John Ioannidis: I have to interrupt here and be even more offensive than usual. But you are using the worst rackets in industry as a justification for what you’re doing. There are all sorts of people just generating garbage protocols, a couple of which you have already mentioned here. We’re trying to reverse their work, whereas you’re trying to advocate we use all these garbage protocols. Reply: I’m not saying that. I’m saying that something is wrong here. You are trying to do the right thing but you are going about it the wrong way. The reality is that people are going to use existing credentials because they obtained them at great expense, and they want to reuse them. I’m not justifying it. Bruce Christianson: I think he’s going to come up with a very good new reason why this is a bad thing to do, in which case it’s more ammunition for you JI, or he’s going to show that the reasons for which we usually think it’s bad are wrong, in which case we’re going to have to change our position anyway. Either way you should let him go on for a bit. Reply: The most common use of this kind of authentication through the tunnel is essentially to guide the application inside. I guess actually the authentication was not intended as a general framework but it’s being used as one. So the PAP was supposed to be used running EAP, AKA inside that, while sending a random challenge. Since this is an authenticator tunnel, anybody could make that, including the man in the middle. The man in the middle is sent a random challenge and authenticated, he could turn around, pretend to be a server network and get the client to send a response. Notice that the client thinks that it’s his own network server, and instead he does mutual authentication. And at this point he goes back and the client has been authenticated to send these keys to the NAS and that would leave the man in the middle with a stolen key. Ross Anderson: But surely this attack would not work if the certificates that people use from TLS actually worked?Reply: The man in the middle is not pretending to be a TLS server, he’s pretending to be a server network. So the server network has it’s own usual authentication but this is effectively defeating that.
展开▼
机译:John Ioannidis:我必须在这里打断,比平常更令人反感。但是你正在使用最糟糕的球拍作为你正在做的事情的理由。有各种各样的人刚刚生成垃圾协议,其中一对你已经提到过的几个。我们正在努力扭转他们的工作,而您正在尝试提倡我们使用所有这些垃圾协议。回复:我不是在这么说的。我说这里有问题。你正试图做正确的事情,但你正在错误的方式。现实是人们将使用现有的凭据,因为他们以巨大的费用获得了它们,他们希望重用它们。我不是在证明它。布鲁斯·克里斯蒂安森:我认为他会拿出一个很好的新的理由,为什么这是一个坏的事情,在这种情况下,它更多的弹药为您JI,或者他要证明的原因,即我们通常认为这是坏错误,在这种情况下,我们将不管怎样要改变我们的位置。无论哪种方式你应该让他稍等一下。回复:通过隧道最常用这种认证的使用基本上是为了引导内部的应用程序。我猜实际上,身份验证并不是作为一般框架,但它被用作一个。因此,PAP应该使用在运行EAP中,即发送随机挑战。由于这是一个认证者隧道,任何人都可以这样做,包括中间的男人。中间的男人被发送了一个随机挑战和经过身份验证,他可以转身,假装是服务器网络并让客户端发送响应。请注意,客户认为这是他自己的网络服务器,而是他做了相互身份验证。此时,他返回并经过身份验证,以将这些钥匙发送给NAS,并将中间的人带有被盗的钥匙。 Ross Anderson:如果证书从TLS使用实际工作的证书,这次攻击肯定会不起作用?回复:中间的男人没有假装是一个TLS服务器,他假装是一个服务器网络。因此,服务器网络具有自己的通常认证,但这有效地击败了这一点。
展开▼
