[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on CRACK



In message <199910262024.NAA16410@ha1mpk-mail.eng.sun.com>, Vipul Gupta writes:
> 
> > In message <3815F49E.BFABF7C9@cisco.com>, Roy Pereira writes:
> > 
> > > 
> > > Let me ask everyone who is interested;  How do we support existing
> > > legacy user authentication within IKE without using a PKI ?
> > 
> > With a protocol that lets the customer download an encrypted private key/
> > certificate pair from a server, followed by ordinary IKE.
> > 
> > 		--Steve Bellovin
> > 
> 
>   A perfect lead-in for what I've been thinking about for some time
>   now :-)
>   
>   How about using an HTML forms based interaction over HTTPS between
>   a webserver and a user to accomplish what you state.

(details elided)

Yup, that will work, though I had something more elegant in mind, along the 
lines of the Kaufman/Perlman protocol described at the last NDSS.  If nothing 
else, I'd rather that the server didn't have any plaintext-equivalent copies 
of the user's private key lying around.

That said, it's quite likely that a more elegant protocol can fit into the 
structure you describe, especially since a browser plug-in may be needed 
anyway, to stash the keys in a useful place.

		--Steve Bellovin