Re: [Cfrg] Beginning discussion on secure password-only authentication for IKEv2
Yoav Nir <ynir <at> checkpoint.com>
2010-03-04 22:44:50 GMT
Explaining a joke spoils all the fun, but here goes:
It's not like PKI is working out better for user authentication.
And password-in-https-form is also vulnerable to online dictionary attacks.
Now if they were using TLS-EAP....
But that, of course, suffers from excessive layering.
From: ipsec-bounces <at> ietf.org [ipsec-bounces <at> ietf.org] On Behalf Of Yaron Sheffer [yaronf <at> checkpoint.com]
Sent: Thursday, March 04, 2010 22:05
To: Blumenthal, Uri - 0662 - MITLL; 'pgut001 <at> cs.auckland.ac.nz'
Cc: 'ipsec <at> ietf.org'; 'cfrg <at> irtf.org'
Subject: Re: [IPsec] [Cfrg] Beginning discussion on secure password-only authentication for IKEv2
Can someone please explain the joke to me? Nelson was asked about TLS-PSK (RFC 4279) and he replied that it
can easily be abused. TLS-PSK (similarly to IKE-PSK) is vulnerable to dictionary attacks if used with a
short secret (a.k.a. "password"), at least in the presence of an active attacker. So I think his response
was entirely appropriate. What am I missing?
> -----Original Message-----
> From: ipsec-bounces <at> ietf.org [mailto:ipsec-bounces <at> ietf.org] On Behalf
> Of Blumenthal, Uri - 0662 - MITLL
> Sent: Thursday, March 04, 2010 19:09
> To: 'pgut001 <at> cs.auckland.ac.nz'
> Cc: 'ipsec <at> ietf.org'; 'cfrg <at> irtf.org'
> Subject: Re: [IPsec] [Cfrg] Beginning discussion on secure password-
> only authentication for IKEv2
> Well, during my long and fruitful career I've come across many asinine
> statements - but this pearl from your collection outshines mine! Indeed
> "straight from the horse's" (or in the context - "mule's"?) mouth (no
> offense meant to those wonderful equestrians).
> I'm struck speechless (which is unusual, as anybody who knows me would
> confirm .
> ----- Original Message -----
> From: pgut001 <pgut001 <at> wintermute02.cs.auckland.ac.nz>
> To: pgut001 <at> cs.auckland.ac.nz <pgut001 <at> cs.auckland.ac.nz>; Blumenthal,
> Uri - 0662 - MITLL
> Cc: cfrg <at> irtf.org <cfrg <at> irtf.org>; ipsec <at> ietf.org <ipsec <at> ietf.org>
> Sent: Wed Mar 03 18:20:53 2010
> Subject: Re: [Cfrg] [IPsec] Beginning discussion on secure password-
> only authentication for IKEv2
> "Blumenthal, Uri - 0662 - MITLL" <uri <at> ll.mit.edu> writes:
> >On the vendor side - perhaps EKE patent concern was the cause (you
> >implement/sell free SRP and get slapped with EKE licensing)? And the
> >found alternative solutions in the meanwhile?
> Nope. It's been supported in OpenSSL since 0.9.9, but not in any
> The reason for not supporting it in Firefox is so astonishingly
> that I'll quote the original message to make sure that it's straight
> from the
> horse's mouth ("PSK cipher suites" = non-patent-encumbered EKE in TLS-
> -- Snip --
> Subject: Re: NSS implementation of TLS-PSK/ RFC 4279
> Date: Tue, 14 Oct 2008 14:01:10 -0700
> From: Nelson B Bolyard <nelson <at> bolyard.me>
> Reply-To: mozilla's crypto code discussion list
> <dev-tech-crypto <at> lists.mozilla.org>
> jengler <at> berkeley.edu wrote, On 2008-10-14 13:52 PDT:
> > I was wondering if implementation of TLS-PSK (RFC 4279) is currently
> > development. I do not see it in the current NSS source or roadmap.
> > you for any help.
> > -John Engler
> No. There are no plans to include any PSK cipher suites in NSS.
> Because of the enormous potential for PSK cipher suites to be
> misused by application developers, there is strong resistance to
> incorporating them into NSS.
> -- Snip --
> As for Microsoft, Opera, etc who knows? (If you work on, or have
> worked on,
> any of these browsers, I'd like to hear more about why it hasn't been
> considered). I think it'll be a combination of two factors:
> 1. Everyone knows that passwords are insecure so it's not worth trying
> to do
> anything with them.
> 2. If you add failsafe mutual authentication via EKE to browsers, CAs
> entirely redundant.
> So the browser vendors' approach is to ignore EKE and keep on waiting
> for PKI
> to start working, forever if necessary. "PKI meurt, elle ne se rend
> pas!" .
>  Hat tip to Luther Martin for the quote .
> IPsec mailing list
> IPsec <at> ietf.org
> Scanned by Check Point Total Security Gateway.
IPsec mailing list
IPsec <at> ietf.org
Scanned by Check Point Total Security Gateway.