RE: [TLS] Straw poll on TLS SRP status

To: <tls at ietf.org>
Subject: RE: [TLS] Straw poll on TLS SRP status
From: "Kemp, David P." <DPKemp at missi.ncsc.mil>
Date: Tue, 5 Jun 2007 09:42:48 -0400
Cc:
In-reply-to: <E1HvT1A-00087k-00@medusa01.cs.auckland.ac.nz>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <FA998122A677CF4390C1E291BFCF598907850FE7@EXCH.missi.ncsc.mil> <E1HvT1A-00087k-00@medusa01.cs.auckland.ac.nz>
Thread-index: AcenPxvxH4XS3gnfRnyA4HYm13PVkwAM5VSA
Thread-topic: [TLS] Straw poll on TLS SRP status

A client-cert-authenticated TLS session cannot be established without
validating the cert either.  However, I assume a phishing site would
be designed to make it as easy as possible for the user to connect,
not more difficult, which means the server would not negotiate SRP, PSK,
or client certs before putting up the form.

I believe some users could be trained to never enter passwords into
a web site unless a special local screen effect is used, but that
would require every passworded site on the web to use PBE.  But even
if that happened, I don't believe my mom, or the majority of non Ubuntu
users, could be trained to resist the pitch "PayPal(tm) is changing for
the better!  Come experience our fresh new look at www.newpaypal.com".

I'm not saying strong user authentication with PBE (SRP, EKE, etc) is a
bad idea.  I'm just saying that phish prevention is not a very effective
justification for it, because 1) the bad guys aren't going to use it,
and 2) PBE can't prevent the other gazillion ways of socially
engineering information out of marks (er, users).

Dave

-----Original Message-----
From: pgut001 [mailto:pgut001 at cs.auckland.ac.nz] 
Sent: Tuesday, June 05, 2007 3:00 AM
To: Kemp, David P.; tls at ietf.org
Subject: RE: [TLS] Straw poll on TLS SRP status

"Kemp, David P." <DPKemp at missi.ncsc.mil> writes:

>[...]
>3) User authenticates with a) nothing, b) http basic auth, c) client
>   cert, or d) SRP - it doesn't matter which
>4) Phishing server puts up a form that says: enter SSN, mother's
>   maiden name, and password.

With SRP, the user can't connect until the server's already proven
knowledge
of the username and password, so the phisher can never even get to step
4.

>If someone is phishing for information to enable identity theft, then
user
>authentication has no preventive benefit whatsoever.

SRP isn't user authentication, it's mutual authentication of client and
server.  So is TLS-PSK.

>The way to prevent phishing is to make server authentication work.

Exactly.  That's what TLS-PSK and TLS-SRP do.  Thankyou for supporting
my
argument :-).

Peter.

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- RE: [TLS] Straw poll on TLS SRP status
  - From: Kemp, David P.
- RE: [TLS] Straw poll on TLS SRP status
  - From: Peter Gutmann

Prev by Date: Re: [TLS] Comments on draft-housley-tls-authz-extns-07
Next by Date: Re: [TLS] Issue 30: Reject RSA public exponent 1
Previous by thread: RE: [TLS] Straw poll on TLS SRP status
Next by thread: Re: [TLS] Straw poll on TLS SRP status
Index(es):
- Date
- Thread

RE: [TLS] Straw poll on TLS SRP status

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.