Re: Comment on tls-srp enhancement? - Michael Ströder - org.mozilla.lists.dev-tech-crypto

9 messages in org.mozilla.lists.dev-tech-cryptoRe: Comment on tls-srp enhancement?

From	Sent On	Attachments
Steffen Schulz	Dec 7, 2007 7:43 am
Nelson Bolyard	Dec 7, 2007 4:20 pm
Steffen Schulz	Dec 7, 2007 7:50 pm
Nelson Bolyard	Dec 8, 2007 6:51 pm
Steffen Schulz	Dec 12, 2007 10:34 am
Michael Ströder	Dec 13, 2007 7:26 am
Steffen Schulz	Dec 13, 2007 9:27 am
Nelson Bolyard	Dec 15, 2007 4:48 pm
Steffen Schulz	Dec 16, 2007 1:55 pm

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Re: Comment on tls-srp enhancement?	Actions...
From:	Michael Ströder (mich...@stroeder.com)
Date:	Dec 13, 2007 7:26:42 am
List:	org.mozilla.lists.dev-tech-crypto

Steffen Schulz wrote:

SRP is a great protocol also for authentication against your email provider or WLAN[1] access point. [..] That said, I agree that web-authentication is the major use case for TLS-SRP in NSS.

Hmm, without having looked at tls-srp but from my experience SSL/TLS connections are quite often terminated at a reverse proxy. But the password-based authentication information is passed to an application server beyond that reverse proxy which checks the password by some means.

I guess in case of tls-srp the reverse proxy (as TLS end point) would have also to check the password. This is not what most of my customers deploying reverse proxies want.

Ciao, Michael.

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: