[Security] TLS-SRP Questions

Dave Cridland dave at cridland.net
Thu Aug 21 11:11:35 CDT 2008


On Thu Aug 21 16:37:55 2008, Hannes Tschofenig wrote:
> TLS-SRP does not make a lot of sense in the context of end-to-end  
> security between two clients.
> 
> If you exchange a shared secret along the signaling path then you  
> can feed that right into TLS-PSK without the need to use TLS-SRP.  
> That is, however, not ideal either (from a security point of view).
> 
> Instead, you might just want to use the same stuff that was done  
> with DTLS-SRTP where the fingerprint of a cert is exchanged along  
> the signaling path to be later compared to the certs being  
> exchanged in the DTLS (or TLS run).

Aren't you making the assumption that the signalling path is secure,  
here? In our case, it's that path we're assuming is untrustworthy,  
hence the need for this secured channel.

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade


More information about the Security mailing list