[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto agility in SCRAM + draft-josefsson-password-auth?

To: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Subject: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
From: Hallvard B Furuseth <h.b.furuseth@xxxxxxxxxxx>
Date: Tue, 18 Mar 2008 21:55:11 +0100
Cc: Simon Josefsson <simon@xxxxxxxxxxxxx>, Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@xxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <20080318202120.GF16998@xxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <877ig12v5g.fsf@xxxxxxxxxxxxxxxxxxx> <frmdmk$h1o$1@xxxxxxxxxxxxx> <87od9dszmh.fsf@xxxxxxxxxxxxxxxxxxx> <frnouh$se3$1@xxxxxxxxxxxxx> <87d4psghws.fsf@xxxxxxxxxxxxxxxxxxx> <20080318160958.GW16998@xxxxxxx> <87r6e87x0a.fsf@xxxxxxxxxxxxxxxxxxx> <20080318182510.GC16998@xxxxxxx> <87skyn7scr.fsf@xxxxxxxxxxxxxxxxxxx> <hbf.20080318c2lu@xxxxxxxxxxxxx> <20080318202120.GF16998@xxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx

Nicolas Williams writes:
>On Tue, Mar 18, 2008 at 08:41:46PM +0100, Hallvard B Furuseth wrote:
>>Simon Josefsson writes:
>>> Can we get away with specifying both SCRAM-SHA1 and SCRAM-SHA224 and say
>>> that servers MUST support both and clients MAY support either?
>
> I think you can say that the server MUST implement both and the client
> MUST implement at least one.  (I think that's what you meant.)
>
>> I don't see what good that does.  The server MUST support both, likely
>> only one password hash is _stored_ in it.  A client which only supports
>> the other can't authenticate.
>
> Right, we'd have to say that the server must also store both sets of
> verifiers and credentials.

No thanks.  "The server implementation SHALL NOT allow a user's
SCRAM-SHA224 or SCRAM-SHA1 credentials to be stored, deleted or replaced
without also updating the other one".  I don't want that bit of code in
the server.  Nor do I want to define it as a user error to only store
one of the values, if the server silently accepts it.

One could define a combined (sha1, sha224) server secret so it can be
administered and e.g. stored in an LDAP attribute as a single value.
Also fairly ugly.

>> You can say that clients MUST support both and servers MAY support
>> either.
>
> That too, but I think Simon is arguing that SHA-* are probably available
> on all server platforms, but not necessarily on all clients, so by
> giving the client a choice we may improve deployability without making
> it too hard to drop one of these hash functions later.

Tradeoff between deployability and interoperability, then.  I prefer
Simon's suggestion over mine or yours.  No opinion of whether that's
better than requireing a single mech.

But come to think of it, which spec are we talking about now?  A
mechanism "SCRAM" spec with a hash function parameter, like before?  Or
a SASL implementation in general?  For the latter my objections are moot
because server admins have enough options to create interoperability
anway.

-- 
Hallvard

Follow-Ups:
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Hallvard B Furuseth

References:
- Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Frank Ellermann
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Frank Ellermann
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Nicolas Williams
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Nicolas Williams
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Hallvard B Furuseth
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Nicolas Williams

Prev by Date: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Next by Date: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Previous by thread: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Next by thread: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Index(es):
- Date
- Thread