[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comments on CRACK
In message <199910262024.NAA16410@ha1mpk-mail.eng.sun.com>, Vipul Gupta writes:
>
> > In message <3815F49E.BFABF7C9@cisco.com>, Roy Pereira writes:
> >
> > >
> > > Let me ask everyone who is interested; How do we support existing
> > > legacy user authentication within IKE without using a PKI ?
> >
> > With a protocol that lets the customer download an encrypted private key/
> > certificate pair from a server, followed by ordinary IKE.
> >
> > --Steve Bellovin
> >
>
> A perfect lead-in for what I've been thinking about for some time
> now :-)
>
> How about using an HTML forms based interaction over HTTPS between
> a webserver and a user to accomplish what you state.
(details elided)
Yup, that will work, though I had something more elegant in mind, along the
lines of the Kaufman/Perlman protocol described at the last NDSS. If nothing
else, I'd rather that the server didn't have any plaintext-equivalent copies
of the user's private key lying around.
That said, it's quite likely that a more elegant protocol can fit into the
structure you describe, especially since a browser plug-in may be needed
anyway, to stash the keys in a useful place.
--Steve Bellovin