>>>>> "Eliot" == Eliot Lear <[EMAIL PROTECTED]> writes:
Eliot> Sam,
Eliot> I understand your objection to the solution depending on smart cards,
Eliot> but I think it still MUST support some form of external
authentication
Eliot> component - not just X.509 based smart cards. For one, a substantial
Eliot> threat is the computer itself. If it is compromised one way to
prevent
Eliot> access to services is by requiring such an external authentication.
Eliot> These cards also provide a trusted UI and should be listed as a
Eliot> possibility in your next section.
Many X.509 smart cards have no UI at all. I agree smart cards need to
be supported. The goal of 4.1 is to say that we must support
passwords and that solutions that only work with smart cards are not
sufficient.
Eliot> Furthermore, in section 4.5, (1) simply having X.509 server
certificates
Eliot> is not sufficient defense due to iDNS (homoglyphic?) attacks and the
Eliot> like. I think there is no perfect way to accomplish 4.5.
Server certs are not sufficient for humans to verify for the reasons you site.
However if a name is included in another protocol message then the binding
between that name and the server cert can be secured.
I think it is quite possible to accomplish 4.5 in the case where you
have an existing relationship with a site based on shared secrets.
Eliot> Section 4.6 assumes that there is a third party identity provider.
This
Eliot> needn't be the case, but if it is, it is sufficient to have a name, a
Eliot> nonce, and a public/private key pair, is it not?
Please restarte; I don't understand what you are getting at.
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
