On Mon, Feb 15, 2016 at 4:33 PM, Robert Cragie <robert.cra...@gridmerge.com> wrote:
> In Thread, it is used for local device authentication and authorisation. > These use cases clearly benefit from a PAKE, i.e. getting deriving a shared > cryptographic from a weaker shared password. > The better way to solve this problem is a device-specific "keychain", which possibly loops in some sort of secure enclave for decrypting secrets, and can authorize secret decryption based on the requesting app, derive a strong master secret from a weak password/pin (possibly using a PUF for anti-tamper). This is becoming a standard feature of the OSes on most devices humans actually physically interact with, e.g. most smartphones, tablets, and any OS you'd find on a laptop. If you have this sort of keychain system, you can provision secrets on-the-fly, e.g. origin-bound certificates. Now you don't need PAKE.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
