[Security] PGP (XEP-0027)

Simon Josefsson simon at josefsson.org
Wed Jun 3 05:35:48 CDT 2009


Dirk Meyer <dmeyer at tzi.de> writes:

> Yes. That is some sort of problem. Another idea would be to use
> something else inside 'security-info' to verify the certificates after
> the TLS handshake if they are not known. This requires some sort of
> channel bindings. The good idea to use the TLS Finished messages have
> the same problem as SRP since it requires support in the TLS lib. A
> different idea is to use the certificates in the channel binding
> process: password = sha1(cert1 + cert2 + user password)
>
> It is possible to use SRP outside TLS for the channel bindings. As
> already pointed out, my understanding is that SCRAM is not secure and
> the client in the role of the TLS server can run a dictionary
> attack. What we need it a channel binding SASL method based on SRP.

Time to restart this document, perhaps?

http://www.melnikov.ca/mel/Drafts/draft-burdis-cat-srp-sasl-07.txt

I would replace the security layer with a channel binding to TLS,
though.

/Simon


More information about the Security mailing list