Re: [http-auth] Stephen Farrell's Yes on draft-ietf-httpauth-scram-auth-14: (with COMMENT)
Alexey Melnikov <alexey.melnikov@isode.com> Tue, 15 December 2015 13:45 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D7331A8928; Tue, 15 Dec 2015 05:45:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TkLdquf9AQEH; Tue, 15 Dec 2015 05:45:09 -0800 (PST)
Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id 235F31A892A; Tue, 15 Dec 2015 05:45:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1450187108; d=isode.com; s=selector; i=@isode.com; bh=N4JoOLA8oOEGiKHaqCGGXMTKUXr3MirOVh7abuCECVs=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=FqPV0CbEzntNUNj6jrww6u9mYLgcT7dM5JX5F5mRaZQ/pMfzZxpItQdPqyipe8HGFYdvut JYAg/1VxdVK6U9h56SLf15V9znyH2jToI1PGHmHsGBpbugxc0YYqfhl7Fc7wQM9rYzGtsc RrfcU3kI/1Q3LWDT5LwuOpo/L72yxIo=;
Received: from [172.20.1.215] (dhcp-215.isode.net [172.20.1.215]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <VnAZYwBSXLwS@waldorf.isode.com>; Tue, 15 Dec 2015 13:45:08 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
References: <20151214111921.18176.92140.idtracker@ietfa.amsl.com>
Message-ID: <56701963.6080400@isode.com>
Date: Tue, 15 Dec 2015 13:45:07 +0000
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
In-Reply-To: <20151214111921.18176.92140.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/http-auth/dvHaehdR-0Kdw2cUo3M5XFeKkhA>
Cc: draft-ietf-httpauth-scram-auth@ietf.org, httpauth-chairs@tools.ietf.org, httpauth-chairs@ietf.org, http-auth@ietf.org, draft-ietf-httpauth-scram-auth-all@tools.ietf.org
Subject: Re: [http-auth] Stephen Farrell's Yes on draft-ietf-httpauth-scram-auth-14: (with COMMENT)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2015 13:45:11 -0000
Hi Stephen, Thank you for your comments. On 14/12/2015 11:19, Stephen Farrell wrote: > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > Some of the issues below would be discuss points for a standards > track draft but I think clarifying these kinds of corner-case issues > during an experimental deployment should be fine. I think it'd be > really good if you noted some of these issues and that they were > things to clarify as part of the experiment. The interleaving issue > being perhaps the most worthy of noting. > > - abstract: the claims seem somewhat overbroad, I hoped those would > be justified in the text, but I didn't see that tbh. I'd recommend > toning that down some. I will check. > - intro, 1st para, typo: s/have had/has had/ > > - intro, 3rd para: s/adoptation/an adaptation/ and s/SCRAM data/ The > SCRAM data/ in the same para, and s/adds/adds a/ similarly Fixed. > - intro, bullet1: where you say "is not sufficient" that can be true > of cleartext password schemes too, the difference here is that the > protocol data units must require a dictionary attack, which is good > but mostly neutral if good back-end practices are in place, but bad > back-end practices can be in place with SCRAM just as much as with > cleartext pwds, so I think the claim is not justified in the end > unless you add "depending on sound implemenation practices" or some > such. > > - intro, bullets 2&3: these should really have a caveat that a > dictionary attack works and would invalidate the claims made Ok. > - 2.1: it is not clear to me how LDAP or RADIUS could be used as an > authentication DB for SCRAM, unless the cleartext pwd is stored > there, which would invalidate the claims made in the intro, or are > there standard ways in both protocols to store SCRAM verifiers that > are not cleartext passwords? The latter. See <http://datatracker.ietf.org/doc/rfc5803/> > (That might be the case, I just don't > know.) > > - 2.2: "may not be included" would be better as "is optional" as the > former can be read ambiguously to mean "must not be included." Ok. > - 2.2: Definition of "Hi" - it is odd to have the "i" twice in the > formula. > - 2.2: definition of "Hi" - what is INT(1) and why is it there? I believe this is from PBKDF2 definition, > I think you need to explain the former and should explain the latter. It is defined below Hi(). > - section 5: Hmm - I didn't realise that HTTP really allows for two > 401 messages within the same authentication. It isn't clear to me > that a browser and server can always correctly maintain state for > that. Are you sure that they can? I've asked Julian Reschke and he didn't think it was a problem. After the first exchange a session is established (with session id), it then can be used to correlate. > Can't two requests for protected > resources cross over in HTTP causing server confusion (if the realms > differ and passwords differ) or maybe even a condition that might > not represent the client's actual wishes? The server is supposed to respond to requests in the same order as received. Also, HTTP/2.0 makes this problem go away ;-). > (That said, I've not gone > and looked if this kind of interleaving is a real problem or not.) > > - 5, initial client msg: "a random, unique nonce attributes" is > ambiguous - is it one ("a random") or many ("attributes"). I think > you need to be precise. Should be "attribute". > - 5, just before 5.1: "might have to drop" is very vague, why? If > the server auth is broken I think a "MUST drop" has to be correct. It doesn't have to drop the connection and might do other things. So it is more like MAY. > - 5, is it ok for a client to increment the nonce-count by >1? I assume you are talking about reauthentication case: I don't think so. But reauthentication can be done multiple times, so the value can be incremented by more than 1 from the original value. I should make this clearer, if it isn't already. > (I assume it is as a request could get lost, albeit that'd be rare and > mostly down to proxy bugs I suspect.) > - section 8: "a successor to SHA-1" is a bit coy and now that Tony > has defined one I think you can mention the sha256 based scheme. Changed. > - Thanks for handling the secdir review [1] and I appreciate that > the author has pinged the reviewer on that. It'd maybe be no harm to > re-ping if the reviewer still hasn't had a chance to respond. Will do. > [1]https://www.ietf.org/mail-archive/web/secdir/current/msg06254.html >
- [http-auth] Stephen Farrell's Yes on draft-ietf-h… Stephen Farrell
- Re: [http-auth] Stephen Farrell's Yes on draft-ie… Alexey Melnikov
- Re: [http-auth] Stephen Farrell's Yes on draft-ie… Stephen Farrell