A few comments on the latest revision of the SACRED protocol specification.
2.1.4 Password Change
Perhaps the terminology can be clarified to differentiate the passwords involved; one password may be needed for the authentication/session security method (when SRP-3 is used in this document); the other (2nd) password is used to derive a secret key that provides persistent encryption for the credential per se.
Some have suggested that server implementations may want to ensure the two passwords are always the same (e.g., for user convenience).
From a security standpoint, it would be preferrable that the server
does not need to have access to the credential password -- or at least
the protocol does not require the server to handle the password in it's
plaintext form for change password (or any other) function.
2.1.5 Credential Upload
The current text uses different forms of the Upload request to; add a new credential, update (replace) an existing credential, or delete a credential. This seems like it could lead to confusion when multiple credentials are being accessed from several internet devices.
Client software should be able to allow the user to clearly see/verify
what they are overwriting or deleting (assuming that such decisions are
not always easily reversed).
2.2 Session Security
Allowing clients to support either authentication/session security method (and requiring servers to support both) is a big workability improvement.
This is of paramount importance for SACRED because fitting all needed
functions into memory constrainedROM or firmware-based internet devices
is often way harder than it looks. We may want to add some words
to that effect.
2.4 Handling Multiple Credentials for an Account
Similar comment to 2.1.5.
Should be possible for the user to manage multiple credentials on a
server in a airly controlled fashion.
3.2 Credential Format
The format for xbulk:pkcs-15 may need to be defined in this document
(if/as needed to satisfy current IETF guidelines for referenced standards).
4. BEEP Profile for SACRED
Stephen mentioned recently that SACRED is using BEEP but the XML groups appear to be committed to SOAP and SAML.
Since the transactions defined in this document are very simple (generally, a one message client request with a one message server reply), it's not clear to me how much elegance we need at the session layer other than setting up a security environment to protect the transaction data during network transfer and clearly identifying the data types.
We began with the simple notion of requiring user login via secure password (or equivalent method) to ensure credentials are delivered to the rightful user and no others. I assume we'd strongly prefer to retain that level of functionality and flexibility.
Is BEEP the right direction here?
5. IANA Considerations
... IANA registers the BEEP profile specified in Section 4
...
6. Security Considerations
No mention of the need to limit password guesses via the network.
We really need to mention the different forms of password guessing that
should be limited by servers.