-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/3/09 4:35 AM, Simon Josefsson wrote: > Dirk Meyer <[email protected]> writes: > >> Yes. That is some sort of problem. Another idea would be to use >> something else inside 'security-info' to verify the certificates after >> the TLS handshake if they are not known. This requires some sort of >> channel bindings. The good idea to use the TLS Finished messages have >> the same problem as SRP since it requires support in the TLS lib. A >> different idea is to use the certificates in the channel binding >> process: password = sha1(cert1 + cert2 + user password) >> >> It is possible to use SRP outside TLS for the channel bindings. As >> already pointed out, my understanding is that SCRAM is not secure and >> the client in the role of the TLS server can run a dictionary >> attack. What we need it a channel binding SASL method based on SRP. > > Time to restart this document, perhaps? > > http://www.melnikov.ca/mel/Drafts/draft-burdis-cat-srp-sasl-07.txt > > I would replace the security layer with a channel binding to TLS, > though.
Interesting. It's 7 years old, but might be worth restarting. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpL6RcACgkQNL8k5A2w/vxW2QCeKCyAT3y2zsmrmj32C8KnQY5O EewAnj1MkeuWdD7vsRfPO8Pmxx6gOCFk =xMzI -----END PGP SIGNATURE-----
