IETF Logo Mail Archive

Re: [http-auth] Why update Digest Auth?

Yaron Sheffer <yaronf.ietf@gmail.com> Mon, 22 July 2013 20:51 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABA0611E80DF for <http-auth@ietfa.amsl.com>; Mon, 22 Jul 2013 13:51:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TDLTgoy9Sdfz for <http-auth@ietfa.amsl.com>; Mon, 22 Jul 2013 13:51:48 -0700 (PDT)
Received: from mail-ee0-x233.google.com (mail-ee0-x233.google.com [IPv6:2a00:1450:4013:c00::233]) by ietfa.amsl.com (Postfix) with ESMTP id CDFEF11E80D3 for <http-auth@ietf.org>; Mon, 22 Jul 2013 13:51:47 -0700 (PDT)
Received: by mail-ee0-f51.google.com with SMTP id e52so4055029eek.24 for <http-auth@ietf.org>; Mon, 22 Jul 2013 13:51:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=bhYF8FRFt1QLmSmwyHA6z53m49GC7j4SGKcg8QT8LTA=; b=agM8kfA1OUzivdzK532EIM/iusS+Q4KraL0EHc2YpfVqZyt9fJAtjfDBI86SQGlTGm vATFhWAyI4OfUzYnT6A4B4YRMjDDNcTYOEuTeqpk71gzvfltmrivHMV+4dyZiwSADwr0 4LBVe4W1gz7So6p30AMF3j6Efoq8dDvRFv1y4Pih8Jjh71qZiagkbBr19sYXSNSZaF/7 M2M7jI+fl83Djc83NEOptWRhfJ7MBWaoHS23Q23HgkDseWp0i406YoixCww12LEOIOGz i3IgEdFmCaKXvjgOS8RYLvC24Yeg8yFQaHnR90MVH2qmP96/vLTqqR2r4gtj0k43YTHr KXaQ==
X-Received: by 10.14.4.70 with SMTP id 46mr28926384eei.42.1374526306878; Mon, 22 Jul 2013 13:51:46 -0700 (PDT)
Received: from [10.0.0.5] (bzq-79-183-199-41.red.bezeqint.net. [79.183.199.41]) by mx.google.com with ESMTPSA id m1sm53573344eex.17.2013.07.22.13.51.45 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 22 Jul 2013 13:51:46 -0700 (PDT)
Message-ID: <51ED9B60.40907@gmail.com>
Date: Mon, 22 Jul 2013 23:51:44 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7
MIME-Version: 1.0
To: Yoav Nir <ynir@checkpoint.com>
References: <51EABBDB.2090401@gmail.com> <4613980CFC78314ABFD7F85CC302772111A9EE0E@DAG-EX10.ad.checkpoint.com>
In-Reply-To: <4613980CFC78314ABFD7F85CC302772111A9EE0E@DAG-EX10.ad.checkpoint.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: HTTP Auth WG <http-auth@ietf.org>
Subject: Re: [http-auth] Why update Digest Auth?
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2013 20:51:48 -0000

Hi Yoav,

I agree if it's a ZKPP, it's not Digest any more. I just say, it's a 
better use of everybody's time. And it's not about the name, it's about 
which one we put on the standards track.

Re: Mutual Auth, our charter says it is going to be Experimental. So no 
matter if it's published early, it will have a much lower chance of 
being implemented.

By the way, Mutual Auth appears to be serious on I18N, as it should be.

Thanks,
	Yaron

On 2013-07-22 12:16, Yoav Nir wrote:
> I'm not totally opposed, but if we replace Digest with some ZKPP, it's not Digest any more.
>
> Two of our experimental drafts are "better digests" - MutualAuth and SCRAM. MutualAuth is mature, has implementations, and I don't see why it shouldn't be ready to progress almost as fast as Digest.
>
> Do you think that enterprises would require "Digest" rather than "MutualAuth" or "SCRAM" just because it's called "Digest"?
>
> Hopefully these new methods will also support international user names and passwords (because specifying a user authentication method is 2013 that does not support non-English names is even sillier than specifying one that relies on MD5 for security). Then it's up to the enterprises to decide what they want to require vendors to implement.
>
> Yoav
>
> -----Original Message-----
> From: http-auth-bounces@ietf.org [mailto:http-auth-bounces@ietf.org] On Behalf Of Yaron Sheffer
> Sent: Saturday, July 20, 2013 7:34 PM
> To: HTTP Auth WG
> Subject: [http-auth] Why update Digest Auth?
>
> Sorry for questioning the group's charter, but this keeps bugging me:
>
> I'm assuming this WG will publish two Standards Track RFCs, updating Basic and Digest Auth. And a pile of Experimental RFCs with all sorts of lovely state-of-the-art crypto.
>
> Enterprises will require vendors to implement the updated Basic and Digest, and in a few years' time we will end up with the worlds'
> browsers and Web servers supporting Basic and Digest Auth with I18N and (for Digest) crypto agility. Almost nobody will implement the other drafts.
>
> In addition, the websec WG will hopefully work on "session continuation", which will extend the authentication to the whole session in a better way than cookies, and will provide channel binding. Assuming much of the Internet's traffic will remain unencrypted for years, this will be "good enough" security for this traffic. But, it won't work with Digest (because it is not "key generating", to borrow an EAP term).
>
> Now my question: we are telling implementors to upgrade Digest to gain I18N (and the algorithm agility, which in this case is mostly security theater, because when using short passwords we remain vulnerable to a dictionary attack anyway). Why not tell them *instead* to move to Digest-v2, which is dictionary attack resistant? Digest-v2 could be based on EKE or SRP, or maybe on draft-oiwa-http-mutualauth, and will support session continuation.
>
> Seems to me this would be a much better use of our time, as well as implementors' energy.
>
> Thanks,
>       Yaron
>

v2.23.0 | Report a Bug | By Email