draft-josefsson-password-auth-00.txt
Nicolas Williams
Nicolas.Williams at sun.com
Thu Mar 29 18:17:01 CEST 2007
On Thu, Mar 29, 2007 at 06:08:33PM +0200, Martin Rex wrote:
> Nicolas Williams wrote:
> >
> > On Thu, Mar 29, 2007 at 04:28:30PM +0200, Martin Rex wrote:
> > > Most challenge-response protocols perform a unidirectional
> > > authentication of the client/initiator to the server/acceptor only,
> > > and for those the authentication scheme usually does not have
> > > a name for the acceptor.
> >
> > Understood. Perhaps then what I should have said is that when mutual
> > authentication is requested then the password should be salted with the
> > acceptor name.
>
> At first glance I think it should be OK if some kind of channel bindings
> are included in (hashed into) the challenge-response exchange.
Certainly, provided any are available.
Last week Kurt proposed a mechanism that requires channel bindings, and
called it YAP (yet another ...).
It works in just one round-trip (in addition to however many the secure
channel required to establish) because the channel binding acts as the
server challenge (provided the channel binding is unique in time, else
there's a replay attack).
Nico
--
More information about the Password-auth
mailing list