RE: [TLS] the use cases for GSS-based TLS and the plea for integrating

["Kemp, David P." <DPKemp at missi.ncsc.mil>]

"Today's interim solution to authentication"???  What do you 
see as the ideal, goal solution to authentication?

Dubious qualities related to factory-default trust lists,
issuance practices, etc can be addressed by changing practices
without changing technologies.  If there were a perfect
(non-dubious) scheme for establishing Kerberos credentials
for all TLS servers on the Internet and configuring clients
to trust only "suitable" servers, that same system could be
implemented more easily and scaleably using certificates.

If the X.500 naming system is considered dubious, certificates
could (and IMO should) be issued using names relevant to the
application (DNS-based, UPNs, issuer/account, etc) rather
than artificially creating ISO Directory names where they are
not needed.

In short, I see SSO being as over-hyped today as PKI
was a decade ago.  Every website that requires users to
create password accounts today could just as easily issue
certificates instead and users would get SSO for free.
An Amazon cert, an eBay cert, banking and brokerage account
certs, IM, discussion forum and online gaming certs, all
unlocked with a single password.  TLS supports that today
(well, almost - it could be easier to manage your whole
wallet of certs on a USB flash drive) but for some reason
(perceptions created by the CA industry?) PKI does not.

So my question at the top is genuine - what characteristics
of today's authentication solutions make them "interim" and
dubious, and what characteristics are required of ideal
Internet-scale authentication solutions?

Dave


-----Original Message-----
From: Chris Newman [mailto:Chris.Newman at Sun.COM] 

Leif Johansson wrote on 7/26/07 22:00 +0200:
> Would you support a password-based scheme inside TLS or
> would you support removing authentication from TLS entierly?

No.  Server certificate authentication is useful in practice as part of
today's 
interim solution to authentication despite certain dubious qualities.
As 
client certificate authentication is a rarely used feature of TLS, it's 
questionable whether it should have been included in the original
design. 
However, given that the mechanism has deployed well in implementations
and is 
actually used in some enclaves, it would be far too disruptive to change
now. 
Client certificates are also less problematic because the identity
service 
lookup can be deferred to the application layer using a mechanism such
as SASL 
EXTERNAL or IMAP "* PREAUTH".

                - Chris


_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls