#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2011
    Posts
    2
    Rep Power
    0

    Pre-shared keys and SSL/TLS


    Hi

    When I use SSH to contact remote sites I can install a pre-shared key on the target computer that lets me login. Is it possible to use such pre-shared keys with a browser and SSL/TLS? For example, a website could issue keys only to approved users. I realise one can tunnel through SSH but a direct method would be simpler.

    The advantage would be that the browser could only connect to the remote site if a PSK had been issued, and that no MITM attack would be possible.

    Keeping the PSK safe would of course be of great importance and perhaps beyond the capability of the average computer or user, but the concept seems sound. Any thoughts?

    Regards
    --
    William
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Feb 2008
    Posts
    601
    Rep Power
    43
    Hi,

    You can configure IIS to require client certificates, so the client authenticates with the server using PKI. No certificate, no connection.

    Not sure how you'd do it with other servers.

    Best regards,
    AstroTux.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2011
    Posts
    2
    Rep Power
    0
    Hi
    Thanks - I hadn't come across that. From what I have read, client certificates are an improvement. But they rely upon trust already having been established in-band, in order to create the client-side cert. If there is a MITM when the cert is created, they provide no protection.
    Regards
    --
    William

IMN logo majestic logo threadwatch logo seochat tools logo