[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx> writes:
> A question came up off-list which I think needs to be explicitly
> addressed in the charter text.
> While the mechanism provide a security layer?
> From list discussions, I think the answer is:
> The replacement mechanism is expected not to provide a
> security layer itself, instead rely on
> security services provided at a lower layer (e.g., TLS) and
> channel bindings.
> I recommend inserting this sentence just before "The WG is expected to
> strike..." and deleting the "channel binding" quality.
> Also, as it is desirable to have a shorter list of qualities, I also
> recommend deleting "algorithm agility" and "minimal roundtrips"
I think crypto algorithm agility may be more harmful than useful, so +1.
SASL itself is crypto agile anyway.
> -- Kurt
> On Mar 31, 2008, at 2:07 PM, Kurt Zeilenga wrote:
>> I think the proposed charter text concerning DIGEST-MD5 to historic/
>> replacement should be replaced with
>> something like:
>> The group has determined that DIGEST-MD5 (RFC2831) is not suitable
>> for progression on the
>> Standards Track due to interoperability, internationalization, and
>> security concerns. The group will
>> deliver a technical specification for a suitable password-based
>> challenge/response replacement mechanism
>> for Standard Track consideration. The replacement mechanism is
>> expected to be "better than" DIGEST-MD5
>> from a number of perspectives including interoperability,
>> internationalization, and security. The
>> WG is expected to strike a consensus-supported balance between the
>> many qualities desired in the
>> replacement. Desired qualities include (but is not limited to):
>> - Use of well understood and broadly-implemented algorithms
>> (e.g., HMAC, SHA1),
>> - Algorithm agility,
>> - Negotiated key hardening iteration count,
>> - Downgrade attack protection,
>> - Mutual authentication,
>> - Internationalized,
>> - Channel Binding,
>> - Minimal Roundtrips.
>> The group intends to consider a number of approaches, including
>> draft-newman-auth-scam and
>> draft-josefsson-password-auth, as input. Additionally, the WG will
>> deliver a document summarizing
>> its DIGEST-MD5 concerns and requesting RFC 2831 be moved to
>> Historic status. The WG intends to use
>> draft-melnikov-digest-to-historic for a starting point for this
>> For those wanting to know more about the WG direction here, I would
>> guess they first read Alexey's draft,
>> then read Chris's draft and the WG list discussion regarding desired
>> qualities in the replacement.
>> Anyways, comments on this suggested text? Any suggested additions/
>> deletions to the list of desired qualities?
>> (For suggested additions, please offer text for the WG to consider.)
>> -- Kurt