[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security

To: Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx>
Subject: Re: Security
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Tue, 26 Aug 2008 20:40:37 +0200
Cc: Sam Hartman <hartmans-ietf@xxxxxxx>, Frank Ellermann <nobody@xxxxxxxxxxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <893CC95E-F3C5-44C9-9217-73D8705996F5@xxxxxxxxx> (Kurt Zeilenga's message of "Tue, 26 Aug 2008 11:10:09 -0700")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <ldvlki6dqqu.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> <45F856F1.2B56@xxxxxxxxxxxxxxxxx> <19A01BBB-9BF4-4D49-8B2A-AA911B93EF7C@xxxxxxxxx> <87y732a7dc.fsf@xxxxxxxxxxxxxxxxxxx> <57EA1E30-54A9-4E13-98CC-944EE79AC633@xxxxxxxxx> <87proe6sxm.fsf@xxxxxxxxxxxxxxxxxxx> <tslej4thudg.fsf@xxxxxxx> <87r68slwh1.fsf@xxxxxxxxxxxxxxxxxxx> <893CC95E-F3C5-44C9-9217-73D8705996F5@xxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux)

Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx> writes:

> On Aug 13, 2008, at 9:18 AM, Simon Josefsson wrote:
>
>> Your approach would send the message that we recommend users to prefer
>> PLAIN+TLS over CRAM-MD5+TLS.
>
> The problem as I see it is that the draft doesn't make it clear that
> we're recommending CRAM-MD5+TLS.  The one recommendation statement
> isn't enough.
>
> Most implementors and deployers and users of PLAIN understand PLAIN's
> weaknesses without even reading RFC 4616.  Reading RFC 4616 reinforces
> what folks already understand.  But even so, RFC 4616 reiterates the
> recommendation in the Abstract and Introduction, provides examples
> showing use with TLS, and then reinforces its recommendations by
> clearly stated security considerations.  RFC 4616 also places
> requirements on IETF protocols that state PLAIN is an applicable
> authentication mechanisms that the protocol specification MUST mandate
> implementation of strong data security services.
>
> Implementors, deployers and users of CRAM-MD5 appear not to well
> understand CRAM-MD5's weaknesses and hence are more apt to ignore the
> recommendation, especially one buried on page 5 of the specification.
> The CRAM-MD5 specification places no mandate on IETF protocols that
> state CRAM-MD5 is an applicable authentication mechanism.

All of the above appear to be fixable by changing the CRAM-MD5 document.
Right?

A more interesting discussion seems to be: Assuming the document
recommends CRAM-MD5+TLS sufficiently well (similar to the wording in the
PLAIN document), would such a document be acceptable to put on the
Standards Track and with the applicability of COMMON?

If that is not the WG consensus, it would be clearer to abandon the
current CRAM-MD5 specification and produce a "Moving CRAM-MD5 to
Historic" document.

However, I believe CRAM-MD5+TLS, with warnings about channel binding
vulnerabilities, is valuable to have on the standards track until there
is other solutions that we can recommend instead (i.e., GS2+SCRAM).

Alternatively, publish the "CRAM-MD5 to Historic" document
simultaneously as the GS2+SCRAM document.

Thanks,
Simon

Follow-Ups:
- Re: Security
  - From: Sam Hartman
- Re: Security
  - From: Kurt Zeilenga

References:
- WG Last Call: draft-ietf-sasl-crammd5-08.txt
  - From: Tom Yu
- Security (was: WG Last Call: draft-ietf-sasl-crammd5-08.txt)
  - From: Frank Ellermann
- Re: Security (was: WG Last Call: draft-ietf-sasl-crammd5-08.txt)
  - From: Kurt Zeilenga
- Re: Security
  - From: Simon Josefsson
- Re: Security
  - From: Kurt Zeilenga
- Re: Security
  - From: Simon Josefsson
- Re: Security
  - From: Sam Hartman
- Re: Security
  - From: Simon Josefsson
- Re: Security
  - From: Kurt Zeilenga

Prev by Date: Re: Security
Next by Date: Re: Security
Previous by thread: Re: Security
Next by thread: Re: Security
Index(es):
- Date
- Thread