IETF Logo Mail Archive

Re: [dix] Agenda bashing

Eliot Lear <lear@cisco.com> Fri, 07 July 2006 02:36 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FygD0-0005Ov-2Y; Thu, 06 Jul 2006 22:36:46 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FygCz-0005Oq-8t for dix@ietf.org; Thu, 06 Jul 2006 22:36:45 -0400
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FygCv-0002NB-UW for dix@ietf.org; Thu, 06 Jul 2006 22:36:45 -0400
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-6.cisco.com with ESMTP; 06 Jul 2006 19:36:41 -0700
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id k672af1h004670; Thu, 6 Jul 2006 19:36:41 -0700
Received: from imail.cisco.com (sjc12-sbr-sw3-3f5.cisco.com [172.19.96.182]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k672afke012437; Thu, 6 Jul 2006 19:36:41 -0700 (PDT)
Received: from [212.254.247.3] (ams3-vpn-dhcp92.cisco.com [10.61.64.92]) by imail.cisco.com (8.12.11/8.12.10) with ESMTP id k672V3fZ023900; Thu, 6 Jul 2006 19:31:04 -0700
Message-ID: <44ADC8B7.2060605@cisco.com>
Date: Fri, 07 Jul 2006 04:36:39 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Thunderbird 1.5.0.4 (Macintosh/20060530)
MIME-Version: 1.0
To: EKR <ekr@networkresonance.com>
Subject: Re: [dix] Agenda bashing
References: <20060703172550.A182A222425@laser.networkresonance.com> <44A973DC.9040801@cisco.com> <86zmfqa0au.fsf@raman.networkresonance.com> <8C86E9E37E4BD3C-1288-2A5B@FWM-D05.sysops.aol.com> <44ACA9CF.7090605@cisco.com> <86fyhej3hg.fsf@raman.networkresonance.com> <44AD1A86.1050300@cisco.com> <864pxuhkx4.fsf@raman.networkresonance.com>
In-Reply-To: <864pxuhkx4.fsf@raman.networkresonance.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Authentication-Results: sj-dkim-2.cisco.com; header.From=lear@cisco.com; dkim=pass ( sig from cisco.com verified; );
DKIM-Signature: a=rsa-sha1; q=dns; l=2530; t=1152239801; x=1153103801; c=relaxed/simple; s=sjdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=lear@cisco.com; z=From:Eliot=20Lear=20<lear@cisco.com> |Subject:Re=3A=20[dix]=20Agenda=20bashing; X=v=3Dcisco.com=3B=20h=3D6inNqoEUmFyA1l2ZAW91r5N7nQI=3D; b=rnztWWstA5sRaElHbkswSEHy16h7S4S1mMM5pejZinMRjEmPxWn2rWVfkti4OBKcASpSsNF/ 7FdkAyZFB6Wfd/sLX3BPOjx+i9456xcTQPKracJMe67tZAiskhpdWp4q;
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f4c2cf0bccc868e4cc88dace71fb3f44
Cc: Digital Identity Exchange <dix@ietf.org>
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org

Eric Rescorla wrote:
> Eliot Lear <lear@cisco.com> writes:
>
>   
>> Eric Rescorla wrote:
>>     
>>> Well, you could clearly use PwdHash this way. In fact, that's how
>>> your industry standard challenge-response token works. But it doesn't
>>> really help because you don't have HRA against an attacker who
>>> controls the victim's computer. So, they don't capture your
>>> authentication string but they capture the immediately following
>>> session.
>>>   
>>>       
>> PwdHash as an algorithm doesn't protect you from a host computer
>> compromise.  For that you need architectural separation, which is why
>> smart cards etc exist. 
>>     
>
> Yes, Eliot, I'm really quite familiar with the principle of 
> two-factor authentication. My point was that the algorithm
> that PwdHash employs is basically the same one that your 
> average challenge response token uses. It's purely a matter
> of location.
>   

That the password is at all related to the hash result at all is an
(IMHO) unnecessary risk that would in our scenarios impact more than a
single service.  There exists methods where this is NOT the case.

>
>   
>> It remains up to the end server as to what
>> transactions might require additional authentication.  So for instance,
>> a bank may choose to authenticate on new payees for online billing or
>> for particularly large transactions.  Or not.
>>     
>
> The problem is that this only sort-of protects you against host
> computer compromise because the token that the user authenticates with
> generally isn't cryptographically bound to the request the user
> is making. This allows the crimeware to claim it's requesting
> you to use your token for innocuous purpose X (e.g, routine
> security check) but to actually be using it for malicious purpose
> Y. So, it's a liveness check, but not a misuse check. See also
> [BF99].
>   
Indeed if you don't trust your browser to function properly you are left
with tradeoffs.  As we've seen even in the mobile world, a browser can
get hacked.  But there are approaches to further reduce the risk, like
describing the transaction on a display of the card.  And Eric, keep in
mind one obvious application for all of this: if I want to put an end to
bots at my company, I may want to periodically demand strong
authentication from the PCs for various functions.  Let's see the
malware that is both a useful bot and attempts to fool me into thinking
I'm not sending that email I mean to send.

Eliot

_______________________________________________
dix mailing list
dix@ietf.org
https://www1.ietf.org/mailman/listinfo/dix

v2.23.0 | Report a Bug | By Email