On Tue, 30 Aug 2005, Peter Gutmann wrote:
- A non-spoofable means of password entry that only applies for TLS-PSK passwords. In other words, something where a fake site can't trick the user into revealing a TLS-PSK key.
This sounds like a solution replete with all the problems that passwords have had all along: users choosing bad ones, using the same ones for different sites, never changing them, servers getting hacked (disclosing the probably-shared passwords of thousands of users), etc. ad nauseum...
The last threat is particularly pertainent because it appears there is a requirement for servers to retain the PSK in cleartext. (To be fair, the draft does RECOMMENDED that implementations provide a way to generate random PSKs, but this has been recommeded for passwords in general for decades, to little effect.)
Given the complete lack of good password management practice in the vast majority of websites, what will make them start doing things right with TLS-PSK?
Maybe some of this could be solved with a good UI in the web browser (e.g. by treating the PSK as a key rather than a password), but arm-waving about UI refinements applies to improving certificate handling too.
-d --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
