[Security] TLS-SRP Questions
Kurt.Zeilenga at Isode.com
Thu Aug 21 15:31:51 CDT 2008
On Aug 21, 2008, at 12:19 PM, Dirk Meyer wrote:
> Jonathan Dickinson wrote:
>> And my hard-laboured formatting got messed up.
>> Initiator opens connection
>> Target gets connection and presents certificate
>> Initiator verifies certificate with IC -> Fail if invalid
>> Initiator presents certificate
>> Target verifies certificate -> Fail if invalid
>> The point is, from what I can tell, TLS supports all of that.
> Yes, but the question is how to verify a certificate from someone you
> do not know which is not signed by a CA. Or I'm I missing something in
> your argumentation?
I understand the problem is that a user A asserts they are some
jabberid to user B, and now B wants to establish a "secure" channel
B connects to the asserted jabberid and establishes a secure channel.
Now B wants to prove that person that its A on the other end of
Note that B may not know or care who A is (other than they are the
person that made the assertion).
Presumedly A asserted some sort of fingerprint of their certificate at
the same time they asserted their jabberid.
In this case, it seems that all B needs to do is check that the
certificate presumedly by A in establishing the "secure" channel has
the same fingerprint.
Why would there be any need to otherwise "verify" A's certificate?
> A bad random number generator: 1, 1, 1, 1, 1, 4.33e+67, 1, 1, 1...
More information about the Security