The entire issue depends to some extend also on the communication model
you have in mind.
If you consider an approach that is closer to SAML or OpenID then the
end host interacts with the identity provider directly. If you, however,
focus on something that is close to the AAA model then the end host
interacts with the service provider (who then relays the information it
gets to the identity provider, i.e., AAA server).
In the latter case the mentioned dictionary attack is more important
since you obviously don't want to give your username/password away to an
arbitrary entity. Still, there are obviously a number of solutions
available to provide protection.
Ciao
Hannes
Christian Huitema wrote:
There are a large number of protocol designs--even existing
protocols--which are compatible with the general paradigm of "user U
proves possession of password P to server A without giving A a
credential which can be used to impersonate U to server B".
HTTP Digest, TLS-PSK, SRP, and PwdHash all come to mind. The
difficult parts are:
(1) putting a sensible UI on it--including one that isn't easily
spoofed (see the extensive literature on how hard it is
to build a secure UI.
(2) Getting everyone to agree on one protocol.
Please add:
(3) The chosen solution is immune to dictionary attacks.
-- Christian Huitema
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf