tests=[AWL=0.026, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lou3vYSmrz+q for <tls@core3.amsl.com>; Sat, 2 Aug 2008 22:14:38 -0700 (PDT)
Received: from kilo.rtfm.com (unknown [74.95.2.169]) by core3.amsl.com (Postfix) with ESMTP id 06CC03A698E for <tls@ietf.org>; Sat, 2 Aug 2008 22:14:34 -0700 (PDT)
Received: from kilo-2.local (localhost [127.0.0.1]) by kilo.rtfm.com (Postfix) with ESMTP id BC2C351D134; Sat, 2 Aug 2008 22:14:40 -0700 (PDT)
Date: Sat, 02 Aug 2008 22:14:40 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Pasi.Eronen@nokia.com
In-Reply-To: <1696498986EFEC4D9153717DA325CB72013BB232@vaebe104.NOE.Nokia.com>
References: <488F7B6E.80800@stpeter.im> <1696498986EFEC4D9153717DA325CB72013BB232@vaebe104.NOE.Nokia.com>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.1 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Message-Id: <20080803051440.BC2C351D134@kilo.rtfm.com>
Cc: tls@ietf.org
Subject: Re: [TLS] SAS extension?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org

As Pasi says, this is quite doable technically, but I
wonder about applicability.

SAS-type systems only work well if you have a trustworthy channel to
use to communicate the short authenticator. What did you have in mind
using for that channel?

-Ekr


At Wed, 30 Jul 2008 21:39:52 +0300,
<Pasi.Eronen@nokia.com> wrote:
> There have been some earlier efforts, but AFAIK they're
> not actively worked on:
> 
> http://tools.ietf.org/html/draft-fischl-sipping-media-dtls-01
> (Section 8.5)
> 
> https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-mcgrew-tls-sas.txt
> 
> You might want to contact the authors of those drafts
> to discuss more (well, many of them are probably subscribed
> to this mailing list, too :).
> 
> Best regards,
> Pasi
> 
> > -----Original Message-----
> > From: Peter Saint-Andre
> > Sent: 29 July, 2008 23:20
> > To: tls@ietf.org
> > Subject: [TLS] SAS extension?
> > 
> > In the XMPP community we are defining a way to use TLS for end-to-end 
> > encryption. We'd love to use short authentication strings (SAS) for 
> > identity verification. As far as I can see no one has worked on a TLS 
> > extension for SAS. Is there interest in doing so? I'd be 
> > happy to help write an I-D on this topic, but I'm not a TLS or 
> > security expert so it might not be appropriate for me to lead the 
> > effort.
> > 
> > Thanks!
> > 
> > Peter
> > 
> > --
> > Peter Saint-Andre
> > https://stpeter.im/
> > 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email