[security] Gathering requirements for in-browser OpenID support

[Chris Drake]

Hi Joaquin,

Browsers cannot do asymmetric cryptography out of the context of the
site you're visiting, so I think "us doubters" might have a valid
point - unless you want to explain how a "stupid user" sitting in
front of IE7 can use EKE?

If EKE *can* prevent phishers from stealing passwords, how do you
explain that no site anyone has ever heard of is doing this today?

I maintain my position:  MitM is not a protocol problem - it's a
"stupid user" problem.

Kind Regards,
Chris Drake


Wednesday, November 1, 2006, 2:14:33 AM, you wrote:

JM> It may help those doubters if we now briefly explain how EKEaccomplishes a) and b).

>> For the benefit of me andothers reading this thread, can you briefly
>> explain how you would deploy EKE in a browser to defeat MitM?

JM> By ensuring that the man in the middle:

JM> a) Ends up not in the possession of any authenticationcredentials

JM> b) Can neither understand nor usefully modify the conversation they areproxying.


JM> I'm sure everyone understands how an authenticated public
JM> keyaccomplishes a) and b), so there is no need to read on.

JM> Cordially, Joaquin






JM> a) The authentication credentials are encrypted with public
JM> keys, so thatonly the intended recipient can decrypt* them.

JM> b) The conversation is encrypted with public keys, or with a
JM> session keyexchanged using public keys, so that only the intended
JM> recipient canunderstand* and only the sender can modify*.


JM> * yeah, yeah: easily, soon enough to matter.