[Security] TLS-SRP Questions

Eric Rescorla ekr at rtfm.com
Thu Aug 21 09:13:24 CDT 2008


On Thu, Aug 21, 2008 at 4:09 AM, Jonathan Dickinson <jonathanD at k2.com> wrote:
>> -----Original Message-----
>> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
>> Behalf Of Dirk Meyer
>> Sent: Thursday, August 21, 2008 12:52 PM
>> To: XMPP Security
>> Subject: [Security] TLS-SRP Questions
>>
>> Hi,
>>
>> I have two questions if I understand RFC 5054 correctly. In our
>> scenario we have two clients with unverified certificates and a shared
>> secret we use as password. One acts as TLS client, the other as TLS
>> server. Now I want to be sure that not only the TLS server can verify
>> the client knows the password but also the other way around. Looking
>> at the RFC I see that the premaster secret is calculated by both
>> parties using x with x = SHA1(s | SHA1(I | ":" | P)) and P is the
>> password. The server uses this indirectly by using v and v = g^x % N.
>
> May be a n00b comment, but If we had verifiable certificates (via an IC) the client is given the opportunity to present their certificate. I am not sure how this works, all that I have to go on is that in .net TLS streams there is an event called PresentClientCertificate (or something along those lines).

I'm not sure I understand the question...

-Ekr


More information about the Security mailing list