Can someone please explain the joke to me? Nelson was asked about TLS-PSK (RFC
4279) and he replied that it can easily be abused. TLS-PSK (similarly to
IKE-PSK) is vulnerable to dictionary attacks if used with a short secret
(a.k.a. "password"), at least in the presence of an active attacker. So I think
his response was entirely appropriate. What am I missing?
Thanks,
Yaron
> -----Original Message-----
> From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
> Of Blumenthal, Uri - 0662 - MITLL
> Sent: Thursday, March 04, 2010 19:09
> To: 'pgut...@cs.auckland.ac.nz'
> Cc: 'ipsec@ietf.org'; 'c...@irtf.org'
> Subject: Re: [IPsec] [Cfrg] Beginning discussion on secure password-
> only authentication for IKEv2
>
> Well, during my long and fruitful career I've come across many asinine
> statements - but this pearl from your collection outshines mine! Indeed
> "straight from the horse's" (or in the context - "mule's"?) mouth (no
> offense meant to those wonderful equestrians).
>
> I'm struck speechless (which is unusual, as anybody who knows me would
> confirm :-).
>
> Regards,
> Uri
>
> ----- Original Message -----
> From: pgut001 <pgut...@wintermute02.cs.auckland.ac.nz>
> To: pgut...@cs.auckland.ac.nz <pgut...@cs.auckland.ac.nz>; Blumenthal,
> Uri - 0662 - MITLL
> Cc: c...@irtf.org <c...@irtf.org>; ipsec@ietf.org <ipsec@ietf.org>
> Sent: Wed Mar 03 18:20:53 2010
> Subject: Re: [Cfrg] [IPsec] Beginning discussion on secure password-
> only authentication for IKEv2
>
> "Blumenthal, Uri - 0662 - MITLL" <u...@ll.mit.edu> writes:
>
> >On the vendor side - perhaps EKE patent concern was the cause (you
> >implement/sell free SRP and get slapped with EKE licensing)? And the
> users
> >found alternative solutions in the meanwhile?
>
> Nope. It's been supported in OpenSSL since 0.9.9, but not in any
> browser.
> The reason for not supporting it in Firefox is so astonishingly
> boneheaded
> that I'll quote the original message to make sure that it's straight
> from the
> horse's mouth ("PSK cipher suites" = non-patent-encumbered EKE in TLS-
> talk):
>
> -- Snip --
>
> Subject: Re: NSS implementation of TLS-PSK/ RFC 4279
> Date: Tue, 14 Oct 2008 14:01:10 -0700
> From: Nelson B Bolyard <nel...@bolyard.me>
> Reply-To: mozilla's crypto code discussion list
> <dev-tech-cry...@lists.mozilla.org>
>
> jeng...@berkeley.edu wrote, On 2008-10-14 13:52 PDT:
> > I was wondering if implementation of TLS-PSK (RFC 4279) is currently
> in
> > development. I do not see it in the current NSS source or roadmap.
> Thank
> > you for any help.
> >
> > -John Engler
>
> No. There are no plans to include any PSK cipher suites in NSS.
> Because of the enormous potential for PSK cipher suites to be
> misused by application developers, there is strong resistance to
> incorporating them into NSS.
>
> -- Snip --
>
> As for Microsoft, Opera, etc who knows? (If you work on, or have
> worked on,
> any of these browsers, I'd like to hear more about why it hasn't been
> considered). I think it'll be a combination of two factors:
>
> 1. Everyone knows that passwords are insecure so it's not worth trying
> to do
> anything with them.
>
> 2. If you add failsafe mutual authentication via EKE to browsers, CAs
> become
> entirely redundant.
>
> So the browser vendors' approach is to ignore EKE and keep on waiting
> for PKI
> to start working, forever if necessary. "PKI meurt, elle ne se rend
> pas!" [0].
>
> Peter.
>
> [0] Hat tip to Luther Martin for the quote :-).
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>
> Scanned by Check Point Total Security Gateway.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
