On 081014 at 23:45, Ian G wrote: > > No. There are no plans to include any PSK cipher suites in NSS. > > Because of the enormous potential for PSK cipher suites to be misused by > > application developers, there is strong resistance to incorporating them > > into NSS. > > Nelson, I'm fascinated by this: what can PSK have done that would > be so ... misusable?
PSK authentication often expects to have a key with high entropy. This is often not the case when these keys are chosen, entered, or even just transmitted by humans. > People in the apps security field hold out high hopes for TLS-PSK as > a great aid for phishing; it would be a shame of that didn't happen > (not to mention, confusing...) I'm not familiar with TLS-PSK, but a short read tells me that it is not intended for password-authentication and does not provide protection against buteforce/dictionary attacks. The protocol may(i didn't check this, may depend on ciphersuite details) thus even be less secure then normal ssl+http authentication because a simple traffic dump of the key exchange may allow an attacker to offline-bruteforce the user password. The RFC tells people to have a look at SRP for this issue. I agree. :-) /steffen -- Chair for System Security mail: [EMAIL PROTECTED] Ruhr-University Bochum phone: +49 (0)234 32 29177 Key fingerprint = B805 57BE E4AF 0104 CC51 77A1 CE6F 8D46 A04D 7875 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto