Skip to content
This repository has been archived by the owner on Jun 24, 2021. It is now read-only.

TLS-SRP #349

Open
SoniEx2 opened this issue Jul 7, 2020 · 0 comments
Open

TLS-SRP #349

SoniEx2 opened this issue Jul 7, 2020 · 0 comments

Comments

@SoniEx2
Copy link

SoniEx2 commented Jul 7, 2020

TLS-SRP does the password authentication at the TLS layer, prevents phishing and ignores invalid/outdated PKI certs as they're not relevant for the SRP. It improves UX all around.

I'd like to see TLS-SRP being used to authenticate users, similar to how we can use client certs. TLS-SRP is mainly used by Apple to provide iCloud security. It is by no means perfect, but as far as PAKEs go, it's the only thing we currently have, altho it only works with TLS 1.2. As far as I know there are no approved PAKEs for TLS 1.3 yet but that's not a good reason to delay security features.

I'd like to see PAKEs widely deployed, so they're taken into account in future versions of TLS, rather than being a late addition. Between their anti-phishing capabilities and the fact that they don't rely on PKI, they're awesome!

Also, I am willing to implement it myself, but I'll need help (onboarding) for that.

(OT: yes, I'm that Soni who used to harass the project members. I'm sorry. I don't do that anymore.)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant