IETF Logo Mail Archive

Re: [http-auth] Why update Digest Auth?

Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Tue, 23 July 2013 06:44 UTC

Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A24811E8103 for <http-auth@ietfa.amsl.com>; Mon, 22 Jul 2013 23:44:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.933
X-Spam-Level:
X-Spam-Status: No, score=-0.933 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, SARE_HTML_USL_OBFU=1.666]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8nOzmYJRrteY for <http-auth@ietfa.amsl.com>; Mon, 22 Jul 2013 23:44:09 -0700 (PDT)
Received: from mail-qa0-x235.google.com (mail-qa0-x235.google.com [IPv6:2607:f8b0:400d:c00::235]) by ietfa.amsl.com (Postfix) with ESMTP id 2C11511E80D1 for <http-auth@ietf.org>; Mon, 22 Jul 2013 23:44:08 -0700 (PDT)
Received: by mail-qa0-f53.google.com with SMTP id hu14so1072311qab.12 for <http-auth@ietf.org>; Mon, 22 Jul 2013 23:44:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mC/nU+UXuiv6f5J4iXgJ+t6M7IOs/E/y0XNs8npoQXA=; b=TzJY8HS4s0e1XaTycPePKPdfxZSMqPT8XmIbM7qBdWBYMwdEeBnx+uS/TwQT7OmKQL 28iraWiKuKbz4cRL00NkOPQo5kPTRxTNbLSV5MHwoOoAE0ij0l2ihy2Y8Vz1yi46WyZ3 7uY6yzmFPzM+IFcLPSkKey3mOxdaodgIPlUTPHiLaVM+erbKHNRYTNB5Bau3awL8WBO1 s3Poe+a2bsL2WK8p1HAGwjsV2on13iCxasrRKv66nzKbau4NmUui53IN/t5fW9czzhWY AN/LEWXGOaBy7Ik0HSHDpWdYRWEODM20BgDXr+CBZVPMZRrDDTSOaTOcTHhn9w/uP+Ey pcHg==
MIME-Version: 1.0
X-Received: by 10.224.182.79 with SMTP id cb15mr38284288qab.48.1374561842202; Mon, 22 Jul 2013 23:44:02 -0700 (PDT)
Received: by 10.49.39.201 with HTTP; Mon, 22 Jul 2013 23:44:02 -0700 (PDT)
In-Reply-To: <51EDA3EB.7080108@gmail.com>
References: <51EABBDB.2090401@gmail.com> <4613980CFC78314ABFD7F85CC302772111A9EE0E@DAG-EX10.ad.checkpoint.com> <C246BE86-0721-4259-8611-4DD68101B95D@gmail.com> <51EDA3EB.7080108@gmail.com>
Date: Tue, 23 Jul 2013 02:44:02 -0400
Message-ID: <CAGL6epKxrJG=hvGs2+jvkH0yE2YjH2dsXEjNALBk2mVeN1syrA@mail.gmail.com>
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="20cf303b4291538df304e2281edb"
Cc: HTTP Auth WG <http-auth@ietf.org>
Subject: Re: [http-auth] Why update Digest Auth?
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2013 06:44:10 -0000

Hi Yaron,

SIP is deployed over UDP, TCP, and TLS.
Both types of deployments, human-memorable & machine-generated passwords,
are widely used.

Regards,
 Rifaat



On Mon, Jul 22, 2013 at 5:28 PM, Yaron Sheffer <yaronf.ietf@gmail.com>wrote:

> Hi Rifaat,
>
> responding only to the first of your objections:
>
> I am really worried if Digest (presumably not over TLS) is the standard
> authentication method in SIP. A few questions:
>
> - Do people normally use it with a human-memorable password? If they do,
> then the dictionary attack vulnerability is IMO much more serious than
> continuing to use MD5, and would remain serious after we upgrade Digest.
>
> - On the other hand, if people use Digest with computer-generated
> authentication strings, then I18N is probably unnecessary.
>
> - Looking at RFC 3665, it seems to me SIP Register can accommodate a two
> round-trip authentication method, just as well as HTTP can.
>
> Thanks,
>         Yaron
>
>
> On 2013-07-22 13:51, Rifaat Shekh-Yusef wrote:
>
>> I do not like the idea of canceling the Digest work for the following
>> reasons:
>>
>> 1. Digest is used with SIP protocol, and I am not sure the widely used
>> Digest mechanism in SIP networks will be replaced with any if the new
>> proposals.
>>
>> 2. This was already discussed during the discussion on the charter, and
>> it seems a bit late to reopen that right now.
>>
>> 3. I think that the adopters of the new mechanisms should be motivated by
>> the merit of the new mechanisms, not by us not updating Digest.
>>
>> 4. Some of the adopters of Digest might be satisfied with the Digest as
>> it fulfills their need, and might not be interested in a "better" solution
>> for their network.
>>
>> To address the timeline point that Stephen has raised, I think that the
>> agility work should be done fairly soon as I do not see any major
>> challenges at this stage.
>>
>> Regards,
>>   Rifaat
>>
>> Sent from my iPhone
>>
>> On 2013-07-22, at 12:16 PM, Yoav Nir <ynir@checkpoint.com> wrote:
>>
>>  I'm not totally opposed, but if we replace Digest with some ZKPP, it's
>>> not Digest any more.
>>>
>>> Two of our experimental drafts are "better digests" - MutualAuth and
>>> SCRAM. MutualAuth is mature, has implementations, and I don't see why it
>>> shouldn't be ready to progress almost as fast as Digest.
>>>
>>> Do you think that enterprises would require "Digest" rather than
>>> "MutualAuth" or "SCRAM" just because it's called "Digest"?
>>>
>>> Hopefully these new methods will also support international user names
>>> and passwords (because specifying a user authentication method is 2013 that
>>> does not support non-English names is even sillier than specifying one that
>>> relies on MD5 for security). Then it's up to the enterprises to decide what
>>> they want to require vendors to implement.
>>>
>>> Yoav
>>>
>>> -----Original Message-----
>>> From: http-auth-bounces@ietf.org [mailto:http-auth-bounces@**ietf.org<http-auth-bounces@ietf.org>]
>>> On Behalf Of Yaron Sheffer
>>> Sent: Saturday, July 20, 2013 7:34 PM
>>> To: HTTP Auth WG
>>> Subject: [http-auth] Why update Digest Auth?
>>>
>>> Sorry for questioning the group's charter, but this keeps bugging me:
>>>
>>> I'm assuming this WG will publish two Standards Track RFCs, updating
>>> Basic and Digest Auth. And a pile of Experimental RFCs with all sorts of
>>> lovely state-of-the-art crypto.
>>>
>>> Enterprises will require vendors to implement the updated Basic and
>>> Digest, and in a few years' time we will end up with the worlds'
>>> browsers and Web servers supporting Basic and Digest Auth with I18N and
>>> (for Digest) crypto agility. Almost nobody will implement the other drafts.
>>>
>>> In addition, the websec WG will hopefully work on "session
>>> continuation", which will extend the authentication to the whole session in
>>> a better way than cookies, and will provide channel binding. Assuming much
>>> of the Internet's traffic will remain unencrypted for years, this will be
>>> "good enough" security for this traffic. But, it won't work with Digest
>>> (because it is not "key generating", to borrow an EAP term).
>>>
>>> Now my question: we are telling implementors to upgrade Digest to gain
>>> I18N (and the algorithm agility, which in this case is mostly security
>>> theater, because when using short passwords we remain vulnerable to a
>>> dictionary attack anyway). Why not tell them *instead* to move to
>>> Digest-v2, which is dictionary attack resistant? Digest-v2 could be based
>>> on EKE or SRP, or maybe on draft-oiwa-http-mutualauth, and will support
>>> session continuation.
>>>
>>> Seems to me this would be a much better use of our time, as well as
>>> implementors' energy.
>>>
>>> Thanks,
>>>      Yaron
>>>
>>> ______________________________**_________________
>>> http-auth mailing list
>>> http-auth@ietf.org
>>> https://www.ietf.org/mailman/**listinfo/http-auth<https://www.ietf.org/mailman/listinfo/http-auth>
>>>
>>

v2.23.0 | Report a Bug | By Email