IETF Logo Mail Archive

Re: [http-auth] Why update Digest Auth?

Yaron Sheffer <yaronf.ietf@gmail.com> Mon, 22 July 2013 21:28 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD90511E8123 for <http-auth@ietfa.amsl.com>; Mon, 22 Jul 2013 14:28:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2DcrI8GqZEyJ for <http-auth@ietfa.amsl.com>; Mon, 22 Jul 2013 14:28:17 -0700 (PDT)
Received: from mail-ea0-x22e.google.com (mail-ea0-x22e.google.com [IPv6:2a00:1450:4013:c01::22e]) by ietfa.amsl.com (Postfix) with ESMTP id B74A511E80FC for <http-auth@ietf.org>; Mon, 22 Jul 2013 14:28:16 -0700 (PDT)
Received: by mail-ea0-f174.google.com with SMTP id o10so4077976eaj.5 for <http-auth@ietf.org>; Mon, 22 Jul 2013 14:28:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=f6NvJqA8RA2c24QmdCHQ6+3H/y5m18ga2zlsRDxeVkk=; b=tuJfSko+6a8oQ+EcY8CAnSVqAXhigH7XwZXmxDWu95ioJamwfepLyFGvLVm5KrWo07 8IBF29pXTGyFJplWtaqjpdWoW3Dp8gWOyog6pR0KX35P1LvaYDdszhvLUbyK1wuUxwQ7 yffH8NsvNCO2Y8aEmiBb4eGoAL44Z+MbOJWxPcHkMVS2h7eGdbWsvHnWYFZax7FgVanu NNdLEmsQf1hwcI4VctlHcD0gMGV9BE/XkJQsUrHVVXjScwPZrMaHoenh4i6oEUrtSHvp exj1E4MD1j7V1Z+9B+wA35q21lBz5bOJa8jHevDzFTDCpMcoZN2MqMnX5sj5P5mN5XAu esAw==
X-Received: by 10.14.149.141 with SMTP id x13mr29619979eej.77.1374528494577; Mon, 22 Jul 2013 14:28:14 -0700 (PDT)
Received: from [10.0.0.5] (bzq-79-183-199-41.red.bezeqint.net. [79.183.199.41]) by mx.google.com with ESMTPSA id o5sm53891687eef.5.2013.07.22.14.28.13 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 22 Jul 2013 14:28:13 -0700 (PDT)
Message-ID: <51EDA3EB.7080108@gmail.com>
Date: Tue, 23 Jul 2013 00:28:11 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7
MIME-Version: 1.0
To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
References: <51EABBDB.2090401@gmail.com> <4613980CFC78314ABFD7F85CC302772111A9EE0E@DAG-EX10.ad.checkpoint.com> <C246BE86-0721-4259-8611-4DD68101B95D@gmail.com>
In-Reply-To: <C246BE86-0721-4259-8611-4DD68101B95D@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: HTTP Auth WG <http-auth@ietf.org>
Subject: Re: [http-auth] Why update Digest Auth?
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2013 21:28:18 -0000

Hi Rifaat,

responding only to the first of your objections:

I am really worried if Digest (presumably not over TLS) is the standard 
authentication method in SIP. A few questions:

- Do people normally use it with a human-memorable password? If they do, 
then the dictionary attack vulnerability is IMO much more serious than 
continuing to use MD5, and would remain serious after we upgrade Digest.

- On the other hand, if people use Digest with computer-generated 
authentication strings, then I18N is probably unnecessary.

- Looking at RFC 3665, it seems to me SIP Register can accommodate a two 
round-trip authentication method, just as well as HTTP can.

Thanks,
	Yaron

On 2013-07-22 13:51, Rifaat Shekh-Yusef wrote:
> I do not like the idea of canceling the Digest work for the following reasons:
>
> 1. Digest is used with SIP protocol, and I am not sure the widely used Digest mechanism in SIP networks will be replaced with any if the new proposals.
>
> 2. This was already discussed during the discussion on the charter, and it seems a bit late to reopen that right now.
>
> 3. I think that the adopters of the new mechanisms should be motivated by the merit of the new mechanisms, not by us not updating Digest.
>
> 4. Some of the adopters of Digest might be satisfied with the Digest as it fulfills their need, and might not be interested in a "better" solution for their network.
>
> To address the timeline point that Stephen has raised, I think that the agility work should be done fairly soon as I do not see any major challenges at this stage.
>
> Regards,
>   Rifaat
>
> Sent from my iPhone
>
> On 2013-07-22, at 12:16 PM, Yoav Nir <ynir@checkpoint.com> wrote:
>
>> I'm not totally opposed, but if we replace Digest with some ZKPP, it's not Digest any more.
>>
>> Two of our experimental drafts are "better digests" - MutualAuth and SCRAM. MutualAuth is mature, has implementations, and I don't see why it shouldn't be ready to progress almost as fast as Digest.
>>
>> Do you think that enterprises would require "Digest" rather than "MutualAuth" or "SCRAM" just because it's called "Digest"?
>>
>> Hopefully these new methods will also support international user names and passwords (because specifying a user authentication method is 2013 that does not support non-English names is even sillier than specifying one that relies on MD5 for security). Then it's up to the enterprises to decide what they want to require vendors to implement.
>>
>> Yoav
>>
>> -----Original Message-----
>> From: http-auth-bounces@ietf.org [mailto:http-auth-bounces@ietf.org] On Behalf Of Yaron Sheffer
>> Sent: Saturday, July 20, 2013 7:34 PM
>> To: HTTP Auth WG
>> Subject: [http-auth] Why update Digest Auth?
>>
>> Sorry for questioning the group's charter, but this keeps bugging me:
>>
>> I'm assuming this WG will publish two Standards Track RFCs, updating Basic and Digest Auth. And a pile of Experimental RFCs with all sorts of lovely state-of-the-art crypto.
>>
>> Enterprises will require vendors to implement the updated Basic and Digest, and in a few years' time we will end up with the worlds'
>> browsers and Web servers supporting Basic and Digest Auth with I18N and (for Digest) crypto agility. Almost nobody will implement the other drafts.
>>
>> In addition, the websec WG will hopefully work on "session continuation", which will extend the authentication to the whole session in a better way than cookies, and will provide channel binding. Assuming much of the Internet's traffic will remain unencrypted for years, this will be "good enough" security for this traffic. But, it won't work with Digest (because it is not "key generating", to borrow an EAP term).
>>
>> Now my question: we are telling implementors to upgrade Digest to gain I18N (and the algorithm agility, which in this case is mostly security theater, because when using short passwords we remain vulnerable to a dictionary attack anyway). Why not tell them *instead* to move to Digest-v2, which is dictionary attack resistant? Digest-v2 could be based on EKE or SRP, or maybe on draft-oiwa-http-mutualauth, and will support session continuation.
>>
>> Seems to me this would be a much better use of our time, as well as implementors' energy.
>>
>> Thanks,
>>      Yaron
>>
>> _______________________________________________
>> http-auth mailing list
>> http-auth@ietf.org
>> https://www.ietf.org/mailman/listinfo/http-auth

v2.23.0 | Report a Bug | By Email