Re: New work for sacred working group?

[Stephen Farrell <stephen.farrell@xxxxxxxxx>]

Peter,

Peter Gutmann wrote:

> Simon Josefsson <jas@xxxxxxxxxxx> writes:
>
>
> > Which unencumbered alternatives are you thinking of?
>
> TLS-PSK.

Haven't read that (not yet an RFC btw) myself, but I now plan
to do so.

I guess I'd have to question the "equivalence" part here since
tls-psk-09 [1] says:

"  It is also possible to use the SRP (Secure Remote Password)
   ciphersuites for shared secret authentication [SRP].  SRP was
   designed to be used with passwords, and incorporates protection
   against dictionary attacks. "

So I would guess that for sacred, TLS-PSK isn't an unencumbered
equivalent since offline dictionary attacks are a high priority
here. Or am I misreading something?

Stephen.

[1] http://www.ietf.org/internet-drafts/draft-ietf-tls-psk-09.txt

> > Anything beyond TLS+PLAIN seem to me be either surrounded with IPR concerns
> > (SPEKE, SRP); or incredible poorly designed and implemented (DIGEST-MD5); or
> > deprecated (CRAM-MD5); or too complex to allow a reasonable implementations
> > (X.509, CMS); or too experimental (TLS PSK); or burdened by history
> > (Kerberos), to be applicable.
>
>
> Hmm, I'd hardly call a standards-track TLS RFC "experimental".  Given the
> strong support there is for this from low-powered device vendors, and the fact
> that it's a trivial mod to TLS, I'd hope there'd be good support for this in
> the future.
>
> Peter.