[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto agility in SCRAM + draft-josefsson-password-auth?

To: Tony Finch <dot@xxxxxxxx>
Subject: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
From: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Date: Tue, 18 Mar 2008 11:29:55 -0500
Cc: Hallvard B Furuseth <h.b.furuseth@xxxxxxxxxxx>, Chris Newman <Chris.Newman@xxxxxxx>, Simon Josefsson <simon@xxxxxxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <alpine.LSU.1.00.0803181614530.14814@xxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Mail-followup-to: Tony Finch <dot@xxxxxxxx>, Hallvard B Furuseth <h.b.furuseth@xxxxxxxxxxx>, Chris Newman <Chris.Newman@xxxxxxx>, Simon Josefsson <simon@xxxxxxxxxxxxx>, ietf-sasl@xxxxxxx
References: <877ig12v5g.fsf@xxxxxxxxxxxxxxxxxxx> <> <20080318024911.GT16998@xxxxxxx> <hbf.20080318jt43@xxxxxxxxxxxxx> <20080318160412.GV16998@xxxxxxx> <alpine.LSU.1.00.0803181614530.14814@xxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Mutt/1.5.7i

On Tue, Mar 18, 2008 at 04:21:49PM +0000, Tony Finch wrote:
> On Tue, 18 Mar 2008, Nicolas Williams wrote:
> > One day your servers all have SCRAM HMAC-MD5 verifiers for your users'
> > names and passwords.  The next you want to move to SCRAM HMAC-SHA-224,
> > but you don't have any of those verifiers.  How do you complete the
> > migration, operationally?
> 
> The usual way to avoid too much interaction with users is to instrument
> the authentication process to capture passwords verified by the old
> mechanism and re-encode them using the new mechanism.

Right, that's one of the ways I considered.  Both of the answers I
suggested require additional bits on the wire in SCRAM.

> > > [...]
> > Putting the hash negotiation inside SCRAM doesn't help you with that.
> 
> It depends on whether clients are good at automatic fail-over from one
> SASL mechanism to another. If you negotiate the algorithm after you know
> who the user is, the server can advertise different algorithms for
> different users, and advertise only the algorithms that have a chance of
> working, so client-side fail-over isn't required.

Ah, good point.  Without a hash negotiation inside SCRAM you have to
effectively deploy verifiers for all your users before you start
advertising the SCRAM with new hash functions.

Nico
--

References:
- Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Chris Newman
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Nicolas Williams
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Hallvard B Furuseth
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Nicolas Williams
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Tony Finch

Prev by Date: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Next by Date: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Previous by thread: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Next by thread: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Index(es):
- Date
- Thread