[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)

To: Hallvard B Furuseth <h.b.furuseth@xxxxxxxxxxx>
Subject: Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
From: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Date: Tue, 18 Mar 2008 13:17:24 -0500
Cc: Simon Josefsson <simon@xxxxxxxxxxxxx>, Chris Newman <Chris.Newman@xxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <hbf.20080318n9gm@xxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Mail-followup-to: Hallvard B Furuseth <h.b.furuseth@xxxxxxxxxxx>, Simon Josefsson <simon@xxxxxxxxxxxxx>, Chris Newman <Chris.Newman@xxxxxxx>, ietf-sasl@xxxxxxx
References: <877ig12v5g.fsf@xxxxxxxxxxxxxxxxxxx> <20080317171317.GB16998@xxxxxxx> <> <20080318023527.GS16998@xxxxxxx> <878x0gghbi.fsf@xxxxxxxxxxxxxxxxxxx> <20080318161409.GX16998@xxxxxxx> <87y78g7xsn.fsf@xxxxxxxxxxxxxxxxxxx> <hbf.20080318n9gm@xxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Mutt/1.5.7i

On Tue, Mar 18, 2008 at 06:42:54PM +0100, Hallvard B Furuseth wrote:
> 
> Simon Josefsson writes:
> > I'm not strongly opposed to realms, but if it leads to complexity in the
> > protocol, I think we should motivate it carefully.
> 
> As far as I can tell, a realm is nothing but a salt common for all
> users on the server.  SCRAM supports a salt.  Am I missing something?

It's a bit more than that: it's an extra layer in the key hierarchy.
And that's so that the realm can generate the verifiers for all users
for any new server without having to know the cleartext passwords.

But again, the point is moot.

References:
- Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson
- Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
  - From: Nicolas Williams
- Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
  - From: Chris Newman
- Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
  - From: Nicolas Williams
- Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
  - From: Simon Josefsson
- Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
  - From: Nicolas Williams
- Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
  - From: Simon Josefsson
- Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
  - From: Hallvard B Furuseth

Prev by Date: Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
Next by Date: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Previous by thread: Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
Next by thread: Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
Index(es):
- Date
- Thread