[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Holding gs2

To: Chris Newman <Chris.Newman@xxxxxxx>
Subject: Re: Holding gs2
From: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Date: Tue, 29 Jan 2008 15:26:05 -0600
Cc: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>, Simon Josefsson <simon@xxxxxxxxxxxxx>, Sam Hartman <hartmans-ietf@xxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <A700A598DE5875E9C792C999@xxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Mail-followup-to: Chris Newman <Chris.Newman@xxxxxxx>, Alexey Melnikov <alexey.melnikov@xxxxxxxxx>, Simon Josefsson <simon@xxxxxxxxxxxxx>, Sam Hartman <hartmans-ietf@xxxxxxx>, ietf-sasl@xxxxxxx
References: <tslzlv55mon.fsf@xxxxxxx> <87bq7hx536.fsf@xxxxxxxxxxxxxxxxxxx> <tslk5m2ep8f.fsf@xxxxxxx> <87myqxnc8b.fsf@xxxxxxxxxxxxxxxxxxx> <479CCD23.4050600@xxxxxxxxx> <20080128155952.GZ12865@xxxxxxx> <A700A598DE5875E9C792C999@xxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Mutt/1.5.7i

On Tue, Jan 29, 2008 at 12:16:36PM -0700, Chris Newman wrote:
> Speaking as a technical participant only...
> 
> As a SASL implementer, it is my current intention to not implement the 
> "security layer" feature of SASL.  If I implement GS2, my implementation 
> will always negotiate the GS2 security layer off and will use SSL/TLS 
> channel bindings if there's any reasonable way I can get that working with 
> the Mozilla/NSS library.

Most SASL apps have StartTLS or TLS port options.  I'm inclined to
believe that most SASL implementors would prefer to just do channel
binding to TLS when you want security layers.

So I'm now inclined to believe that Sam is right: we may have gone
overboard with GS2.

The only question left for me then is this: does anyone actually want
SASL security layers with any new mechanisms, or with the replacement
for "GSSAPI"?

If the answer is "noone does" then I say we scrap GS2 and do a new thing
based on GSS-API channel binding semantics and no security layers.

If the answer is "some do" (e.g., Simon), then I think we may want a
light-weight GS2 option, for use when no security layers are desired.

> However, I only plan to implement GS2 if it provides value above the GSSAPI 
> mechanism -- that means it's only worth implementing to me if there are 
> clients that support the combination of GS2, Kerberos 5 and SSL/TLS channel 
> bindings.

OK.  To be sure there exist plenty of protocols that use both, TLS and
SASL.  What doesn't necessarily exist is support for extracting channel
bindings from TLS libraries.

> I would personally have no problem implementing an all-binary SCRAM 
> regardless of how ugly the ASN.1 and binary encoding happens to be (it just 
> requires more lines of parsing code since I have to include all the 
> binary->text logic for debugging).  However, textual protocols are easier 
> to debug, easier to understand and thus easier to deploy.  I'd be concerned 
> about the real-world deployability of an all-binary SCRAM.

Well, ciphertext and MACs won't look like text...  Password-based SASL
mechs with channel binding would make relatively little use of crypto on
the wire -- just some HMACs.  So you might be able to get your wish.

Nico
--

Follow-Ups:
- Re: Holding gs2
  - From: Sam Hartman

References:
- Holding gs2
  - From: Sam Hartman
- Re: Holding gs2
  - From: Simon Josefsson
- Re: Holding gs2
  - From: Sam Hartman
- Re: Holding gs2
  - From: Simon Josefsson
- Re: Holding gs2
  - From: Alexey Melnikov
- Re: Holding gs2
  - From: Nicolas Williams
- Re: Holding gs2
  - From: Chris Newman

Prev by Date: Re: Holding gs2
Next by Date: SCRAM with(out) GS2 (was Re: Holding gs2)
Previous by thread: Re: Holding gs2
Next by thread: Re: Holding gs2
Index(es):
- Date
- Thread