SSL/TLS - am I doing it right?

[Sybren Stuvel]

Michael Ekstrand enlightened us with:
> clients aren't expected to have their own certificates. I think that
> the only time you really need the clients to have certificates is
> when the certificate *is* your authentication (e.g., in OpenVPN).

Fact remains that a strong certificate is much more secure than
letting people choose their own passwords.

> Likewise, SSH does not verify client certificates (unless you're
> using PKA, but that's different).

PKA is the more secure one, IIRC.

> Since the password is your authentication, I don't see any reason
> why the client verifying the server's certificate against its "known
> good" fingerprint, and then providing username/password as its
> credentials, is any less secure than SSH with
> password/keyboard-interactive.

Again, IIRC having properly used certificates is more secure than
using passwords. For instance, even if the encryption is broken and
the unencrypted text can be read, certificates still can't be misused
for authentication, since the private key is never sent. Passwords on
the other hand will be immediately useless.

> Sure, maybe not quite as secure as SSH w/ public key auth, but it's
> good enough for a lot of stuff.

It's too weak for a lot of stuff either.

Sybren
-- 
The problem with the world is stupidity. Not saying there should be a
capital punishment for stupidity, but why don't we just take the
safety labels off of everything and let the problem solve itself? 
                                             Frank Zappa