IETF Logo Mail Archive

Re: [TLS] Straw poll on TLS SRP status

Yoav Nir <ynir@checkpoint.com> Fri, 01 June 2007 08:25 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hu2RW-0007nX-6p; Fri, 01 Jun 2007 04:25:06 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hu2RV-0007nM-5D for tls@ietf.org; Fri, 01 Jun 2007 04:25:05 -0400
Received: from michael.checkpoint.com ([194.29.32.68]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Hu2RT-0005xG-LI for tls@ietf.org; Fri, 01 Jun 2007 04:25:05 -0400
Received: from [172.31.24.80] (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id l518OmFB003329; Fri, 1 Jun 2007 11:24:53 +0300 (IDT)
In-Reply-To: <E1HtPtO-0002Rn-00@medusa01.cs.auckland.ac.nz>
References: <E1HtPtO-0002Rn-00@medusa01.cs.auckland.ac.nz>
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <D9FE6DEF-E407-44CA-8197-9063B5AA6EFC@checkpoint.com>
Content-Transfer-Encoding: 7bit
From: Yoav Nir <ynir@checkpoint.com>
Subject: Re: [TLS] Straw poll on TLS SRP status
Date: Fri, 01 Jun 2007 11:24:30 +0300
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
X-Mailer: Apple Mail (2.752.3)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

I know SRP has the capability to do the whole key exchange, but why  
do we need it.

The problem that both extensions are trying to solve is the problem  
of using passwords for authentication within TLS. TLS has a perfectly  
good way for keying already.

But again, I'm not saying that SRP should not be used. I'm only  
saying that we don't need its key-exchange capabilities in this  
particular context.

On May 30, 2007, at 6:15 PM, Peter Gutmann wrote:

> Yoav Nir <ynir@checkpoint.com> writes:
>
>> I think SRP should not be a stand-alone extension, but rather that  
>> it should
>> be introduced as part of EAP.
>>
>> The choice is between separate extensions for SRP and for each  
>> authentication
>> method, or to introduce them all at once under EAP, as was done in  
>> IKEv2.
>
> Is it possible to do this though?  Using the taxonomy I posted  
> earlier, TLS-
> SRP would seem to fall into the "modify the crypto portion of the TLS
> handshake" bucket (alongside TLS-KRB5 and TLS-PSK), which means  
> that you
> couldn't really do it inside EAP.  Admittedly you could do a  
> standard TLS
> handshake and then follow it up with SRP inside EAP purely for the
> authentication portion, but that seems (a) messy (see draft-iab- 
> auth-mech-*)
> and (b) a bit of a waste of SRP's capabilities, since it can do the  
> whole key
> exchange step as well.
>
> Peter.
>


_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email