[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have

To: Steven Simon <simon.s@xxxxxxxxx>
Subject: Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
From: Chris Newman <Chris.Newman@xxxxxxx>
Date: Wed, 12 Mar 2008 09:15:51 -0500
Cc: Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <195DCF92-D71D-4FC2-A26C-484102649343@xxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <9C18D563-B86C-4ED8-8312-F22578A11E63@xxxxxxxxx> <> <195DCF92-D71D-4FC2-A26C-484102649343@xxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx


--On March 11, 2008 5:14:14 -0700 Steven Simon <simon.s@xxxxxxxxx> wrote:

I would like a client-first mechanism that sends the username before the
challenge. My system supports multiple directories so I need to be able to
route the session to the correct one based on the user account location.

I'd put this in the nice-to-have category. The earlier the username issent, the more proxy-friendly the mechanism becomes, but there are ways todeal with this otherwise.

Desirable on-disk hash features:
* salted
* iteration count

Obviously, I agree these are desirable as they're in SCRAM ;-). I considerthe iteration count necessary if the mechanism is to have any utilitywithout TLS.

• ability to switch algorithms in case the hash-du-jour is compromised

The auth mechanism should communicate the on-disk hash type and
iteration count so that the client can convert the cleartext to the right

hash before producing the response. We don't want to have to reconfigure

the

clients.

Hash agility is needed, but sub-negotiation can create more problems thanit solves. To keep the mechanism and negotiation simpler, I'd prefer thehash be part of the mechanism name and we simply have a different mechanismfor each hash. The agility plan needs to be written, but I prefer anapproach where clients "latch-up" to better mechanisms, handle atransition-needed error code gracefully and servers aggressively populateall supported password verifiers whenever possible (e.g. password changeand/or successful use of TLS+plain).

BTW: we do use the privacy layer, though I think we can work around its
exclusion.

Interesting. Do you also support TLS? Would your code be simpler with TLSand channel bindings but no SASL privacy layer?


		- Chris

Follow-Ups:
- Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Simon Josefsson

References:
- Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Kurt Zeilenga
- Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Chris Newman
- Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Steven Simon

Prev by Date: Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
Next by Date: Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
Previous by thread: Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
Next by thread: Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
Index(es):
- Date
- Thread