| Re: What about PSK with TLS and IKEv2? | <– Date –> <– Thread –> |
From: Mohamad Badra (badra enst.fr)
|
|
| Date: Fri, 13 Aug 2004 05:00:57 -0400 (EDT) | |
T. Charles Clancy wrote:
1.5 RT :)
Correct me if I'm wrong, in the full reauthentication, we authenticate using certificates which is not the case of TLS-PSK.
That is true. But in TLS, the abbreviated handshake is already specified and no text (in TLS1.0) prohibits us from using it for long duration. Again, this may not decrease the security level.
Anyway, the TLS-PSK will soon move forward to proposed through the TLS WG.
Maybe it is the holiday time, but would like to hear comments from people on the mailing list.
--
True, but the TLS resume still requires 2 round trips,
1.5 RT :)
and as much computation as a full reauthentication.
Correct me if I'm wrong, in the full reauthentication, we authenticate using certificates which is not the case of TLS-PSK.
Just because other methods use it doesn't mean it's the right thing to do in the PSK case.
I meant that the TLS-PSK allows us to call back a full TLS sessions... Further, almost all methods use TLS to establish the channel. Where the TLS-PSK will be used instead of full TLS, these methods will be improved a lot (processing time, message flow, MitM attack, etc) and this without decrease the security level. So I think that it is the right think in our case when the majority of EAP methods use TLS.
TLS was designed for public-key environments, and I agree it's probably the right thing to use for public-key authentication.
That is true. But in TLS, the abbreviated handshake is already specified and no text (in TLS1.0) prohibits us from using it for long duration. Again, this may not decrease the security level.
Anyway, the TLS-PSK will soon move forward to proposed through the TLS WG.
We obviously have a difference of opinion, and aren't going to change each others' mind. The pros and cons can be argued from both directions.
Maybe it is the holiday time, but would like to hear comments from people on the mailing list.
--
Mohamad Badra ENST-Paris Dept. Computer Sciences and Networks
- Re: Proposed resolution of issue 251, (continued)
- Re: Proposed resolution of issue 251 Yoshihiro Ohba, August 10 2004
-
Re: Proposed resolution of issue 251 John Vollbrecht, August 10 2004
-
Re: What about PSK with TLS and IKEv2? Mohamad Badra, August 10 2004
- Re: What about PSK with TLS and IKEv2? T. Charles Clancy, August 12 2004
- Re: What about PSK with TLS and IKEv2? Mohamad Badra, August 13 2004
- Re: What about PSK with TLS and IKEv2? T. Charles Clancy, August 15 2004
- RE: What about PSK with TLS and IKEv2? Joseph Salowey, August 16 2004
-
Re: What about PSK with TLS and IKEv2? Mohamad Badra, August 10 2004
-
Re: Proposed resolution of issue 251 Yoshihiro Ohba, August 10 2004
- Re: Proposed resolution of issue 251 Jim Burns, August 10 2004
Results generated by Tiger Technologies using MHonArc.