RE: [TLS] the use cases for GSS-based TLS and the plea for integrating

[pgut001 at cs.auckland.ac.nz]

"Kemp, David P." <DPKemp at missi.ncsc.mil> writes:
> Symmetric mechanisms (static passwords, OTP, Kerberos, etc) all have the
> property of requiring communication with an identity provider in real-time to
> authenticate a user (except for pre-placed keys, a non-scalable 
> technique that
> is not under consideration for TLS even though it is supported in IPSec).
>
> Asymmetric (certificate-based) mechanisms can authenticate a user without
> communicating with an identity provider and without giving one party the
> ability to masquerade as the other.
>
> One certainly would not want to remove asymmetric authentication from TLS
> (i.e., it should remain mandatory to implement).

I realise this has the potential to open up a huge can of worms here, but I
can't let this one pass by: "shared keys/passwords/whatever don't scale" is
one of the most persistent myths on computer security.  99.99% of all
authentication is done via pre-shared keys/passwords, including pretty much
arbitrarily large infrastructures like eBay, Amazon, Gmail, any ISP using
RADIUS, and <insert-name-here>.  The ones that we know definitely don't scale
well in comparison are all the others: PKI, Kerberos, yadda yadda yadda, and
in particular the asymmetric-auth ones.

For how many more years do we have to keep flogging the PKI corpse?  If it
worked as intended, the multibillion-dollar phishing industry wouldn't exist.
Why keep it mandatory to implement something that very demonstrably doesn't
work?

Peter.


_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls