[Security] TLS Certificates Verification

Eric Rescorla ekr at rtfm.com
Tue Aug 19 13:03:06 CDT 2008


On Tue, Aug 19, 2008 at 10:57 AM, Jonathan Dickinson <jonathanD at k2.com> wrote:
> Maybe something based on Diffie Hellman (which RSP uses)?

I'm not sure what you're suggesting. Basically, there are PAKE (aka
zero knowledge password
proof) systems and non-PAKE systems. All the non-PAKE systems are
subject to dictionary
attacks, whatever technology they're based on (though the public key
ones can be
made to be require an active attack on one connection).

What Dave is suggesting, I think, would be a garden variety TLS handshake with
whatever ciphersuites you already support and self-signed certs. Then you'd run
SASL with some challenge/response protocol and channel bindings (you'd
almost certainly want mutual auth here) and then on the basis of the C/R
note that you trusted the peer's self-signed cert.

-Ekr


More information about the Security mailing list