Re: [http-auth] [saag] re-call for IETF http-auth BoF
Nico Williams <nico@cryptonector.com> Mon, 06 June 2011 23:30 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B7381F0C50 for <http-auth@ietfa.amsl.com>; Mon, 6 Jun 2011 16:30:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HElUuM5BIfy9 for <http-auth@ietfa.amsl.com>; Mon, 6 Jun 2011 16:30:27 -0700 (PDT)
Received: from homiemail-a27.g.dreamhost.com (caiajhbdcbhh.dreamhost.com [208.97.132.177]) by ietfa.amsl.com (Postfix) with ESMTP id 3578D1F0C4E for <http-auth@ietf.org>; Mon, 6 Jun 2011 16:30:27 -0700 (PDT)
Received: from homiemail-a27.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a27.g.dreamhost.com (Postfix) with ESMTP id 011AD598065 for <http-auth@ietf.org>; Mon, 6 Jun 2011 16:30:27 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=XSjVduDafyOZYra8vDYYte0Fczo5dhTMD+UtOgjotsRV 2900J/sGDxrDOlzgQzY361FIXDco9L5F8I1knDie4vg4ZvuWFQwiW9kadY9C1sa5 8DREoAzjKteV43WtAkXzOm1/UbiMN5GMsAE8BKJ81QMW4eGwCbBC/fwIpppNuF0=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=uqVwQBsAa9Xiv5R2L96JUgVjZdo=; b=i6WDrrhL/7n NPfKPpPsBmjMF3l1ytyexLKD1qt9xjlMH5p+EKmYgSv/kPMpuAbWUOuXGtvyl2Uo GxxOGrHA033KrEphvbVcvwpb8xtQJ1WuHDVsCPcCePBDiH1CkiMA5xmvesW/HzFf /5c61fQKVN/01ZGKA+lLzDPh80QS4fI8=
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a27.g.dreamhost.com (Postfix) with ESMTPSA id D8374598057 for <http-auth@ietf.org>; Mon, 6 Jun 2011 16:30:26 -0700 (PDT)
Received: by pwi5 with SMTP id 5so2636361pwi.31 for <http-auth@ietf.org>; Mon, 06 Jun 2011 16:30:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.37.3 with SMTP id u3mr2240088pbj.456.1307403026546; Mon, 06 Jun 2011 16:30:26 -0700 (PDT)
Received: by 10.68.50.39 with HTTP; Mon, 6 Jun 2011 16:30:26 -0700 (PDT)
In-Reply-To: <20110606221103.GG1565@sentinelchicken.org>
References: <878vtgfbs1.fsf@bluewind.rcis.aist.go.jp> <A89D85D0-00AB-4F21-8841-6707E9CDCFC4@gmx.net> <20110606170256.GF1565@sentinelchicken.org> <BANLkTi=qM6y=J-8w-zmCvu=tXSomUrrs2w@mail.gmail.com> <20110606221103.GG1565@sentinelchicken.org>
Date: Mon, 06 Jun 2011 18:30:26 -0500
Message-ID: <BANLkTikxzr4K8j21-+F6EPRsDCGmyUm+qQ@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Tim <tim-research@sentinelchicken.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: http-auth@ietf.org
Subject: Re: [http-auth] [saag] re-call for IETF http-auth BoF
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jun 2011 23:30:28 -0000
On Mon, Jun 6, 2011 at 5:11 PM, Tim <tim-research@sentinelchicken.org> wrote: > Agreed. One of the problems is that there are so many proposals. I > can't keep up with them all. I live and breathe web security, but I > don't have time to read up on all of the new stuff until a customer > actually implements something and I'm asked to test it. > > For the average developer, figuring out which to use is just as > difficult, if not more difficult. We have fundamentally the following choices: - new TLS auth methods (but... how to upgrade existing TLS firmware, ...?) - new HTTP auth methods (but... how to upgrade the many HTTP stacks?) - new HTTP redirect-based authentication methods (with all the problems those entail) - new auth methods based on TLS user (and server?) certs, such as downloading keys and certs via SACRED, getting short-lived certs from onine CAs (to which one authenticates via, say, a password-based method), or via registration of random self-signed certs (where one uses a password-based method, say, to authenticate in the cert registration protocol) - application-layer auth methods - ?? (out-of-band authentication?) My proposal is to do authentication at the application layer. In most other Internet protocols that's _exactly_ what we do: authentication at the application layer. What we can't do is transport protection at the application layer (for practical reasons as well as because of existing investments in TLS concentrators, etcetera) -- so enter channel binding (see RFCs 5056 and 5929). > In my experience, new technologies are most commonly adopted because > they fill a need and they have a low implementation cost, not because > they are the best all-around solution. Understanding how a technology > works is part of the implementation cost. If you put out the most > secure, most feature rich, and most efficient protocol possible, it > probably won't be adopted if it isn't super easy to understand, > implement, etc. I believe application-layer authentication can fulfill this because no changes are required to the existing TLS and HTTP stacks. > For a guy like me, who spends most of his time in the trenches, it > seems like the best approach is to have a firm idea of where you want > to go with your framework, but release it in small digestable pieces. > For instance, authentication protocols that can be used in very > specific scenarios (e.g. one that replaces basic/digest auth, another > that improves on client certificates, etc). What if the authentication mechanisms exist, but you're only just awaiting for a way to use them in this one class of applications? >> How would you protect against phishing attacks via a new >> authentication system? I'm serious. I believe it's possible to >> improve the situation significantly that way, and I have my reasons, >> but I want to hear yours. > > Well, we've discussed this in the past, and agreed essentially that: > > 0. We must assume that users will fail to validate the trust of the > domain they are visiting (definition of typical phishing attack) Yes! This means that whatever authentication method you use to authenticate the user MUST also authenticate the server. And, because we'll have TLS around forever, we must have channel binding of authentication to the TLS channel. > 1. Authentication must be conducted outside of the web page, since > that will be attacker-controlled. Proposals have been to include > it in the browser "chrome", but OS-level authentication could work > as well. It is essential that whatever is selected as a GUI widget > must not be easily spoofable through fancy web features. Yes! See Sam Hartman's presentation from the W3C workshop two weeks ago. > 2. In the case of password authentication, the server must prove it > knows the password as well. This is what HTTP Mutual can > accomplish, though other protocols can accomplish it as well (TLS > SRP?) Yes! This is really just a restatement of the mutual authentication requirement that you implied above. > Note that this doesn't eliminate all phishing attack vectors. An > attacker could still phish someone by convincing them to hand out their > personal information outside of an authenticated session. Phishing attacks depend on the fact that humans are susceptible to cons. We can't prevent people for falling to cons. HOWEVER, we may be able to make some (not all) classes of phishing and MITM attacks much harder, or impossible -- I believe that we can. > Is there something I'm missing? Channel binding :) Nico --
- Re: [http-auth] [saag] re-call for IETF http-auth… Yutaka OIWA
- Re: [http-auth] [saag] re-call for IETF http-auth… Tim
- Re: [http-auth] [saag] re-call for IETF http-auth… Nico Williams
- [http-auth] re-call for IETF http-auth BoF Yutaka OIWA
- Re: [http-auth] re-call for IETF http-auth BoF Harry Halpin
- Re: [http-auth] [saag] re-call for IETF http-auth… Hannes Tschofenig
- Re: [http-auth] [saag] re-call for IETF http-auth… Nico Williams
- Re: [http-auth] [saag] re-call for IETF http-auth… Tim
- Re: [http-auth] [saag] re-call for IETF http-auth… Marsh Ray
- Re: [http-auth] [saag] re-call for IETF http-auth… Nico Williams
- Re: [http-auth] [saag] re-call for IETF http-auth… Nico Williams
- Re: [http-auth] [saag] re-call for IETF http-auth… Stephen Farrell
- Re: [http-auth] [saag] re-call for IETF http-auth… Nico Williams
- Re: [http-auth] [saag] re-call for IETF http-auth… Marsh Ray
- Re: [http-auth] [saag] re-call for IETF http-auth… Nico Williams
- Re: [http-auth] re-call for IETF http-auth BoF Yutaka OIWA
- Re: [http-auth] re-call for IETF http-auth BoF Yutaka OIWA
- Re: [http-auth] re-call for IETF http-auth BoF Julian Reschke
- [http-auth] Fwd: re-call for IETF http-auth BoF Yutaka OIWA
- Re: [http-auth] [websec] re-call for IETF http-au… Phillip Hallam-Baker
- Re: [http-auth] [websec] re-call for IETF http-au… Alexey Melnikov
- Re: [http-auth] [saag] [websec] re-call for IETF … Peter Gutmann
- Re: [http-auth] [saag] [websec] re-call for IETF … Nico Williams
- Re: [http-auth] [websec] [saag] re-call for IETF … Stephen Farrell
- Re: [http-auth] [websec] [saag] re-call for IETF … Nico Williams
- Re: [http-auth] [saag] [websec] re-call for IETF … Yutaka OIWA
- Re: [http-auth] [saag] [websec] re-call for IETF … Nico Williams
- Re: [http-auth] [saag] [websec] re-call for IETF … Yutaka OIWA
- Re: [http-auth] [saag] [websec] re-call for IETF … Nico Williams
- Re: [http-auth] [saag] [websec] re-call for IETF … KIHARA, Boku
- [http-auth] Fwd: [saag] [websec] re-call for IETF… KIHARA, Boku
- Re: [http-auth] [websec] Fwd: [saag] re-call for … Thomas Roessler
- Re: [http-auth] [saag] [websec] re-call for IETF … Nico Williams
- Re: [http-auth] [saag] [websec] re-call for IETF … Yutaka OIWA
- Re: [http-auth] [saag] [websec] re-call for IETF … Yutaka OIWA
- Re: [http-auth] [saag] [websec] re-call for IETF … Nico Williams
- Re: [http-auth] [saag] [websec] re-call for IETF … Peter Gutmann
- Re: [http-auth] [saag] [websec] re-call for IETF … Nico Williams
- Re: [http-auth] [saag] [websec] re-call for IETF … Josh Howlett
- Re: [http-auth] [saag] [websec] Fwd: re-call for … Marc Williams
- Re: [http-auth] [saag] [websec] Fwd: re-call for … SHIMIZU, Kazuki
- Re: [http-auth] [saag] [websec] Fwd: re-call for … GOGWIM, JOEL GODWIN
- Re: [http-auth] [saag] [websec] Fwd: re-call for … Nico Williams
- Re: [http-auth] [saag] [websec] Fwd: re-call for … Henry B. Hotz
- Re: [http-auth] [saag] [websec] Fwd: re-call for … Yutaka OIWA
- Re: [http-auth] [saag] [websec] Fwd: re-call for … Yutaka OIWA
- Re: [http-auth] [saag] [websec] Fwd: re-call for … Yaron Sheffer
- Re: [http-auth] [websec] [saag] Fwd: re-call for … Marsh Ray
- Re: [http-auth] [websec] [saag] Fwd: re-call for … Stephen Farrell
- Re: [http-auth] [saag] [websec] Fwd: re-call for … Nico Williams
- Re: [http-auth] [saag] [websec] re-call for IETF … Phillip Hallam-Baker
- Re: [http-auth] [websec] [saag] re-call for IETF … Thomas Fossati
- Re: [http-auth] [websec] [saag] re-call for IETF … Nico Williams
- Re: [http-auth] [saag] [websec] re-call for IETF … Henry B. Hotz