"James A. Donald" <[EMAIL PROTECTED]> writes: >From: [EMAIL PROTECTED] (Peter Gutmann) >> TLS-PSK fixes this problem by providing mutual >> authentication of client and server as part of the key >> exchange. Both sides demonstrate proof-of- possession >> of the password (without actually communicating the >> password), if either side fails to do this then the >> TLS handshake fails. Its only downside is that it >> isn't widely supported yet, it's only just been added >> to OpenSSL, and who knows when it'll appear in >> Windows/MSIE, Mozilla, Konqueror, Safari, > >This will take out 90% of phishing spam, when widely adopted.
And that's it's killer feature: Although you can still be duped into handing out your password to a fake site, you simply cannot connect securely without prior mutual authentication of client and server if TLS-PSK is used. What'd be necessary in conjunction with this is two small changes to the browser UI: - Another type of secure-connect indicator (maybe light blue or light green in the URL bar instead of the current yellow) to show that it's a mutually authenticated connection, along with a "Why is this green?" tooltip for it. - A non-spoofable means of password entry that only applies for TLS-PSK passwords. In other words, something where a fake site can't trick the user into revealing a TLS-PSK key. Anyone know how to communicate this to the Mozilla guys? The only mechanism I'm aware of is bugzilla, which doesn't seem very useful for this kind of request. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]