Re: [http-auth] Barry Leiba's Discuss on draft-ietf-httpauth-hoba-09: (with DISCUSS and COMMENT)
Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 06 January 2015 03:01 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E94B1A0E10; Mon, 5 Jan 2015 19:01:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.31
X-Spam-Level:
X-Spam-Status: No, score=-1.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_51=0.6, RCVD_IN_DNSWL_NONE=-0.0001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rwd_SlQBX0u6; Mon, 5 Jan 2015 19:01:27 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F31211A038F; Mon, 5 Jan 2015 19:01:26 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 9F32CBEC0; Tue, 6 Jan 2015 03:01:23 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wto_9dOW58kX; Tue, 6 Jan 2015 03:01:20 +0000 (GMT)
Received: from [10.87.48.73] (unknown [86.42.19.48]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 8710FBEBC; Tue, 6 Jan 2015 03:01:20 +0000 (GMT)
Message-ID: <54AB4FFF.4040402@cs.tcd.ie>
Date: Tue, 06 Jan 2015 03:01:19 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: Barry Leiba <Barry.Leiba@huawei.com>
References: <20150105174855.11968.51931.idtracker@ietfa.amsl.com> <54AAE9C7.8010105@cs.tcd.ie> <CALaySJ+j2u3_amk-BSjDgRvoGKFjsqn8k1Lm8pN0dW5dCXck3g@mail.gmail.com> <9C2AA051DD3C464F8ADEE38AEE6C26AD18C9E7BA@dfweml704-chm>
In-Reply-To: <9C2AA051DD3C464F8ADEE38AEE6C26AD18C9E7BA@dfweml704-chm>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/http-auth/hpWETEPLzpHUvO_Z2Ef8TeobDrI
Cc: "httpauth-chairs@tools.ietf.org" <httpauth-chairs@tools.ietf.org>, "draft-ietf-httpauth-hoba.all@tools.ietf.org" <draft-ietf-httpauth-hoba.all@tools.ietf.org>, "http-auth@ietf.org" <http-auth@ietf.org>, The IESG <iesg@ietf.org>, Barry Leiba <barryleiba@computer.org>
Subject: Re: [http-auth] Barry Leiba's Discuss on draft-ietf-httpauth-hoba-09: (with DISCUSS and COMMENT)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jan 2015 03:01:31 -0000
On 06/01/15 01:26, Barry Leiba wrote: > (Temporarily responding from my huawei.com address, as China blocks > gmail.) No probs, I'm sure we'll sort this and the gfw delays won't be that much of a deal. > >>> Point 1: I find the document to be really unclear about who does >>> what with which and to whom and.... >> >> That's very odd. We've had a bunch of reviews and an independent >> implementation (I've not done an interop though) and you're the >> first to make such a comment I think. The draft assumes >> familiarity with the HTTP authentication framework (RFC7235) for >> sure and (100% correctly I'd say) doesn't repeat any of that as any >> implementer really has to know that before they start. That's >> stated in the abstract and the very first sentence of section 1 so >> I'm very unclear what else is needed. And given that the >> responsible AD for RFC7235 was one Barry Leiba, I'm very very >> puzzled as to how this is not clear to you. > > I'll take that last sentence as less snarky than it sounds, Not snark, but genuine puzzlement. From my POV you're asking for this document to include crypto101 stuff. Yet we deal with far more complex protocols that use the same (or more complex) constructs all the time without requiring any of that. And wrt the step-by-step stuff there's even a properly referenced framework document that you brought to the IESG only months ago that sets out exactly what your're asking be repeated here (or else 7235 is broken). I just do not get it. Maybe it's hard to be so puzzled without sounding snarky, but I genuinely don't think we have a problem here as I just can't really grok that you'd be asking for these kinds of change in an experimental RFC and that those would really be blocking. > and I'll > point out that I'm not reviewing this based on what Barry Leiba > personally knows and understands, but on whether people reading the > spec can understand it. But it's been independently implemented by the portugal telecom folks without them ever asking (me anyway) a single question. And reviewed by multiple folks so I honestly think you may be the exception here. And see above wrt puzzlement;-) > Let's also keep in mind that people implementing this sort of thing > will have more or less expertise in the HTTP authentication > framework, and the document needs to be understandable to those who > are less expert. 101 != expert. foo-TBS being the signature input really is 101. > Also also remember that we're hoping to get > implementations of this out there, and we're skeptical that it'll > happen. Anything that makes it easier helps that cause. I don't accept that logic (though it's an aside), that'd call for explaining RSA for example, which would be just as wrong (IMO) as re-capitulating 7235 content. (Do you think it would be a good plan for every http-auth WG doc to do that btw? Will you post a DISCUSS position on all of those on that basis? That's not something for HOBA, but maybe worth a ponder.) > For all > that, I think more explanation is important. Clearly. And I think attempt to regurgitate text from a properly referenced framework RFC in this one (and possibly others) would be an error. > > Despite what I know, I really did find myself tripping over things > because there's no overall description of the flow, including things > that are unique to HOBA (such as the HOBA-TBS, and the joining > protocol). For anyone who has implemented any signature based anything HOBA-TBS is utterly obvious and far from unique. There'a >30 year heritage of protocol constructs like that going back (to my knowledge, but I'm sure further) to the 1984 X.400 blue-book which had a couple of pages of text that became the 1988 X.509 that eventually became RFC 5280. The joining protocol is just a simple signed assertion entirely analagous to a PKCS#10 structure (so not quite 30 years old, maybe 20+:-). In my local cache of RFCs (7376 being the hightest numbered) I see 69 RFCs that contain the case-insensitive string TBS btw. Really, there is nothing new here. (And deliberately so, for any new feature that even smelled remotely of novelty I went and tried to find a >20 year old reference.) An implementer who is not aware of that heritage will also not have a problem, or else will have far far worse problems. The younger but not dim implementer will just use openssl or some library that handles this stuff more or less well or badly for the programmer and will find that the text here matches the kinds of example one finds on stackexchange etc fairly closely (since that's where I got my PHP and JS code snippets while coding this and writing this text). Honestly, I'm just genuinely puzzled a lot that any of this is seen as worth asking never mind DISCUSS-worthy. (Could it be that HOBA doesn't have enough complexity and is therefore more amenable to such commentary, say compared to RELOAD which is much more complex cryptographically? Well, if so, I guess that's a good thing in a way:-) > >> Section 2: >> >> "On receipt of a challenge (and optional realm) from a server, the >> client marshals an HOBA to-be-signed (TBS) blob that includes a >> client generated nonce, the web-origin, the realm, an identifier >> for the CPK and the challenge string; and signs that blob with the >> private key corresponding to the CPK for that web-origin." >> >> I don't see what is not clear there sorry. > > There's nothing that I see that explicitly makes that the "sig" item > in the HOBA-RES. See above wrt puzzlement. You're really missing that the output of the "signs" operation is the sig value? >>> This document would benefit from some section somewhere giving a >>> set of clear, numbered steps, saying who sends, who receives, and >>> who does what with what input at each step. >> >> That's in RFC 7235. > > And should be in here, as well, to make it clear how the details of > HOBA fit into the framework. Fully disagree. And the author of 7235 who did review this did not suggest that iirc. This should and does correctly require that the implementer has read or is otherwise familiar with 7235. (What you want would also call for every http-auth WG output to include that kind of regurgitation. It's just a bad idea.) > > I don't think this is a big deal, and I will > > 1. move this to a non-blocking comment, and > > 2. suggest text for you to include. Fair enough. Absent that being better text, I'll likely argue to not change. But I know you might produce better text so we'll see:-) > >>> In the ABNF for HOBA-TBS, is something supposed to be between >>> the elements? If not, how do I know when the base64 value for >>> nonce ends and the length value for alg begins? >> >> The previous len field tells you. > > DOH! Yeh, of course. Sorry. > >>> -- Section 6.3 -- >>> >>> The server SHOULD also revoke or delete any cookies associated >>> with the session. >>> >>> Why is that not MUST? How good is a "logout" if stolen cookies >>> from that session can still be reused? >> >> The issue is that that function (revoke cookie) might not be >> available to the HOBA code, or it might, depending on the kind of >> HTTP server implementation. > > This is something we often struggle with, but I think it's a bad idea > to soften the way we want a protocol to work because we know it will > be difficult for some implementations. We should use MUST or SHOULD > based on what's right, and accept that even MUST will not be complied > with if an implementation can't comply. > > Do we really want this to be a MUST? Perhaps we can waffle slightly > by saying "MUST ... if it is possible to do so in the relevant HTTP > server," or some such? The way I look at this is in the spirit of the just issued RFC 7435. We have little enough chance of this working so we ought (esp at the experimental RFC stage) lean over to make deployment easier and not harder. So I do think SHOULD is right there tbh. > >>> -- Section 6.4 -- >>> >>> Protocol: does asking for and getting a new challenge affect the >>> session state? The document should be clear about what happens, >>> rather than just saying that the client can ask for a new >>> challenge. Is it like a logout and re-login? Or what? >> >> No there's no effect on any other state I think. The point of this >> is just to get a fresh challenge if the one you had has expired or >> whatever. > > OK; discussion has been had on this item. > > Would it be worth adding a few words to say that (and to say that the > session state doesn't change)? That could be worse than now. Since a lot of the client code here will be async code (XHR now and promises soon) we don't actually know that that'll be the case. Other stuff might be going on as one branch of code is refreshing the challenge. > >>> -- Section 8.2 -- >>> >>> I don't think you need to say "a la LinkedIn," and I think it's a >>> bad idea to have us link a company's name to a password >>> compromise forever in an RFC. Especially when it's not >>> necessary. >> >> Is that really DISCUSS worthy? I don't think it is. Which of the >> DISCUSS criteria relate to that. Seems like a stylistic thing to >> me. > > I think it is: I think it's a very bad thing to disparage specific > companies in our RFCs. Its a statement of fact though. That is very different. > That said, if you'd actually discuss Rhetorical fail alert:-) That last use of "discuss" != DISCUSS-worthy. You're ignoring a) that this is a style issue and explicitly not DISCUSS-worthy and b) that I am in fact happy to discus your non-blocking comments. I think it's entirely fair to establish if a point does or does not warrant being blocking before disposing of the detail. (And hey, when did an author not want to demote a DISCUSS to a COMMENT if that is fair-game? Not often.:-) > this with me (why you think it's > important to leave it there), then the discussion will have happened, > and we can move ahead. Facts are much more convincing than abstractions. We could risk a Streisand effect by not naming one of the major breaches of this kind. That one was the most topical at the time that text was first written. A naive reader following up on that will find a plethora of other examples, of real associated costs and of lessons learned none of which would be anywhere near as easily found starting (as a naive reader) from an example.com abstraction (at least afaik example.com have not had a significant password breach so far, maybe we ought engineer one:-). That enough? >>> For "realm", I can't really make sense of "Recall both sides know >>> when this needs to be there independent of the encoding via a >>> zero length." Can you rephrase and/or repunctuate this (probably >>> without the word "recall")? >> >> Sorry what's not clear? > > Sorry, I think I said very clearly what's not clear: I can't make > sense of the sentence. Can you try rephrasing it so maybe I can? Can I bring you a rock? I'm sure you see my problem as well as yours. Yes I can re-phrase of course, but I'm convinced that will not be any sort of real improvement at all, e.g.: "Both sides know when realm is present or missing. Don't be mislead by the zero length encoding required." I think that's worse and not deliberately so. (I admit to not being terribly motivated to disimprove the text or do a sideways-move edit though:-) >>> It might be good if the description of "max-age" made it clear >>> that it's for the purpose of allowing multiple uses (multiple >>> sigs). As it is, it looks like it's there to limit the delay >>> before the challenge is answered (once). Maybe just a forward >>> ref to Section 8 is good enough here. >> >> I think it's clear to be honest. > > I know you do; you wrote it. Might you consider other input? In the > end, all I've asked for is a forward ref to Section 8. This draft is at version -09 now. I think >50% of those revisions were solely due to reviewer input. I resent the implication that I and my co-authors are not open to input. (Not much mind you, but a little:-) I fully accept that I'm impatient with some comments. Yes, your ask is small. But is it a real improvement? >>> Does the server really use session cookies to navigate around a >>> site? Or does the server give the client a session cookie for >>> the client to use to navigate? >> >> I think it's clearer as-is to be honest. > > I don't and I think it's wrong. Fair enough. > >>> -- Section 6.1 -- >>> >>> Why are the fields here not REQUIRED and OPTIONAL, using 2119 >>> words, as is the case in Section 3? >> >> Sorry I don't see a problem. > > It's not a problem, it's a question. Is there a reason you're using > 2119 words in Section 3, and not here? I honestly don't recall. At a guess, I would avoid 2119 terms where possible as they generate pedantic commentary from folks who have a different attitude than I towards 2119, cf. the Pete/Stephen WG chairs lunch show from a couple of years ago:-) But the honest answer again is: I don't recall and don't think it matters. And if there's not a problem, then maybe that's just dandy? > >>> -- Section 6.2 -- >>> >>> It seems odd to put the NOT RECOMMENDED mechanism in the middle; >>> I suggest switching sections 6.2.2 and 6.2.3. >> >> I'm fine with it as-is to be honest. > > At this point, it seems to me that you're just refusing to make > changes because you want to refuse to make changes. Whatever: this > is non-blocking. No, I'm pushing back on what I really see as a frankly odd comment. Your comment to me is like asking that we ensure that other things being equal we order the sections alphanumerically by title. > >>> The administrator will most likely want to set the max-age to >>> something that is not too slow on the slowest signing device that >>> is significant for that site. >>> >>> Maybe you mean "not too short"? >> >> Nope. If signing took 2 seconds a 1 second max-age would be a >> problem. And that can happen with very old JS engines. Will go away >> over time and is nearly gone now. (Much moreso than when -00 of >> this was done.) > > I think you miss my (very minor) point: max-age is a time period, and > is not something that's slow or fast; it's short or long. So I'd say > "not too short for the slowest signing device". But, again, very > minor, so it doesn't really matter. Yep. Your text is 0.0001% better. (Precisely:-) I made the change in my working copy. > >>> -- Section 8.3 -- The chances that a typical user (consider my >>> mother) will know or care about this, much less will "request" >>> anything is vanishingly small. Can you say anything here about >>> what can be done that would have any practical utility? >> >> This text is for a developer, not a user. And I have been asked >> about this feature a number of times by people who don't get the >> not-that-hidden complexities. > > But the text talks about users requesting things, and I don't think > users will understand any of this and request anything. Users will not read this RFC so that is just fine. Yes it talks about, but is not for, users. It is just fine to have this sentence talk about a cucumber even if no cucumber will ever understand this sentence. > Developers > should be making it work for general users. Is there anything they > can do there? If not, well, then not. I'm asking. My opinion of this is that that ought be an OS feature and not an HTTP auth feature. That doesn't mean that will happen of course. And I don't think we need this (again experimental!) RFC to go into all that. > >>> -- Section 9.3 -- >>> >>> Please create a new HOBA signature algorithms registry as >>> follows, with the specification required rule for updates. New >>> HOBA signature algorithms SHOULD be in use with other IETF >>> standards track protocols before being added to this registry. >>> >>> I don't think the SHOULD is really right -- who is the target? >>> This needs to be cast as instructions to the designated expert, >>> perhaps as, "The designated expert will review other uses of >>> requested new HOBA signature algorithms, with particular >>> consideration to their use in other IETF standards track >>> protocols." Perhaps there's also another word or two to say >>> about what the DE should consider? >> >> Sorry I don't get what's unclear. The SHOULD is targetted at the >> DE. The text you suggest(?) in quotes would be less clear I think. > > SHOULD is for describing protocol interoperability issues, not for > giving instructions to DEs. Why? Where's it say that? I think a DE is quite capable of getting the ask here. > But maybe we'll see if Pete has an > opinion here. OMG, that too! :-) Sure. > >>> -- Sections 9.4 and 9.5 -- Surely, IANA (or the designated >>> expert) will want to have some idea of how high "small" might >>> reasonably get. Can you put any bound on it, even a non-binding >>> one? And might there be any other advice for the designated >>> expert, anything at all? >> >> Really? Are we seriously worried about there being a bazillion key >> id algs or device id types in an experimental RFC? I am not. > > I'm not either; Cool then we can move on. > it's just that IANA usually wants boundaries. In any > case, what about the second question: is there any guidance to be > give to the DE here, or does the DE get to do whatever she likes? Sure. As long as its small:-) Cheers, S. > > Barry >
- [http-auth] Barry Leiba's Discuss on draft-ietf-h… Barry Leiba
- Re: [http-auth] Barry Leiba's Discuss on draft-ie… Stephen Farrell
- Re: [http-auth] Barry Leiba's Discuss on draft-ie… Stephen Farrell
- Re: [http-auth] Barry Leiba's Discuss on draft-ie… Barry Leiba
- Re: [http-auth] Barry Leiba's Discuss on draft-ie… Julian Reschke
- Re: [http-auth] Barry Leiba's Discuss on draft-ie… Stephen Farrell
- Re: [http-auth] Barry Leiba's Discuss on draft-ie… Stephen Farrell
- Re: [http-auth] Barry Leiba's Discuss on draft-ie… Barry Leiba
- Re: [http-auth] Barry Leiba's Discuss on draft-ie… Stephen Farrell
- Re: [http-auth] Barry Leiba's Discuss on draft-ie… Stephen Farrell
- Re: [http-auth] Barry Leiba's Discuss on draft-ie… Barry Leiba
- Re: [http-auth] Barry Leiba's Discuss on draft-ie… Barry Leiba
- Re: [http-auth] Barry Leiba's Discuss on draft-ie… Kathleen Moriarty
- Re: [http-auth] Barry Leiba's Discuss on draft-ie… Barry Leiba
- Re: [http-auth] Barry Leiba's Discuss on draft-ie… Stephen Farrell
- Re: [http-auth] Barry Leiba's Discuss on draft-ie… Michael Thomas
- Re: [http-auth] Barry Leiba's Discuss on draft-ie… Michael Thomas
- Re: [http-auth] Barry Leiba's Discuss on draft-ie… Martin J. Dürst
- Re: [http-auth] Barry Leiba's Discuss on draft-ie… Kathleen Moriarty