[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto agility in SCRAM + draft-josefsson-password-auth?

To: Hallvard B Furuseth <h.b.furuseth@xxxxxxxxxxx>
Subject: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
From: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>
Date: Sun, 06 Jul 2008 15:29:22 +0100
Cc: Jeffrey Hutzelman <jhutz@xxxxxxx>, Nicolas Williams <Nicolas.Williams@xxxxxxx>, Chris Newman <Chris.Newman@xxxxxxx>, Simon Josefsson <simon@xxxxxxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <hbf.20080401fpai@xxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <hbf.20080331onqh@xxxxxxxxxxxxx> <Pine.LNX.4.33L.0803311045080.7132-100000@xxxxxxxxxxxxxxxxxxxxx> <hbf.20080401fpai@xxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915


Hallvard B Furuseth wrote:

Jeffrey Hutzelman writes:

On Mon, 31 Mar 2008, Hallvard B Furuseth wrote:

I think security requires that it can return one list of mechanisms
which will work and one with mechanisms which might work.  (Both subsets
of those reachable without mechanism-negotiation, as you say below.)
(...)

I haven't fully paged this discussion back in yet, but...

:-)

Replying to this message after guarantying that everybody paged out thisconversion :-).

I don't think you actually want to distinguish between two lists,
because doing so provides no utility.  I agree that it should be OK to
offer mechanisms that won't actually work for this user.  Doing so
increases the chance that the client will choose one of those, causing
authentication to fail when it could have succeeded, but that's
unlikely in practice because often the client has been configured to
expect a particular mechanism.

But the reason I suggested a mechanism-negotiation mechanism in the
first place was situations where different users have different
such as when the site is upgrading from an old mechanism.

If nothing else, a "will work" list can reduce the amount of user
interaction:  The client can use that right ahead, but ask the user
for help if there are only "might work" mechanisms.

Alternatively the client could try several "might work" mechanisms in
succession, but as I mentioned that can interfere with policy about
max allowed failed logins.

A server enforcing this policy would have to distinguish between "lackof secret for this user and this mechanism" and "the supplied secret isincorrect".

If the server implementation doesn't do that, it is broken.

Or for that matter different mechanisms
can need different information from the user - and thus again more user
interaction than necessary.

A properly written client only need to ask for a password once, if theserver can report back lack of secret.

But yes, this can be quite annoying for users otherwise.

As a side note: I think we really need to spend some time telling clientimplementors how to implement retries/fallback during SASL negotiation.

The "might work" list might offer no utility when there is a "will work"
mechanism, if so a single list with a "will work"-flag is enough.

References:
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Hallvard B Furuseth
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Jeffrey Hutzelman
- Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Hallvard B Furuseth

Prev by Date: Re: Moving forward with CRAM-MD5
Previous by thread: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Next by thread: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Index(es):
- Date
- Thread