[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security

To: Simon Josefsson <simon@xxxxxxxxxxxxx>
Subject: Re: Security
From: Sam Hartman <hartmans-ietf@xxxxxxx>
Date: Wed, 13 Aug 2008 12:33:37 -0400
Cc: Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx>, Frank Ellermann <nobody@xxxxxxxxxxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <87r68slwh1.fsf@xxxxxxxxxxxxxxxxxxx> (Simon Josefsson's message of "Wed, 13 Aug 2008 18:18:34 +0200")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <ldvlki6dqqu.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> <45F856F1.2B56@xxxxxxxxxxxxxxxxx> <19A01BBB-9BF4-4D49-8B2A-AA911B93EF7C@xxxxxxxxx> <87y732a7dc.fsf@xxxxxxxxxxxxxxxxxxx> <57EA1E30-54A9-4E13-98CC-944EE79AC633@xxxxxxxxx> <87proe6sxm.fsf@xxxxxxxxxxxxxxxxxxx> <tslej4thudg.fsf@xxxxxxx> <87r68slwh1.fsf@xxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)

>>>>> "Simon" == Simon Josefsson <simon@xxxxxxxxxxxxx> writes:

    Simon> We disagree on the principal here.  Merely because there
    Simon> are known vulnerabilities (which can be fixed by using
    Simon> TLS), that shouldn't prevent something to go on the
    Simon> standards track.  If that were the metric, we wouldn't
    Simon> publish SMTP on the standards track due to spam concerns.
    Simon> You make it sound as if only perfect protocols should be on
    Simon> the standards track.

I don't think I'd characterize things that way.  I think we should put
something on the standards track when we believe it is a good instance
of whatever it does.  There should be no significant vulnerabilities
that we can fix while it's still the same thing.

I think plain meets this criteria today.  In a few years, I suspect
we'll decide that phishing concerns are more important than the
ability to support plaintext passwords over TLS.

In particular, plain is the best we can do while supporting legacy
password systems.

Cram-md5 is no longer a good instance of a challenge-response
mechanism.  The world has evolved and integrity/confidentiality
protection are important, as is mutual authentication all at one
layer.  As such, I think cram-md5 no longer meets good practice for
the design of a challenge-response mechanism, so we should not
recommend it.

Note that my arguments do not apply to digest-md5.  If people want to
update digest-md5 on the standards track, I will not stand in their
way.  I personally don't think it worth doing.


To come back to your example of SMTP, I think if we had viable
proposal for an email transport that did not have spam concerns, we
should seriously question whether SMTP should remain on the standards
track.  I'm aware of no such proposals.

Follow-Ups:
- Re: Security
  - From: Frank Ellermann

References:
- WG Last Call: draft-ietf-sasl-crammd5-08.txt
  - From: Tom Yu
- Security (was: WG Last Call: draft-ietf-sasl-crammd5-08.txt)
  - From: Frank Ellermann
- Re: Security (was: WG Last Call: draft-ietf-sasl-crammd5-08.txt)
  - From: Kurt Zeilenga
- Re: Security
  - From: Simon Josefsson
- Re: Security
  - From: Kurt Zeilenga
- Re: Security
  - From: Simon Josefsson
- Re: Security
  - From: Sam Hartman
- Re: Security
  - From: Simon Josefsson

Prev by Date: Re: Security
Next by Date: Re: Random data
Previous by thread: Re: Security
Next by thread: Re: Security
Index(es):
- Date
- Thread