RE: TLS Based on SRP

DJ Browne Sun, 11 Mar 2001 20:10:46 -0800
Hi Tom,

  very clever to bridge from the TLS negotiation to the SRP negotiation.
this isn't part of any spec/draft that I remember reading so far, have I
missed that somewhere?

 My real concern is that there may be some problem using User authentication
material (name/passwd) for generating shared secret material for the secured
TLS session.  This is really just a hunch or gut feeling that security is
somehow lessened by basing it on such a small amount of secret data
(name/passwd).  I know that SRP uses random data and both sides generate
some data for the session that will be cleanly destroyed.  I just help
thinking that this becomes less secure (though really nice and easy for use
and development and admin!) than using a client key pair.  Am I way off
base?


Later,
dj

ps...so when SRP appears in a ciphersuite the telnet can the assume that the
user has been authenticated properly just by virtue of there being a secured
channel (a la TLS) - at that point the user can just be logged right in - is
that correct?  very cool.... Kerberos allows auth as one name and login as
another account...that seems like it might be possible here too...I really
liked that feature. :)


--
Derek J. Browne
[EMAIL PROTECTED]


::-----Original Message-----
::From: [EMAIL PROTECTED]
::[mailto:[EMAIL PROTECTED]]On Behalf Of Tom Wu
::Sent: Sunday, March 11, 2001 11:15 PM
::To: Dj Browne
::Cc: [EMAIL PROTECTED]
::Subject: Re: TLS Based on SRP
::
::
::Dj Browne wrote:
::>
::> Also Excellent!  Would this be more along the lines of adding it at the
::> application layer (telnet)?
::>
::>  Rather than tying this to a particular app protocol I would
::love to see it
::> at the TLS layer so that it generates the pre-master secret directly.
::>
::>   When I was thinking about this a while ago I considered doing the SRP
::> seperate from TLS and then using it to do crypto seperately in
::a bulk way
::> and not relying on TLS.  Is there any strong feeling one way or the
::> other?  I personally like the work Mr. Taylor has done as a
::starting point.
::
::Currently, Telnet over TLS (START_TLS) supports SRP by doing a
::"conventional" (server-cert-based or anonymous) TLS session handshake
::after the START_TLS option is negotiated, and then doing SRP
::authentication via the Telnet AUTH option.  The SRP negotiation
::incorporates the TLS finished messages into its own handshake, to
::prevent MITM attacks against the TLS session, if it was anonymous or if
::the server cert was not trusted.
::
::Once SRP is supported natively as TLS ciphersuites, I will add support
::to SRP telnet/telnetd to support the use of these ciphersuites to
::identify/authenticate the user directly (similar to Kerberos V5), as
::opposed to the current approach of doing SRP separately inside a TLS
::session.
::
::I agree with you that native ciphersuite support inside TLS and OpenSSL
::is a Good Thing, since it doesn't require each app/protocol to
::incorporate subsequent SRP authentication support in its own
::app/protocol-specific way.  It also provides a nice one-stop-shopping
::solution for developers who want secure password authentication plus
::transport security for their applications.
::
::Tom
::
::> Later,
::> dj
::>
::> On Sun, 11 Mar 2001, Tom Wu wrote:
::>
::> :Jeffrey Altman wrote:
::> :>
::> :> >
::> :> > hi,
::> :> >
::> :> >   I recently found an IETF draft written by David Taylor
::that proposes the
::> :> > addition of a new ciphersuite.
::> :> >
::> :> > >A URL for this Internet-Draft is:
::> :> > >http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt
::> :> >
::> :> >
::> :> > Has this thought come across the OpenSSL To Do list?  Is
::there any comment
::> :> > on this draft?
::> :> >
::> :>
::> :> Its on my to do list.
::> :
::> :I will be doing integration work with START_TLS+SRP telnet/telnetd and
::> :doing interoperability testing.
::> :
::> :>  Jeffrey Altman * Sr.Software Designer      C-Kermit 7.1
::Alpha available
::> :>  The Kermit Project @ Columbia University   includes Secure
::Telnet and FTP
::> :>  http://www.kermit-project.org/             using Kerberos, SRP, and
::> :>  [EMAIL PROTECTED]          OpenSSL.  SSH
::soon to follow.
::> :>
::______________________________________________________________________
::> :> OpenSSL Project
http://www.openssl.org
> :> Development Mailing List                       [EMAIL PROTECTED]
> :> Automated List Manager                           [EMAIL PROTECTED]
> :
> :

--
Tom Wu
Principal Software Engineer
Arcot Systems
(408) 969-6124
"The Borg?  Sounds Swedish..."
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
RE: TLS Based on SRP

Reply via email to
