[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security

To: Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx>
Subject: Re: Security
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Tue, 12 Aug 2008 11:51:43 +0200
Cc: Frank Ellermann <nobody@xxxxxxxxxxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <19A01BBB-9BF4-4D49-8B2A-AA911B93EF7C@xxxxxxxxx> (Kurt Zeilenga's message of "Mon, 11 Aug 2008 18:44:16 -0700")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <ldvlki6dqqu.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> <45F856F1.2B56@xxxxxxxxxxxxxxxxx> <19A01BBB-9BF4-4D49-8B2A-AA911B93EF7C@xxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux)

Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx> writes:

> On 14 Mar 2007, at 1:11 PM, Frank Ellermann wrote:
>
>>
>> | CRAM-MD5 is no longer considered to provide adequate protection.
>
> I believe the WG consensus supports the inclusion of this statement in
> the I-D, as well as the detailed consideration text that follows it.
>
>> That's not the case, as it depends on the circumstances where
>> CRAM-MD5 is used.  E.g. over TLS it could be fine (ignoring the
>> issue discussed in a separate thread wrt 2554bis), and CRAM-MD5
>> is certainly better than APOP (as stated in 2195) or "LOGIN".

I believe Frank has a point here: CRAM-MD5 under TLS with server
authentication does not have any of the security problems mentioned in
section 5, at least as far as I can tell from a quick read of the -10
document.

CRAM-MD5 does have interoperability problems in that it historically
doesn't require use of UTF-8 and SASLPrep.  However, support for
SASLPrep in PLAIN was added in a later revision of PLAIN.  The same
could be done for UTF-8 and SASLprep in CRAM-MD5 too, which would remove
that interoperability problems.

Summarizing, we could do for CRAM-MD5 what we did for PLAIN (require TLS
and require UTF-8 + SASLprep).  None of the arguments made in the
document would still stand against that construct (I think).  What is
puzzling is that the document already appear to strongly suggest use of
TLS and UTF-8 and SASLprep, so I think we have already solved the
security and interoperability problem inherent in the old CRAM-MD5
specification.

/Simon

Follow-Ups:
- Re: Security
  - From: Kurt Zeilenga

References:
- WG Last Call: draft-ietf-sasl-crammd5-08.txt
  - From: Tom Yu
- Security (was: WG Last Call: draft-ietf-sasl-crammd5-08.txt)
  - From: Frank Ellermann
- Re: Security (was: WG Last Call: draft-ietf-sasl-crammd5-08.txt)
  - From: Kurt Zeilenga

Prev by Date: Re: Random data
Next by Date: Future of SASLprep
Previous by thread: Re: Security (was: WG Last Call: draft-ietf-sasl-crammd5-08.txt)
Next by thread: Re: Security
Index(es):
- Date
- Thread