IETF Logo Mail Archive

Re: [http-auth] Why update Digest Auth?

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 22 July 2013 00:15 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E86821F999C for <http-auth@ietfa.amsl.com>; Sun, 21 Jul 2013 17:15:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.799
X-Spam-Level:
X-Spam-Status: No, score=-102.799 tagged_above=-999 required=5 tests=[AWL=-0.200, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jeEDWj7aXa7N for <http-auth@ietfa.amsl.com>; Sun, 21 Jul 2013 17:15:21 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 37AF521F8FF3 for <http-auth@ietf.org>; Sun, 21 Jul 2013 17:15:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 9EC04BE50; Mon, 22 Jul 2013 01:14:56 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rrxc8pALE0Sj; Mon, 22 Jul 2013 01:14:55 +0100 (IST)
Received: from [10.87.48.9] (unknown [86.45.49.168]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 060BABE4D; Mon, 22 Jul 2013 01:14:54 +0100 (IST)
Message-ID: <51EC7974.4020606@cs.tcd.ie>
Date: Mon, 22 Jul 2013 01:14:44 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7
MIME-Version: 1.0
To: Yaron Sheffer <yaronf.ietf@gmail.com>
References: <51EABBDB.2090401@gmail.com>
In-Reply-To: <51EABBDB.2090401@gmail.com>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: HTTP Auth WG <http-auth@ietf.org>
Subject: Re: [http-auth] Why update Digest Auth?
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2013 00:15:37 -0000

Hiya,

On 07/20/2013 05:33 PM, Yaron Sheffer wrote:
> Sorry for questioning the group's charter, but this keeps bugging me:

I'd rather we do stuff as promised personally and not re-open
the charter. In saying that, I am assuming we finish what we
promised promptly (i.e. within months, not years).

> I'm assuming this WG will publish two Standards Track RFCs, updating
> Basic and Digest Auth. And a pile of Experimental RFCs with all sorts of
> lovely state-of-the-art crypto.
> 
> Enterprises will require vendors to implement the updated Basic and
> Digest, and in a few years' time we will end up with the worlds'
> browsers and Web servers supporting Basic and Digest Auth with I18N and
> (for Digest) crypto agility. 

Fair point about vendors and their customers. OTOH, RFC 1149 has
also reportedly been requested of vendors, so customer RFQ silliness
isn't really a good metric for what an IETF WG ought do.

> Almost nobody will implement the other drafts.

That's a nicely confident prediction. Care to bet a beer? (If so,
quantify it fairly somehow and I'll take that bet.)

I hope you're wrong, at least wrt HOBA, but in any case, we ought
not base any decisions on you prediction above, or any equivalent
prediction.

> In addition, the websec WG will hopefully work on "session
> continuation", which will extend the authentication to the whole session
> in a better way than cookies, and will provide channel binding. Assuming
> much of the Internet's traffic will remain unencrypted for years, this
> will be "good enough" security for this traffic. But, it won't work with
> Digest (because it is not "key generating", to borrow an EAP term).
> 
> Now my question: we are telling implementors to upgrade Digest to gain
> I18N (and the algorithm agility, which in this case is mostly security
> theater, because when using short passwords we remain vulnerable to a
> dictionary attack anyway). Why not tell them *instead* to move to
> Digest-v2, which is dictionary attack resistant? Digest-v2 could be
> based on EKE or SRP, or maybe on draft-oiwa-http-mutualauth, and will
> support session continuation.
> 
> Seems to me this would be a much better use of our time, as well as
> implementors' energy.

Not to me. You can already and should already run over TLS, at which
point any advantage of ZKPP gets lost in the noise since phishing and
password verifier DB leakage are entirely unaffected by the elegant
ZKPP bit fiddling. (That is a shame, since the crypto really is quite
elegant, but its nonetheless true.)

So I'm still of the opinion that minimal modernising of the existing
schemes plus some experiments is right here and we should not
pointlessly anoint any of the experiments with standards-track
status until after we've seen that they are useful in reality.

Having said that, if we decided to abandon work on Digest I'd not
object.

S.

> 
> Thanks,
>     Yaron
> _______________________________________________
> http-auth mailing list
> http-auth@ietf.org
> https://www.ietf.org/mailman/listinfo/http-auth
> 
>

v2.23.0 | Report a Bug | By Email