Stephan Neuhaus wrote:
James A. Donald wrote:
[...]
That's because PSKs (as I have understood them) have storage and
management issues that CA certificates don't have, [...]
that the issue of how to exchange PSKs
securely in the first place is left as an exercise for the reader (good
luck!)
See http://www.connotech.com/sakem_index.htm.
Incidentally, TLS-PSK protocol standardization proposals has been around
in the IETF for some time, and it is the mobile telephony development
momentum made it pass the standardization process (e.g. drafts by
Nokia). In the mobile telephony world, the physical distribution of
"subscriber identity mudules" (i.e. integrated circuits with
secret/private keying material) is physically distributed to subscribers.
[...]
( [...] for the secure exchange
of PSKs, which is IMHO unresolvable without changes to the business
workflow). [...]
But the server side? There are many more server applications than there
are different Web browsers, and each one would have to be changed. At
the very least, they'd need an administrative interface to enter and
delete PSKs. That means that supporting PSKs is going to cost the
businesses money (both to change their code and to change their
workflow), money that they'd rather not spend on something that they
probably perceive as the customer's (i.e., not their) problem, namely
phishing.
The incremental operating cost can be resaonable only for organizations
that already incur the *authorization* management overhead.
Fun,
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]