On Mon, April 4, 2016 10:46 am, Phil Lello wrote: >> >> >> Usually what happens is the server generates a self-signed >> certificate >> >> and the apps are given some "username" and "password" and the app >> >> ignores the unauthenticated nature of the TLS connection and sends >> >> the u/p credential on through. >> > >> > Isn't this use case more of an argument for an updated auth-digest to >> use >> > something better than MD5? I'm not convinced MITM is a real concern >> for a >> > typical IoT environment (however that's defined - I'm assuming http in >> a >> > domestic environment). >> >> First of all, what makes you think it's MD5 digest and not just >> plaintext? And updated by whom? These are ad hoc constructions done >> because the alternative is too onerous. >> > > I didn't say that. I was suggesting using a standard HTTP digest mechanism > rather than sending a plaintext username/password. The IETF has already > updated HTTP digest, so there's no work. > >> >> As someone who has stolen wi-fi from the apt next door that was >> protected by a PSK I would say that doing a dictionary attack in >> a "domestic environment" is entirely plausible. If I have to do a >> soft AP advertising the neighbor's SSID in order to lure a set-top >> box or thermostat or whatever to connect to me then that's a very >> low bar. >> > > Whilst you have my sympathy, I don't see how that's relevant; a dictionary > attack can be used just as easily against a TLS protected resource. > Securing the WiFi configuration so that devices connect to the correct one > is not a TLS issue.
I'm not asking for sympathy. I'm pointing out that your proposal does not work. Mentioning the ease at which one can launch a dictionary attack (regardless of the protocol) is relevant because you're proposing to use a technique that is susceptible to dictionary attack (presumably, but not necessarily, after misusing a certificate). As I mentioned, to support this kind of use case I favor using a TLS cipher suite that supports a PAKE (draft-ietf-tls-pwd-07, for example). Using such a cipher suite would mean that a dictionary attack cannot "be used just as easily against a TLS protected resource." regards, Dan. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
