On Wed Mar 4 15:17:33 2009, Eric Rescorla wrote:
With that said, it's quite straightforward to build such a system
usng
information
provided by nearly any TLS library: cryptographically bind the
passphrase/PIN
to the certificates exchanged by either side. Of course, this
entails running
the authentication exchange in the application layer which is a
pain since
TLS already has one, but...
TLS has one defined, and we also have SASL, which we can't use for
much the same reasons, annoyingly. It's not too bad, though, we do
always have a signalling layer available, at least.
So, you're thinking of something like:
0) Initiator and Responder agree on key out of band, or via mutual
knowledge.
1) Initiator sends InitiatorNonce, list of Hash functions.
2) Responder sends InitiatorNonce, ResponderNonce, Hash function and
HMAC(key, InitiatorNonce + ResponderNonce + list of Hash functions +
InitiatorCertificate + ResponderCertificate)
3) Initiator sends ResponderNone, InitiatorNonce, Hash function and
HMAC(key, ResponderNonde + InitiatorNonce + list of Hash functions +
ResponderCertificate + InitiatorCertificate)
Is that safe to run over the XMPP layer unprotected? It looks it to
me, but I'm hardly an expert...
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
