Re: Symptoms vs. Causes

To: Eric Rescorla <ekr at networkresonance.com>
Subject: Re: Symptoms vs. Causes
From: Eliot Lear <lear at cisco.com>
Date: Wed, 12 Sep 2007 16:32:34 +0200
Authentication-results: ams-dkim-2; header.From=lear@cisco.com; dkim=pass (s ig from cisco.com/amsdkim2001 verified; );
Cc: ietf at ietf.org
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=703; t=1189607572; x=1190471572; c=relaxed/simple; s=amsdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=lear@cisco.com; z=From:=20Eliot=20Lear=20<lear@cisco.com> |Subject:=20Re=3A=20Symptoms=20vs.=20Causes |Sender:=20; bh=lXv//gXiEn45+bwKLj8OR9RQSV22A6ZWylzZrAflrOE=; b=c0yYAfwwMWG7FmJCi3kGxREIme0pSqDsFKwSsekaTUlW5yIF8TPtm5cB07ZwIgn1lbMcruXx Ndh4Dct57ZL+Zg11mTQ8W7jTUvLG6prDWSBXdwxJE7DkiGzUl4Sak2+I;
In-reply-to: <20070912142127.A7F2933C21@delta.rtfm.com>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <tsl4pi13ptg.fsf@mit.edu> <Pine.LNX.4.33.0709111345110.3313-100000@egate.xpasc.com> <20070911234949.523D433C21@delta.rtfm.com> <46E79C5D.7010103@cisco.com> <20070912135920.E0C0733C21@delta.rtfm.com> <46E7F599.4030207@cisco.com> <20070912142127.A7F2933C21@delta.rtfm.com>
User-agent: Thunderbird 2.0.0.6 (Macintosh/20070728)

Eric Rescorla wrote:

None of the systems I mentioned (TLS-PSK, SRP, PwdHash) has this problem--provided that the user actually uses the new authentication method and doesn't type his password into some Web form. But of course that's a UI problem, not a protocol problem.

As I wrote, the problem is in both places. For one thing, TLS-PSK, SRP, and PwdHash all have the problem that they require some sort of secure interface on what is generally an insecure platform. What is needed is a way to modularize and isolate those authentication transactions. Sam claims it can be done in software - fine. What is the communication path to and from? What's the architecture?

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: Symptoms vs. Causes
  - From: Eric Rescorla

References:
- Re: Symptoms vs. Causes
  - From: Sam Hartman
- Re: Symptoms vs. Causes
  - From: David Morris
- Re: Symptoms vs. Causes
  - From: Eric Rescorla
- Re: Symptoms vs. Causes
  - From: Eliot Lear
- Re: Symptoms vs. Causes
  - From: Eric Rescorla
- Re: Symptoms vs. Causes
  - From: Eliot Lear
- Re: Symptoms vs. Causes
  - From: Eric Rescorla

Prev by Date: Re: Symptoms vs. Causes
Next by Date: IPv6 will never fly: ARIN continues to kill it
Previous by thread: Re: Symptoms vs. Causes
Next by thread: Re: Symptoms vs. Causes
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Symptoms vs. Causes

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.