[Security] Reminder :: Draft feedback on "C2C authentication using TLS"

Dirk Meyer dmeyer at tzi.de
Mon Aug 25 16:16:14 CDT 2008


"Eric Rescorla" wrote:
> To go meta here for a second, let's assume that there are at least
> 3 cases:
>
> - The peers have certificates that can be independently validated, e.g.,
>   + via a CA
>   + via some sort of out-of-band fingerprint exchange
> - The peers don't have validatable certs but want to use SAS/SRP/SASL
> - The peers don't have validatable certs and don't want to bother to
>   check them at this time (the common use case, I suspect)

Sounds good to me.

> At least one natural UI here, then, is to let the certificate/key exchange
> proceed and then prompt the user for whether they want to check the
> peer's identity via some out-of-band channel. If they do, then you
> prompt them with the SAS or ask for the SRP/SASL password and do
> a rehandshake. If they don't you proceed. It's not clear to me it's a
> virtue to jump right to SRP if you don't expect to be able to validate
> certificates, and of course this isn't really possible with SASL,
> since you need to do TLS first, and if you want to do SAS, you can
> *always* try to compute it...

I'm not sure I want to re-handshake all the time but given the three
choices we can ask the user in advance. Using my XEP proposal both
peers know after the initiator sent the starttls if there are any
changes to complete the handshake with verification. Back to the
choices:

1. The receiver (it is its turn) knows if it can complete the
   handshake ith a verification either using X.509 or OpenPGP. It
   continues with that without bothering the user.

2. The receiver knows that certificates or OpenPGP won't work. An UI
   pops up asking the user what to do: SRP because they have a secret
   or continue with later verification or cancel keeping the channel
   unverified.

To give the initiator the same choices it has to send all the offers
back and needs to add if that will work. Like:

<offer>
  <x509 fingerprint="receiver-fingerprint" secure="no"/>
  <openpgp fingerprint="receiver-fingerprint"/>
  </srp>
</offer>

This gives the initiator the choice to also have the three choices.


Dirk

-- 
This is the Time Travelling Agency's answering machine. We're closed
right now but leave a message before the beep and we might have called
you back.


More information about the Security mailing list