ietf
[Top] [All Lists]

Re: Symptoms vs. Causes

2007-09-12 07:44:31
At Wed, 12 Sep 2007 16:32:34 +0200,
Eliot Lear wrote:

Eric Rescorla wrote:
None of the systems I mentioned (TLS-PSK, SRP, PwdHash) has this
problem--provided that the user actually uses the new authentication
method and doesn't type his password into some Web form. But of 
course that's a UI problem, not a protocol problem.
  
As I wrote, the problem is in both places. For one thing, TLS-PSK, SRP, 
and PwdHash all have the problem that they require some sort of secure 
interface on what is generally an insecure platform.

Yes, but this is not a protocol problem, it's a UI problem--an unsolved
one, I might add, but not an issue for the IETF.


What is needed is 
a way to modularize and isolate those authentication transactions.  Sam 
claims it can be done in software - fine.  What is the communication 
path to and from?  What's the architecture?

Each of these approaches has a fairly obvious architecture. In fact,
Digest, which I forgot to mention in my previous message,
already has a pre-existing architecture, and PwdHash works with
the existing architecture.

-Ekr


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>