Re: [TLS] Straw poll on TLS SRP status

[Martin Rex <Martin.Rex at sap.com>]

Peter Gutmann wrote:
> 
> >We are happily using SSL with client certs for 30k+ users with a number of
> >different servers and we've been using it productively for 6 years now
> >(started using it 1999).
> 
> The reason I made the comment about TLS client auth being an abject failure is
> that every time anyone mentions the possibility of providing any other way of
> authenticating clients and servers, it's practically guaranteed that someone
> will pop out of the woodwork and state that we already have the perfect
> solution to authentication in the form of client certs (see e.g. the comments
> made during the TLS-PSK last call), and here's a special-case stovepipe
> deployment with a captive audience as incontrovertible proof that client certs
> are perfectly workable in the real world.  In the meantime we have a multi-
> billion doller phishing industry as proof that if certificate-based
> authentication is working then it's a very peculiar interpretation of the term
> "working".

RSA-based smartcards have been around for quite some time, they're working,
and they have a decent security level.

However there still are lots of banking cards and credit cards issued
that use fairly weak technology, often only a simply magnetic stripe.

Credit cards are designed to be used in "card-not-present" scenarios
(e.g. over the phone), but even in all of the card-present scenarios,
the same "authentication technology" which is vulnerable to social
engineering attacks is used.

Why?  The customer has basically no say in it.  It is a decision done
by the banks, and as long as either the damage is on a manageable low
level or can be blamed on the customer, they don't really care for
security -- they care much more about costs.

One of the few areas where the issuers have an interest in the security
of the technology seems to be cable and satellite TV.  

I don't think the problem is with the technology (SSL client cert),
but with the service providers.  They prefer to use passwords, because
that is what everybody is used to and it has a fairly low cost to
set up and operate.

However, passwords have the fundamental flaw that they're always vulnerable
to social engineering attacks, and phishing is basically a form of
social engineering attack.  As long as passwords are used, phishing
of some kind will remain possible.


I never saw TLS-PSK as an interactive authentication scheme for use
within a Web Browser.  IMHO that would be a pretty bad idea.
TLS-PSK should be used only in scenarios that are NOT vulnerable
to social engineering, something that is part of an initial
configuration (like WPA/WPA2-keys for WLAN).

Today, a Web-Browser (or any other component that interprets arbitrary
content from arbitrary sources, or worse, execution or arbitrary code
from arbitrary sources, aka "active content") is the largest security
problem on every (inter)net connected computer and I have strong doubts
that one can make it safe against social engineering attacks.


One additional problem is "password sharing" accross accounts.
Even if you can educate your users to check a dozen of attributes
before entering their password into the secure prompt for 9 of
their secure services, I doubt you will be able to prevent them from
reusing a password on those services that remain traditional
and vulnerable to phishing.

-Martin

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls