[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG Last Call: draft-ietf-sasl-scram-02

To: Jeffrey Hutzelman <jhutz@xxxxxxx>, ietf-sasl@xxxxxxx
Subject: Re: WG Last Call: draft-ietf-sasl-scram-02
From: Chris Newman <Chris.Newman@xxxxxxx>
Date: Tue, 28 Jul 2009 14:11:45 +0200
In-reply-to: <6D6A0C3D583799FDB75CC23B@xxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <ldvbpnouhy3.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> <> <6D6A0C3D583799FDB75CC23B@xxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx


--On July 27, 2009 10:48:46 -0400 Jeffrey Hutzelman <jhutz@xxxxxxx> wrote:

I am unsure how difficult it will be to add channel binding
support to NSS. In the event I succeed with channel bindings, but
subsequently experience interoperability problems with channel bindings,
I will remove all channel binding support from my implementation.


What this tells me is that you don't consider this an important feature.
That's unfortunate, because I consider security to be a very important
feature, and if implementors won't commit to implementing a security
feature, we have no chance of getting operators and users to actually use
it.

I consider TLS channel bindings very important, so much so I'm willing toinvest significant effort attempting an implementation. But there arethree directions typical deployments could go here: 1. most people use"PLAIN+TLS", 2. SCRAM+TLS-no-channel-bindings gets deployed, 3.SCRAM+TLS-with-channel-bindings gets deployed. If the attempt at 3 isnon-interoperable, then 1 will be the result as people will associate"SCRAM" with "doesn't work". I strongly prefer option 2 to 1 and will actaccordingly. All this talk of channel binding negotiation is leading inthe direction of non-interoperability and is risking the possibility ofsuccess with option 3. I am stating up front that I'll fight for option 2if option 3 looks like it will fail. It's exactly because I care aboutactually getting security deployed that I'm willing to lose the channelbinding feature if necessary to get an incremental improvement.

Now that you've goaded me to explain my concern. I'll make a concretesuggestion to improve the SCRAM channel bindings section. I suggest wereplace this text:


  Clients SHOULD choose the tls-unique channel binding type.
  Conversely, clients MAY choose a different channel binding type based
  on user input, configuration, or a future, as-yet undefined channel
  binding type negotiation protocol.  Servers MUST choose the channel
  binding type indicated by the client, if they support it.

with:

  Clients MUST use the tls-unique channel binding type if a TLS channel is

active when SCRAM is used. Clients MAY use a different channel bindingtype ifan as-yet undefined channel binding type negotiation has confirmed theserver

  supports the channel-binding type the client selects.

This way, SCRAM+TLS-channel-bindings will interoperate. With the currentvague text, it's possible for a compliant client's SCRAM implementation tofail to interoperate when communicating with a compliant server's SCRAM +TLS-channel-bindings implementation.


		- Chris

Follow-Ups:
- Re: WG Last Call: draft-ietf-sasl-scram-02
  - From: Nicolas Williams
- Re: WG Last Call: draft-ietf-sasl-scram-02
  - From: Simon Josefsson

References:
- WG Last Call: draft-ietf-sasl-scram-02
  - From: Tom Yu
- Re: WG Last Call: draft-ietf-sasl-scram-02
  - From: Chris Newman
- Re: WG Last Call: draft-ietf-sasl-scram-02
  - From: Jeffrey Hutzelman

Prev by Date: Re: WG Last Call: draft-ietf-sasl-scram-02
Next by Date: Re: WG Last Call: draft-ietf-sasl-scram-02
Previous by thread: Re: WG Last Call: draft-ietf-sasl-scram-02
Next by thread: Re: WG Last Call: draft-ietf-sasl-scram-02
Index(es):
- Date
- Thread