On Wed Feb 11 15:06:44 2009, Eric Rescorla wrote:
It's worth observing that if you're really going to standardize on
one
news password
based mechanism, it would be more efficient to simply use TLS-PSK or
TLS-SRP. The
rationale for channel bindings is to retain some existing
application level auth
infrastructure.
I suspect that disagreeing with Ekr isn't going to be good for my
health, but...
I'm not sure SRP or PSK makes as much sense to us, from a
deployment/marketing perspective mostly, although with some weak
technical arguments too.
The idea is that the channel binding is actually used one-time to
verify self-signed certificates, which are subsequently used as-is
for authentication. Essentially, we're slightly repurposing the
techology - it's about getting the same outcome as when a SASL
mechanism does it on a TLS-protected C2S link, still, but in a
different sense.
So you'd use the channel binding process typically once per pair of
endpoints, whereas the self-signed certificates would be used many
times - indeed, I'm thinking that the XMPP basis for secure identity
becomes those X.509 certificates.
So it's not so much to retain the existing application level
infrastructure, but to provide a common authentication infrastructure
between many cases, proven by channel binding.
It was my impression that although we could achieve something similar
using SRP or PSK:
a) The perceived risk of IPR is such that SRP in particular appears
to have reduced deployment, and I have concerns that it'd impact
availability.
b) It's done inline in the data flow, meaning that traditional data
flows need to cease during it.
c) We hope to use SCRAM as a C2S authentication mechanism in SASL
anyway, so we're expecting support to become commonplace.
d) I'm frankly not sure I've grasped how the SRP/PSK-to-X.509 dance
works, and at the risk of sounding really arrogant, I'm worried that
might mean few people within the XMPP community grasp it either.
Is there anything I'm missing that rules out using a channel binding
method for proving the endpoints own a particular certificate?
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
