Re: [apps-discuss] [saag] Fwd: HTTP MAC Authentication Scheme

Nico Williams <nico@cryptonector.com> Tue, 10 May 2011 07:28 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AB6BE06D3; Tue, 10 May 2011 00:28:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.071
X-Spam-Level:
X-Spam-Status: No, score=-3.071 tagged_above=-999 required=5 tests=[AWL=-1.094, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hBLvTXe-VBGV; Tue, 10 May 2011 00:28:30 -0700 (PDT)
Received: from hapkido.dreamhost.com (hapkido.dreamhost.com [66.33.216.122]) by ietfa.amsl.com (Postfix) with ESMTP id 19740E06A1; Tue, 10 May 2011 00:28:30 -0700 (PDT)
Received: from homiemail-a26.g.dreamhost.com (caiajhbdcahe.dreamhost.com [208.97.132.74]) by hapkido.dreamhost.com (Postfix) with ESMTP id 7512E178990; Tue, 10 May 2011 00:28:29 -0700 (PDT)
Received: from homiemail-a26.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a26.g.dreamhost.com (Postfix) with ESMTP id 064F5B8058; Tue, 10 May 2011 00:28:29 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=mk92Z5DDkEJUF9xkCvze64aL7T8wf8h+YUUx4RAouVgy y4ESqIeR2EaPmWBtEppc/3kY+eSnUme7d2Nuo41t0wyHk1XvevVcWBUZISitPDaf C1JADsoCLJBcdOJrobDcIOTdVW+ApYoWlWVUyKKXNMjphc5/Og5SQqVfHelwRhY=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=OoMbxSARWjURs+gW+89BLptMRlk=; b=T+fUhi8BOOU sbQDLdwJNt2jL+5Wx1K6Svfzk1TTtS/Ysd+HNb4biEeKObzAgz5nPVZIzlMgpWLK mt3kPMBXYOQ0itdrU9pArVN1Hl+XgjbiSgRxuUrMB0B/a9xOF65rG9xpKX0CPXzf iLE0v0U/Xvow09DY3/zLMZCyqNes3gYc=
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a26.g.dreamhost.com (Postfix) with ESMTPSA id BB7B6B8057; Tue, 10 May 2011 00:28:28 -0700 (PDT)
Received: by vws12 with SMTP id 12so391320vws.31 for <multiple recipients>; Tue, 10 May 2011 00:28:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.175.199 with SMTP id cc7mr571378vdc.197.1305012508190; Tue, 10 May 2011 00:28:28 -0700 (PDT)
Received: by 10.52.155.4 with HTTP; Tue, 10 May 2011 00:28:28 -0700 (PDT)
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723447581DA9EF@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <90C41DD21FB7C64BB94121FBBC2E723447581DA8EA@P3PW5EX1MB01.EX1.SECURESERVER.NET> <B1968C5A-867C-4C7D-B3EF-A399AD626B60@vpnc.org> <BANLkTinXPER5NaKxMFnbviMaX=CTSp81fg@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E723447581DA933@P3PW5EX1MB01.EX1.SECURESERVER.NET> <BANLkTinr2oT0Br7tJ3z_e01oYLe7KTt6+A@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E723447581DA9EF@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Date: Tue, 10 May 2011 02:28:28 -0500
Message-ID: <BANLkTi=Vg0A7vDt4+r6iUQZHqdF+NMnNJA@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: "saag@ietf.org" <saag@ietf.org>, Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] [saag] Fwd: HTTP MAC Authentication Scheme
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2011 07:28:31 -0000

On Tue, May 10, 2011 at 2:06 AM, Eran Hammer-Lahav <eran@hueniverse.com> wrote:
>> "What is your threat model?"
>
> An eavesdropper grabbing plaintext credentials and using them to gain access to protected resources. That's 99% of it, with the other 1% being that sending plaintext credentials over TLS can still leak due to incorrect implementation, or attacks on dynamic configuration, leading the client to send its plaintext credentials over TLS to the wrong server.

That's what I thought.  If you add channel binding (meaning, to make
it real simple: add the server's certificate, or hash thereof, to the
MAC inputs -- the server cert is available in at least some JavaScript
implementations, like Firefox's) then you'll avoid those attacks that
you mention when using TLS.

It's not clear to me if you want to allow use of this MAC without
using TLS.  From the above I guess so, since the MAC alone will take
care of the eavesdroppers.

Nico
--