Re: [TLS] SAS extension?

To: <Pasi.Eronen at nokia.com>
Subject: Re: [TLS] SAS extension?
From: Eric Rescorla <ekr at networkresonance.com>
Date: Sat, 02 Aug 2008 22:14:40 -0700
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <1696498986EFEC4D9153717DA325CB72013BB232@vaebe104.NOE.Nokia.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <488F7B6E.80800@stpeter.im> <1696498986EFEC4D9153717DA325CB72013BB232@vaebe104.NOE.Nokia.com>
Sender: tls-bounces at ietf.org
User-agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.1 Mule/5.0 (SAKAKI)

As Pasi says, this is quite doable technically, but I
wonder about applicability.

SAS-type systems only work well if you have a trustworthy channel to
use to communicate the short authenticator. What did you have in mind
using for that channel?

-Ekr


At Wed, 30 Jul 2008 21:39:52 +0300,
<Pasi.Eronen at nokia.com> wrote:
> There have been some earlier efforts, but AFAIK they're
> not actively worked on:
> 
> http://tools.ietf.org/html/draft-fischl-sipping-media-dtls-01
> (Section 8.5)
> 
> https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-mcgrew-tls-sas.txt
> 
> You might want to contact the authors of those drafts
> to discuss more (well, many of them are probably subscribed
> to this mailing list, too :).
> 
> Best regards,
> Pasi
> 
> > -----Original Message-----
> > From: Peter Saint-Andre
> > Sent: 29 July, 2008 23:20
> > To: tls at ietf.org
> > Subject: [TLS] SAS extension?
> > 
> > In the XMPP community we are defining a way to use TLS for end-to-end 
> > encryption. We'd love to use short authentication strings (SAS) for 
> > identity verification. As far as I can see no one has worked on a TLS 
> > extension for SAS. Is there interest in doing so? I'd be 
> > happy to help write an I-D on this topic, but I'm not a TLS or 
> > security expert so it might not be appropriate for me to lead the 
> > effort.
> > 
> > Thanks!
> > 
> > Peter
> > 
> > --
> > Peter Saint-Andre
> > https://stpeter.im/
> > 
> _______________________________________________
> TLS mailing list
> TLS at ietf.org
> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] SAS extension?
  - From: Peter Saint-Andre

References:
- [TLS] SAS extension?
  - From: Peter Saint-Andre
- Re: [TLS] SAS extension?
  - From: Pasi.Eronen

Prev by Date: [TLS] IETF 72 - TLS Working Group Draft Minutes
Next by Date: Re: [TLS] SAS extension?
Previous by thread: Re: [TLS] SAS extension?
Next by thread: Re: [TLS] SAS extension?
Index(es):
- Date
- Thread

Re: [TLS] SAS extension?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.