On Fri, 01 Feb 2008 13:29:52 +1300 [EMAIL PROTECTED] (Peter Gutmann) wrote:
> Actually it doesn't even require X.509 certs. TLS-SRP and TLS-PSK > provide mutual authentication of client and server without any use of > X.509. The only problem has been getting vendors to support it, > several smaller implementations support it, it's in the (still > unreleased) OpenSSL 0.99, and the browser vendors don't seem to be > interested at all, which is a pity because the mutual auth (the > server has to prove possession of the shared secret before the client > can connect) would significantly raise the bar for phishing attacks. > > (Anyone have any clout with Firefox or MS? Without significant > browser support it's hard to get any traction, but the browser > vendors are too busy chasing phantoms like EV certs). > The big issue is prompting the user for a password in a way that no one will confuse with a web site doing so. Given all the effort that's been put into making Javascript more and more powerful, and given things like picture-in-picture attacks, I'm not optimistic. It might have been the right thing, once upon a time, but the horse may be too far out of the barn by now to make it worthwhile closing the barn door. --Steve Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]