Pre-shared keys and SSL/TLS
When I use SSH to contact remote sites I can install a pre-shared key on the target computer that lets me login. Is it possible to use such pre-shared keys with a browser and SSL/TLS? For example, a website could issue keys only to approved users. I realise one can tunnel through SSH but a direct method would be simpler.
The advantage would be that the browser could only connect to the remote site if a PSK had been issued, and that no MITM attack would be possible.
Keeping the PSK safe would of course be of great importance and perhaps beyond the capability of the average computer or user, but the concept seems sound. Any thoughts?
You can configure IIS to require client certificates, so the client authenticates with the server using PKI. No certificate, no connection.
Not sure how you'd do it with other servers.
Thanks - I hadn't come across that. From what I have read, client certificates are an improvement. But they rely upon trust already having been established in-band, in order to create the client-side cert. If there is a MITM when the cert is created, they provide no protection.