IETF Logo Mail Archive

Re: [TLS] User Defined Key Pair

Paras Shah <Paras.Shah@riverbed.com> Tue, 25 June 2013 05:25 UTC

Return-Path: <Paras.Shah@riverbed.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D82CE21F9F53 for <tls@ietfa.amsl.com>; Mon, 24 Jun 2013 22:25:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4GzltnwXRNyY for <tls@ietfa.amsl.com>; Mon, 24 Jun 2013 22:25:44 -0700 (PDT)
Received: from smtp1.riverbed.com (eng.riverbed.com [208.70.196.45]) by ietfa.amsl.com (Postfix) with ESMTP id DC21321F9EFD for <tls@ietf.org>; Mon, 24 Jun 2013 22:25:44 -0700 (PDT)
Received: from unknown (HELO 365EXCH-HUB-P3.nbttech.com) ([10.16.4.1]) by smtp1.riverbed.com with ESMTP; 24 Jun 2013 22:25:44 -0700
Received: from 365EXCH-MBX-P3.nbttech.com ([fe80::d453:ae2c:3b65:50e5]) by 365EXCH-HUB-P3.nbttech.com ([::1]) with mapi id 14.02.0328.009; Mon, 24 Jun 2013 22:25:44 -0700
From: Paras Shah <Paras.Shah@riverbed.com>
To: "Stephan T." <rheoli08@gmail.com>, "OMAR HASSAN (RIT Student)" <omh1835@rit.edu>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] User Defined Key Pair
Thread-Index: AQHObq4khJkyicCAKkOjssuh7VsnkZlGYHcA//+K6OA=
Date: Tue, 25 Jun 2013 05:25:44 +0000
Message-ID: <377FB9023E313048955F1A4A54DB21009A5670B6@365EXCH-MBX-P3.nbttech.com>
References: <CALxQUYGdagDHr+A4EKN5qPD1jZG+dH8PHwb0-fKJVUN_vC1MSg@mail.gmail.com> <E42E590D-7238-4915-8E64-48BC9384918F@gmail.com>
In-Reply-To: <E42E590D-7238-4915-8E64-48BC9384918F@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.16.205.249]
Content-Type: multipart/alternative; boundary="_000_377FB9023E313048955F1A4A54DB21009A5670B6365EXCHMBXP3nbt_"
MIME-Version: 1.0
X-Mailman-Approved-At: Tue, 25 Jun 2013 10:50:59 -0700
Subject: Re: [TLS] User Defined Key Pair
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jun 2013 05:26:47 -0000

That is exactly the question I had. How is Server Authentication done with this approach?

From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of Stephan T.
Sent: Monday, June 24, 2013 10:24 PM
To: OMAR HASSAN (RIT Student); tls@ietf.org
Subject: Re: [TLS] User Defined Key Pair

Hi,

How you made sure that the user (client) is connected with the intended server?


-Stephan


Am 21.06.2013 um 20:35 schrieb OMAR HASSAN (RIT Student) <omh1835@rit.edu<mailto:omh1835@rit.edu>>:


Hello All,

I have uploaded a new version of the User Defined Key pair protocol that is cleaner and briefer, I will appreciate any comments or suggestions.

Just to remind you:

http://tools.ietf.org/html/draft-omar-tls-udkp-01

The new protocol is a new way of securing the traffic to websites without being depending on any third party to secure the traffic between the user and the website, so it will be possible for the user to secure his browsing using his credential information, smart card, or a random file on usb. That will make the use of two factor for authentication and traffic security is separated from the application code, the website admin only needs to configure how the users are going to access the website. Additionally there are no passwords required to be transferred any more on the network, which will render the Phishing attack useless.

The motivation behind the new protocol is to make the security the responsibility of the two involved parties, because as you know, the security and confidentiality of user browsing in TLS depend upon the number of Certificate Authorities (CAs), major web browsers trust hundreds of different
firms to issue certificates. Each of these
firms can be compelled by their national government, or being compromised to issue a certificate for any particular website that all web browsers will trust without warning.Thus, users around the world are put in a position where their browser entrusts their private data, indirectly, to a large number of governments, and entities. (http://cryptome.org/ssl-mitm.pdf)

Thank You
Best Regards
_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email