RE: Symptoms vs. Causes

To: "Eric Rescorla" <ekr at networkresonance.com>, "David Morris" <dwm at xpasc.com>
Subject: RE: Symptoms vs. Causes
From: Christian Huitema <huitema at windows.microsoft.com>
Date: Wed, 12 Sep 2007 00:51:33 -0700
Cc: ietf at ietf.org
In-reply-to: <20070911234949.523D433C21@delta.rtfm.com>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <tsl4pi13ptg.fsf@mit.edu><Pine.LNX.4.33.0709111345110.3313-100000@egate.xpasc.com> <20070911234949.523D433C21@delta.rtfm.com>
Thread-index: Acf0zzf5BEec1LuLRyizXUcDRv/XdQAQjHqA
Thread-topic: Symptoms vs. Causes

> There are a large number of protocol designs--even existing
> protocols--which are compatible with the general paradigm of "user U
> proves possession of password P to server A without giving A a
> credential which can be used to impersonate U to server B".
> HTTP Digest, TLS-PSK, SRP, and PwdHash all come to mind. The
> difficult parts are:
> 
> (1) putting a sensible UI on it--including one that isn't easily
>     spoofed (see the extensive literature on how hard it is
>     to build a secure UI.
> (2) Getting everyone to agree on one protocol.

Please add:

(3) The chosen solution is immune to dictionary attacks.

-- Christian Huitema

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: Symptoms vs. Causes
  - From: Eric Rescorla
- Re: Symptoms vs. Causes
  - From: Michael Thomas
- Re: Symptoms vs. Causes
  - From: Hannes Tschofenig

References:
- Re: Symptoms vs. Causes
  - From: Sam Hartman
- Re: Symptoms vs. Causes
  - From: David Morris
- Re: Symptoms vs. Causes
  - From: Eric Rescorla

Prev by Date: Re: Symptoms vs. Causes
Next by Date: Re: Symptoms vs. Causes
Previous by thread: Re: Symptoms vs. Causes
Next by thread: Re: Symptoms vs. Causes
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

RE: Symptoms vs. Causes

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.