[Security] About the Firefox 3 Security Dialog & others

Pedro Melo melo at simplicidade.org
Sat Aug 23 07:46:24 CDT 2008


Hi,

On Aug 23, 2008, at 1:18 PM, Jonathan Schleifer wrote:

> Am 23.08.2008 um 11:04 schrieb Dirk Meyer:
>
>> SAS does not work for me when I use bots. It also reduces it to one
>> way removing the option of X.509 certificates which is something I
>> need.
>
> I never said SAS should be the only way, we need multiple ways. I  
> suggest those:
>
> * SAS with mnemonics
> * Fingerprint verification
> * CA, but no CA added in the client by default (so the user has to  
> trust the CA manually, for example useful in a company so you don't  
> have to verify every co-worker)

Exactly. For bots, I personally would create my own CA and tell those  
pesky little devils just to trust certificates signed by that.

Profit!.


>>> Having a 32-bit SAS encoded with Mnemonics (like already suggested
>>> here) really sounds like a great idea.
>>
>> Why not encode a key fingerprint with Mnemonics? Looks like the same
>> to the user.
>
> Only taking 32 bit of the fingerprint and using Mnemonics is  
> insecure as this is easy to forge - we already discussed it here.
>
> BTW: It was argued a lot that ESessions misses a cryptanalysis, but  
> if we are going to do extensions to TLS, we might need a  
> cryptanalysis for this stuff too. TLS is useless if we add a  
> verification method that is insecure.

Well, SAS and SRP are IETF (draft?) extensions. SRP has more than 10  
years of field tests and debate (up to current SRP-6, I believe).

They are not "our" extensions. I would prefer not to have any "our"  
extensions to TLS.

Mnemonic or base32 encoding of the 32bit challenge, that's just  
cosmetics applied.

Best regards,
-- 
Pedro Melo
Blog: http://www.simplicidade.org/notes/
XMPP ID: melo at simplicidade.org
Use XMPP!




More information about the Security mailing list