Re: [http-auth] Stephen Farrell's Yes on draft-ietf-httpauth-scram-auth-14: (with COMMENT)
Alexey Melnikov <alexey.melnikov@isode.com> Tue, 15 December 2015 13:45 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D7331A8928; Tue, 15 Dec 2015 05:45:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TkLdquf9AQEH; Tue, 15 Dec 2015 05:45:09 -0800 (PST)
Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id 235F31A892A; Tue, 15 Dec 2015 05:45:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1450187108; d=isode.com; s=selector; i=@isode.com; bh=N4JoOLA8oOEGiKHaqCGGXMTKUXr3MirOVh7abuCECVs=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=FqPV0CbEzntNUNj6jrww6u9mYLgcT7dM5JX5F5mRaZQ/pMfzZxpItQdPqyipe8HGFYdvut JYAg/1VxdVK6U9h56SLf15V9znyH2jToI1PGHmHsGBpbugxc0YYqfhl7Fc7wQM9rYzGtsc RrfcU3kI/1Q3LWDT5LwuOpo/L72yxIo=;
Received: from [172.20.1.215] (dhcp-215.isode.net [172.20.1.215]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <VnAZYwBSXLwS@waldorf.isode.com>; Tue, 15 Dec 2015 13:45:08 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
References: <20151214111921.18176.92140.idtracker@ietfa.amsl.com>
Message-ID: <56701963.6080400@isode.com>
Date: Tue, 15 Dec 2015 13:45:07 +0000
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
In-Reply-To: <20151214111921.18176.92140.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/http-auth/dvHaehdR-0Kdw2cUo3M5XFeKkhA>
Cc: draft-ietf-httpauth-scram-auth@ietf.org, httpauth-chairs@tools.ietf.org, httpauth-chairs@ietf.org, http-auth@ietf.org, draft-ietf-httpauth-scram-auth-all@tools.ietf.org
Subject: Re: [http-auth] Stephen Farrell's Yes on draft-ietf-httpauth-scram-auth-14: (with COMMENT)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2015 13:45:11 -0000
Hi Stephen,
Thank you for your comments.
On 14/12/2015 11:19, Stephen Farrell wrote:
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
>
> Some of the issues below would be discuss points for a standards
> track draft but I think clarifying these kinds of corner-case issues
> during an experimental deployment should be fine. I think it'd be
> really good if you noted some of these issues and that they were
> things to clarify as part of the experiment. The interleaving issue
> being perhaps the most worthy of noting.
>
> - abstract: the claims seem somewhat overbroad, I hoped those would
> be justified in the text, but I didn't see that tbh. I'd recommend
> toning that down some.
I will check.
> - intro, 1st para, typo: s/have had/has had/
>
> - intro, 3rd para: s/adoptation/an adaptation/ and s/SCRAM data/ The
> SCRAM data/ in the same para, and s/adds/adds a/ similarly
Fixed.
> - intro, bullet1: where you say "is not sufficient" that can be true
> of cleartext password schemes too, the difference here is that the
> protocol data units must require a dictionary attack, which is good
> but mostly neutral if good back-end practices are in place, but bad
> back-end practices can be in place with SCRAM just as much as with
> cleartext pwds, so I think the claim is not justified in the end
> unless you add "depending on sound implemenation practices" or some
> such.
>
> - intro, bullets 2&3: these should really have a caveat that a
> dictionary attack works and would invalidate the claims made
Ok.
> - 2.1: it is not clear to me how LDAP or RADIUS could be used as an
> authentication DB for SCRAM, unless the cleartext pwd is stored
> there, which would invalidate the claims made in the intro, or are
> there standard ways in both protocols to store SCRAM verifiers that
> are not cleartext passwords?
The latter. See <http://datatracker.ietf.org/doc/rfc5803/>
> (That might be the case, I just don't
> know.)
>
> - 2.2: "may not be included" would be better as "is optional" as the
> former can be read ambiguously to mean "must not be included."
Ok.
> - 2.2: Definition of "Hi" - it is odd to have the "i" twice in the
> formula.
> - 2.2: definition of "Hi" - what is INT(1) and why is it there?
I believe this is from PBKDF2 definition,
> I think you need to explain the former and should explain the latter.
It is defined below Hi().
> - section 5: Hmm - I didn't realise that HTTP really allows for two
> 401 messages within the same authentication. It isn't clear to me
> that a browser and server can always correctly maintain state for
> that. Are you sure that they can?
I've asked Julian Reschke and he didn't think it was a problem. After
the first exchange a session is established (with session id), it then
can be used to correlate.
> Can't two requests for protected
> resources cross over in HTTP causing server confusion (if the realms
> differ and passwords differ) or maybe even a condition that might
> not represent the client's actual wishes?
The server is supposed to respond to requests in the same order as received.
Also, HTTP/2.0 makes this problem go away ;-).
> (That said, I've not gone
> and looked if this kind of interleaving is a real problem or not.)
>
> - 5, initial client msg: "a random, unique nonce attributes" is
> ambiguous - is it one ("a random") or many ("attributes"). I think
> you need to be precise.
Should be "attribute".
> - 5, just before 5.1: "might have to drop" is very vague, why? If
> the server auth is broken I think a "MUST drop" has to be correct.
It doesn't have to drop the connection and might do other things. So it
is more like MAY.
> - 5, is it ok for a client to increment the nonce-count by >1?
I assume you are talking about reauthentication case: I don't think so.
But reauthentication can be done multiple times, so the value can be
incremented by more than 1 from the original value. I should make this
clearer, if it isn't already.
> (I assume it is as a request could get lost, albeit that'd be rare and
> mostly down to proxy bugs I suspect.)
> - section 8: "a successor to SHA-1" is a bit coy and now that Tony
> has defined one I think you can mention the sha256 based scheme.
Changed.
> - Thanks for handling the secdir review [1] and I appreciate that
> the author has pinged the reviewer on that. It'd maybe be no harm to
> re-ping if the reviewer still hasn't had a chance to respond.
Will do.
> [1]https://www.ietf.org/mail-archive/web/secdir/current/msg06254.html
>
- [http-auth] Stephen Farrell's Yes on draft-ietf-h… Stephen Farrell
- Re: [http-auth] Stephen Farrell's Yes on draft-ie… Alexey Melnikov
- Re: [http-auth] Stephen Farrell's Yes on draft-ie… Stephen Farrell