[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Compound authentication "issue"

To: stephen.farrell@xxxxxxxxxxxx
Subject: Re: Compound authentication "issue"
From: Dale Gustafson <degustafson@xxxxxxxxx>
Date: Mon, 02 Dec 2002 21:50:01 -0600
Cc: "Nystrom, Magnus" <magnus@xxxxxxxxxxxxxxx>, Lawrence Greenfield <leg+@xxxxxxxxxxxxxx>, ietf-sacred <ietf-sacred@xxxxxxx>
List-archive: <http://www.imc.org/ietf-sacred/mail-archive/>
List-id: <ietf-sacred.imc.org>
List-unsubscribe: <mailto:ietf-sacred-request@imc.org?body=unsubscribe>
References: <> <>
Sender: owner-ietf-sacred@xxxxxxxxxxxx

Stephen Farrell wrote:

> Great. Since you guys clearly understand this better, can you provide me
> with the said text?
>
> Thanks,
> Stephen.
>
> "Nystrom, Magnus" wrote:
> >
> > I believe you are right Lawrence. In essence, the client's response is a
> > keyed hash of a string of which the digest-uri-value is a part. Since the
> > MITM cannot influence that part, the "sacred" serv-type won't be present
> > when a MITM is active and the true SACRED server won't therefore accept
> > the response (it must not mechanically take the client-provided cleartext
> > digest-uri-value and use that when calculating its version of the response
> > though, but also check that the serv-type IS "sacred" and the name is its
> > own).
> >
> > Assuming this holds I agree, some text in the Security Considerations
> > section seems to be sufficient.

It appears the digest-MD5 mutual-auth. method will be dependent on the lower
layer sTLS server-auth function to protect against middle-man attacks.

For example, if a SACRED client can be tricked into setting up a TLS session
with a fake credential server, then this attacker could relay digest-MD5
messages to/from a real Credential Server and achieve user-authenticated state
by letting the SACRED client do all the digest-MD5 work.  The attacker/MITM must
also manage 2 distinct TLS sessions ...

If that's true, shouldn't the protocol document specify the relationship between
these two inter-dependent protocols (sTLS and digest-MD5)?

Will a SACRED client negotiate a TLS session with the web server for
"https://www.d1.com/...."; then receive a digest-MD5 challenge from realm =
{"sacred/www.d2.com", "sacred/www.d3.com"} ?

> >
> > Thanks,
> > -- Magnus
> >
> > On Wed, 27 Nov 2002, Lawrence Greenfield wrote:
> >
> > >
> > > Upon further consideration, isn't the man-in-the-middle attack
> > > thwarted by the inclusion of "digest-uri-value" in the hash?
> > >
> > > The DIGEST-MD5 client hash includes a client-selected
> > > "digest-uri-value" which in sacred's case will be "sacred/<host>". In
> > > a MITM attack, those values will be something else.
> > >
> > > A MITM attack as described in the WG meeting is thwarted because
> > > digest-uri-value wouldn't match what the sacred server is expecting.
> > >
> > > If it would make people feel better, we can mention this safeguard in
> > > the security considerations section.
> > >
> > > Larry
> > >
>
> --
> ____________________________________________________________
> Stephen Farrell
> Baltimore Technologies,   tel: (direct line) +353 1 881 6716
> 39 Parkgate Street,                     fax: +353 1 881 7000
> Dublin 8.                mailto:stephen.farrell@xxxxxxxxxxxx
> Ireland                             http://www.baltimore.com

References:
- Re: Compound authentication "issue"
  - From: Nystrom, Magnus
- Re: Compound authentication "issue"
  - From: Stephen Farrell

Prev by Date: Re: Compound authentication "issue"
Next by Date: Re: Compound authentication "issue"
Previous by thread: Re: Compound authentication "issue"
Next by thread: RE: Compound authentication "issue"
Index(es):
- Date
- Thread