Re: Symptoms vs. Causes

To: Eric Rescorla <ekr at networkresonance.com>
Subject: Re: Symptoms vs. Causes
From: Eliot Lear <lear at cisco.com>
Date: Wed, 12 Sep 2007 17:08:05 +0200
Authentication-results: ams-dkim-2; header.From=lear@cisco.com; dkim=pass (s ig from cisco.com/amsdkim2001 verified; );
Cc: ietf at ietf.org
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=797; t=1189609700; x=1190473700; c=relaxed/simple; s=amsdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=lear@cisco.com; z=From:=20Eliot=20Lear=20<lear@cisco.com> |Subject:=20Re=3A=20Symptoms=20vs.=20Causes |Sender:=20; bh=aZwJ297nqXQL0992guqm3heyOMvLn7EJ4zDlYUv+RMQ=; b=UXhExlHJGSv7DLyGHfT2jUPABPOYgDDQhhPgazp5aTLondkSlkNZAHMnGnh2965DQMAMwBdk L8PGn06V/Y75J+R/kz92jT3Pa45liZyNA2TsYMbkFE93tdYQriy6dx+l;
In-reply-to: <20070912144010.18B3A33C21@delta.rtfm.com>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <tsl4pi13ptg.fsf@mit.edu> <Pine.LNX.4.33.0709111345110.3313-100000@egate.xpasc.com> <20070911234949.523D433C21@delta.rtfm.com> <46E79C5D.7010103@cisco.com> <20070912135920.E0C0733C21@delta.rtfm.com> <46E7F599.4030207@cisco.com> <20070912142127.A7F2933C21@delta.rtfm.com> <46E7F882.4080400@cisco.com> <20070912144010.18B3A33C21@delta.rtfm.com>
User-agent: Thunderbird 2.0.0.6 (Macintosh/20070728)

Eric,

Each of these approaches has a fairly obvious architecture. In fact, Digest, which I forgot to mention in my previous message, already has a pre-existing architecture, and PwdHash works with the existing architecture.

You have to put the two together. ALL of the approaches that you mention fail given an insecure UI. NONE of them are likely to be applicable given a secure UI. What will be necessary is a secured channel from the authentication module of the user to the authenticating party. What is that? It's almost assuredly not going to include IP addresses. How will PSK-TLS work in such circumstances? What is the communication between the module and the browser? And add on top of ALL of that the UI and don't forget registration. Eliot

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: Symptoms vs. Causes
  - From: Eric Rescorla

References:
- Re: Symptoms vs. Causes
  - From: Sam Hartman
- Re: Symptoms vs. Causes
  - From: David Morris
- Re: Symptoms vs. Causes
  - From: Eric Rescorla
- Re: Symptoms vs. Causes
  - From: Eliot Lear
- Re: Symptoms vs. Causes
  - From: Eric Rescorla
- Re: Symptoms vs. Causes
  - From: Eliot Lear
- Re: Symptoms vs. Causes
  - From: Eric Rescorla
- Re: Symptoms vs. Causes
  - From: Eliot Lear
- Re: Symptoms vs. Causes
  - From: Eric Rescorla

Prev by Date: Re: Symptoms vs. Causes
Next by Date: Re: Symptoms vs. Causes
Previous by thread: Re: Symptoms vs. Causes
Next by thread: Re: Symptoms vs. Causes
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Symptoms vs. Causes

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.