[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security

To: Simon Josefsson <simon@xxxxxxxxxxxxx>
Subject: Re: Security
From: Sam Hartman <hartmans-ietf@xxxxxxx>
Date: Wed, 13 Aug 2008 10:17:31 -0400
Cc: Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx>, Frank Ellermann <nobody@xxxxxxxxxxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <87proe6sxm.fsf@xxxxxxxxxxxxxxxxxxx> (Simon Josefsson's message of "Tue, 12 Aug 2008 19:31:49 +0200")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <ldvlki6dqqu.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> <45F856F1.2B56@xxxxxxxxxxxxxxxxx> <19A01BBB-9BF4-4D49-8B2A-AA911B93EF7C@xxxxxxxxx> <87y732a7dc.fsf@xxxxxxxxxxxxxxxxxxx> <57EA1E30-54A9-4E13-98CC-944EE79AC633@xxxxxxxxx> <87proe6sxm.fsf@xxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)

>>>>> "Simon" == Simon Josefsson <simon@xxxxxxxxxxxxx> writes:

    Simon> Sure, but if CRAM-MD5 is used with TLS, the initial
    Simon> statement above is misleading: there is nothing in the
    Simon> security considerations of CRAM-MD5 that explains how
    Simon> CRAM-MD5 under TLS fails to provide adequate protection.

    >> It is my belief that WG consensus is that the current text is
    >> adequate in both of these areas.  I encourage anyone who thinks
    >> the current text can be approved upon offer alternative text
    >> for the WG to consider.

    Simon> I suspect people read different things into the first
    Simon> statement here.  I suggest to change it to:

    Simon>   CRAM-MD5 used without TLS is no longer considered to
    Simon> provide adequate protection.

I don't object to this change.
I do object to cram-md5 on the standards track.

Kurt commented that recommendations for cram-md5 should be the same
for plain.  I disagree because since cram-md5 is a challenge/response
mechanism we can do better than plain.  Plain is the best we can do in
cases where you need to send a password to the server.

However for challenge/response mechanisms we can get mutual
authentication and tie the mutual authentication to integrity
protection and/or confidentiality.  Since cram-md5 does not support
these capabilities either through security layers or channel binding,
 I do not think it should be updated on the standards track.

Also, I do believe that cram-md5's mechanisms for converting a
password into a key are weaker than is current accepted security
practice.

--Sam

Follow-Ups:
- Re: Security
  - From: Frank Ellermann
- Re: Security
  - From: Simon Josefsson

References:
- WG Last Call: draft-ietf-sasl-crammd5-08.txt
  - From: Tom Yu
- Security (was: WG Last Call: draft-ietf-sasl-crammd5-08.txt)
  - From: Frank Ellermann
- Re: Security (was: WG Last Call: draft-ietf-sasl-crammd5-08.txt)
  - From: Kurt Zeilenga
- Re: Security
  - From: Simon Josefsson
- Re: Security
  - From: Kurt Zeilenga
- Re: Security
  - From: Simon Josefsson

Prev by Date: Re: Security
Next by Date: Re: Random data
Previous by thread: Re: Security
Next by thread: Re: Security
Index(es):
- Date
- Thread