[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security

To: Hallvard B Furuseth <h.b.furuseth@xxxxxxxxxxx>
Subject: Re: Security
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Wed, 13 Aug 2008 11:31:35 +0200
Cc: Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx>, Frank Ellermann <nobody@xxxxxxxxxxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <hbf.20080813idvq@xxxxxxxxxxxxx> (Hallvard B. Furuseth's message of "Wed, 13 Aug 2008 07:12:09 +0200")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <ldvlki6dqqu.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> <45F856F1.2B56@xxxxxxxxxxxxxxxxx> <19A01BBB-9BF4-4D49-8B2A-AA911B93EF7C@xxxxxxxxx> <87y732a7dc.fsf@xxxxxxxxxxxxxxxxxxx> <57EA1E30-54A9-4E13-98CC-944EE79AC633@xxxxxxxxx> <87proe6sxm.fsf@xxxxxxxxxxxxxxxxxxx> <F417C7F5-4066-4E20-B9EF-F6BEA1DA68A0@xxxxxxxxx> <87tzdp690e.fsf@xxxxxxxxxxxxxxxxxxx> <hbf.20080813idvq@xxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux)

Hallvard B Furuseth <h.b.furuseth@xxxxxxxxxxx> writes:

> Simon Josefsson writes:
>> Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx> writes:
>>>> SHOULD has worked fine for PLAIN, so I disagree.
>>>
>>> It works fine because of PLAIN's design.  The party, the server, is
>>> preparing both the presented and stored strings.   In CRAM-MD5, two
>>> parties need to agree on the preparation on what preparation to use
>>> for things to work properly.
>>
>> Ah, I understand your objection now.
>>
>> Given that RFC 2195 appears to be ASCII only, I don't see a problem with
>> extending it to UTF-8 in a revised version and mandate that using a
>> SHOULD or MUST though.
>
> It doesn't say the password is ASCII, only that the digest being
> sent is.  Authentication breaks if the password is UTF-8, one
> protocol peer SASLpreps it, and the other does not.
>
> OTOH it also breaks if the password is Latin-1, one peer translates to
> UTF-8, and the other does not.  "MUST use UTF8/SASLprep" in practice
> implies "client and whoever creates server secret MUST know which
> character encoding is in use, so it can translate to UTF-8 if needed".
> Simple solutions to that would be to reject 8-bit input or make it the
> user's problem and expect UTF-8 input, of course.

True.  However, I think it is reasonable to assume that RFC 2195
intended for passwords to be ASCII only.  We can fix this lack of detail
with new text that says MUST UTF-8+SASLprep before hashing in 2195bis.
This is a problem that can be fixed when revising a standard, it doesn't
necessarily mean the standard is broken without any chance of rescuing
it.

/Simon

References:
- WG Last Call: draft-ietf-sasl-crammd5-08.txt
  - From: Tom Yu
- Security (was: WG Last Call: draft-ietf-sasl-crammd5-08.txt)
  - From: Frank Ellermann
- Re: Security (was: WG Last Call: draft-ietf-sasl-crammd5-08.txt)
  - From: Kurt Zeilenga
- Re: Security
  - From: Simon Josefsson
- Re: Security
  - From: Kurt Zeilenga
- Re: Security
  - From: Simon Josefsson
- Re: Security
  - From: Kurt Zeilenga
- Re: Security
  - From: Simon Josefsson
- Re: Security
  - From: Hallvard B Furuseth

Prev by Date: Re: Random data
Previous by thread: Re: Security
Next by thread: Alternative password SASL authentication mechanims
Index(es):
- Date
- Thread