> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Dirk Meyer > Sent: Thursday, August 21, 2008 12:52 PM > To: XMPP Security > Subject: [Security] TLS-SRP Questions > > Hi, > > I have two questions if I understand RFC 5054 correctly. In our > scenario we have two clients with unverified certificates and a shared > secret we use as password. One acts as TLS client, the other as TLS > server. Now I want to be sure that not only the TLS server can verify > the client knows the password but also the other way around. Looking > at the RFC I see that the premaster secret is calculated by both > parties using x with x = SHA1(s | SHA1(I | ":" | P)) and P is the > password. The server uses this indirectly by using v and v = g^x % N.
May be a n00b comment, but If we had verifiable certificates (via an IC) the client is given the opportunity to present their certificate. I am not sure how this works, all that I have to go on is that in .net TLS streams there is an event called PresentClientCertificate (or something along those lines). > > Dirk > > -- > PCMCIA - People Can't Memorise Computer Industry Acronyms
