[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: "POP3 SASL Authentication Mechanism" submitted for publication

To: Lisa Dusseault <lisa@xxxxxxxxxxxxxxxxx>, Arnt Gulbrandsen <arnt@xxxxxxxx>
Subject: RE: "POP3 SASL Authentication Mechanism" submitted for publication
From: Paul Leach <paulle@xxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 15 Jan 2007 12:02:10 -0800
Cc: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>, <robsiemb@xxxxxxxxxx>, Abhijit Menon-Sen <ams@xxxxxxxx>, Frank Ellermann <nobody@xxxxxxxxxxxxxxxxx>, <ietf-pop3ext@xxxxxxx>, <ietf-sasl@xxxxxxx>, Simon Josefsson <simon@xxxxxxxxxxxxx>
In-reply-to: <B39CE7B7-98CF-4484-A31A-C175E53D9A74@xxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <FDF696C1-7407-4C60-8D8F-04CC492BE435@xxxxxxxxxxxxxxxxx> <1E59CC0D-7022-4400-BA48-D9D7B427ABEF@xxxxxxxxxxxx> <45A9DFA8.68E4@xxxxxxxxxxxxxxxxx> <20070114105359.GA30833@xxxxxxxxxxxxxxxx> <87k5zpgz7o.fsf@xxxxxxxxxxxxxxxxxxx> <45AB6731.9090906@xxxxxxxxx> <zS/BiUKvu0x5QwxFHJEDcg.md5@xxxxxxxxxxxxxxxxxxx> <B39CE7B7-98CF-4484-A31A-C175E53D9A74@xxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
Thread-index: Acc4z/nD4bmn+NKbTfeUJJ378USc8QADevlA
Thread-topic: "POP3 SASL Authentication Mechanism" submitted for publication

I worry that having TLS+PLAIN be the MTI sends an implicit message that
it is "good enough". I really think that all use of plain text
passwords, even over an encrypted tunnel to a trusted party, should be
discouraged. (At the very least, a stern passage in the security
considerations section is needed.) It is well known that users use the
same password on many different servers, so TLS+PLAIN lets any such
server act as the user to any other server.

CRAM-MD5 to an untrustworthy server lets them mount a chosen plaintext
attack using a precomputed dictionary. (It can choose a constant
challenge.) DIGEST-MD5 lets the client contribute part of the challenge,
thus mitigating this attack. In addition, use of the same password on
different servers does not allow those servers to act as the user. Since
DIGEST-MD5 was the MTI for SASL in LDAP, I don't quite get the
complaints about implementability -- plenty of people did it as a
result.

(PS: I agree that DIGEST-MD5 is ugly -- a much nicer version with all of
its properties could have been designed. At the time when HTTP/1.1 was
being spec'd, it was felt that backwards compatibility was important,
which is where much of the ugliness came from.)

-----Original Message-----
From: owner-ietf-sasl@xxxxxxxxxxxx [mailto:owner-ietf-sasl@xxxxxxxxxxxx]
On Behalf Of Lisa Dusseault
Sent: Monday, January 15, 2007 9:52 AM
To: Arnt Gulbrandsen
Cc: Alexey Melnikov; robsiemb@xxxxxxxxxx; Abhijit Menon-Sen; Frank
Ellermann; ietf-pop3ext@xxxxxxx; ietf-sasl@xxxxxxx; Simon Josefsson
Subject: Re: "POP3 SASL Authentication Mechanism" submitted for
publication

I think we might have rough consensus around TLS+PLAIN as the  
"Mandatory to Implement" mechanism.  Note that
having a single "MTI" mechanism still allows people to implement and  
use additional mechanisms.  It also allows administrators to decide  
that TLS+PLAIN is not good enough for their site policy and disable  
it,  even though their server software supports it as required.

Since there's not an official WG to poll, I'm basing this conclusion  
on a handful of private comments on this draft as well as messages to  
this list.  If anybody wants to add their voice, please do so.

thx,
Lisa

On Jan 15, 2007, at 4:05 AM, Arnt Gulbrandsen wrote:

> Alexey Melnikov writes:
>> Simon Josefsson wrote:
>>> and TLS+CRAM-MD5
>>
>> This doesn't give anything over TLS+PLAIN and also doesn't support  
>> authorization identity.
>> I am against this choice.
>
> TLS+CRAM-MD5 doesn't reveal the user's secret to the server. A very  
> nice property if you're not 100% sure that you're talking to the  
> right server.
>
> Arnt

Follow-Ups:
- RE: "POP3 SASL Authentication Mechanism" submitted for publication
  - From: Lyndon Nerenberg

References:
- Fwd: "POP3 SASL Authentication Mechanism" submitted for publication
  - From: Lisa Dusseault
- Re: Fwd: "POP3 SASL Authentication Mechanism" submitted for publication
  - From: Frank Ellermann
- Re: Fwd: "POP3 SASL Authentication Mechanism" submitted for publication
  - From: Abhijit Menon-Sen
- Re: Fwd: "POP3 SASL Authentication Mechanism" submitted for publication
  - From: Simon Josefsson
- Re: Fwd: "POP3 SASL Authentication Mechanism" submitted for publication
  - From: Alexey Melnikov
- Re: Fwd: "POP3 SASL Authentication Mechanism" submitted for publication
  - From: Arnt Gulbrandsen
- Re: "POP3 SASL Authentication Mechanism" submitted for publication
  - From: Lisa Dusseault

Prev by Date: Re: Fwd: "POP3 SASL Authentication Mechanism" submitted for publication
Next by Date: RE: "POP3 SASL Authentication Mechanism" submitted for publication
Previous by thread: Re: "POP3 SASL Authentication Mechanism" submitted for publication
Next by thread: RE: "POP3 SASL Authentication Mechanism" submitted for publication
Index(es):
- Date
- Thread