| Re: What about PSK with TLS and IKEv2? | <– Date –> <– Thread –> |
From: Mohamad Badra (badra enst.fr)
|
|
| Date: Tue, 10 Aug 2004 11:10:34 -0400 (EDT) | |
T. Charles Clancy wrote:
Badra
I agree that some serious IPR are exist with SRP.Doesn't SRP has IP issues? While its licenses are free, there have been claims it infringes on the SPEKE patent. There's also an EAP-SRP, but I believe it's been abandoned.
Not really, I said the server MAY use a certicate (section 2.6). Let me explain something here: the client and the server authenticate each other via the Finished messages. In fact, these Finished messages are computed using keys derived from the PSK XOR premaster secret. So, the server does NOT need a certificate. Now, if we suppose that the client connects to a bogus server, this later will be detectable thank to the Finished message. Instead, I said that the server MAY use a certificate to detecte such attack in the early handshake messages.o [TLS-KeyExchangeMethod] identity protection, PFS, secure
provisioning with a weak key; available at
http://www.infres.enst.fr/~badra/draft-badra-cherkaoui-hajjeh-serhrouchni-tls-key-exchange-00.txt
(I will send it today to IETF secretariat).
Correct me if I'm wrong, but if I'm reading this correctly, the server is
required to have a certificate.
(IMHO, you need an overview section in
this draft that describes in general how your protocol works.)
I said that it extends the TLS with PSK and in the section 2.6. of the draft, the handshake phase is briefly described. But why not, the draft is a -00 version and I can add some text inside :)
Yes, you are right in that. But In [TLS-KeyExchangeMethod], identity protection SHOULD be done without any certificate. However, an asymetric operation is needed. On the other hand, even if you want to use the "no identity proection and no PFS contributions" cited above, you can extend these contributions for EAP authentication or for other use. For example, with a simple pseudonym management mechanism, you can obtain PFS and identity protection using these contributions.One of the advantages of PAX is that a certificate is only used if identity protection or provisioning is being done. The rest of the time, it is purely symmetric.
Badra
- Re: What about PSK with TLS and IKEv2?, (continued)
- Re: What about PSK with TLS and IKEv2? Mohamad Badra, August 7 2004
- Re: What about PSK with TLS and IKEv2? T. Charles Clancy, August 8 2004
- Re: What about PSK with TLS and IKEv2? Mohamad Badra, August 9 2004
- Re: What about PSK with TLS and IKEv2? T. Charles Clancy, August 10 2004
- Re: What about PSK with TLS and IKEv2? Mohamad Badra, August 10 2004
- Re: What about PSK with TLS and IKEv2? Florent Bersani, August 16 2004
- Re: What about PSK with TLS and IKEv2? Mohamad Badra, August 16 2004
Results generated by Tiger Technologies using MHonArc.