[Ietf-http-auth] Please Review version 09 of draft-hartman-webauth-phishing
Sam Hartman <hartmans-ietf@mit.edu> Tue, 19 August 2008 16:37 UTC
Return-Path: <hartmans@mit.edu>
X-Original-To: ietf-http-auth@lists.osafoundation.org
Delivered-To: ietf-http-auth@lists.osafoundation.org
Received: from laweleka.osafoundation.org (laweleka.osafoundation.org [204.152.186.98]) by leilani.osafoundation.org (Postfix) with ESMTP id 09F6880D45 for <ietf-http-auth@lists.osafoundation.org>; Tue, 19 Aug 2008 09:37:55 -0700 (PDT)
Received: from localhost (laweleka.osafoundation.org [127.0.0.1]) by laweleka.osafoundation.org (Postfix) with ESMTP id 126F614220E for <ietf-http-auth@lists.osafoundation.org>; Tue, 19 Aug 2008 09:37:54 -0700 (PDT)
X-Virus-Scanned: by amavisd-new and clamav at osafoundation.org
X-Spam-Score: -1.403
X-Spam-Level:
X-Spam-Status: No, score=-1.403 tagged_above=-50 required=4 tests=[AWL=0.600, BAYES_00=-2.599, SPF_SOFTFAIL=0.596]
Received: from laweleka.osafoundation.org ([127.0.0.1]) by localhost (laweleka.osafoundation.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b-5C4P4f0Z5u for <ietf-http-auth@lists.osafoundation.org>; Tue, 19 Aug 2008 09:37:47 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) by laweleka.osafoundation.org (Postfix) with ESMTP id 3406D1421F1 for <ietf-http-auth@lists.osafoundation.org>; Tue, 19 Aug 2008 09:37:46 -0700 (PDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id CB6674286; Tue, 19 Aug 2008 12:37:28 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: ekr@networkresonance.com
Date: Tue, 19 Aug 2008 12:37:28 -0400
Message-ID: <tslzln9q7uf.fsf@mit.edu>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: ietf-http-auth@lists.osafoundation.org
Subject: [Ietf-http-auth] Please Review version 09 of draft-hartman-webauth-phishing
X-BeenThere: ietf-http-auth@osafoundation.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: ietf-http-auth.osafoundation.org
List-Unsubscribe: <http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http-auth>, <mailto:ietf-http-auth-request@osafoundation.org?subject=unsubscribe>
List-Archive: <http://lists.osafoundation.org/pipermail/ietf-http-auth>
List-Post: <mailto:ietf-http-auth@osafoundation.org>
List-Help: <mailto:ietf-http-auth-request@osafoundation.org?subject=help>
List-Subscribe: <http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http-auth>, <mailto:ietf-http-auth-request@osafoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Aug 2008 16:37:55 -0000
Dear Eric: I believe I have responded to many of the issues you raised during the last call of draft-hartman-webauth-phishing and think things are at a point where it would be productive for you to review the document and see what issues remain. I've tried to include a change history but let me summarize major points below. Some of these changes (and the document as a whole) require review for consensus. Please see my next message to Alexey on that point. * Section 1.1 and section 1.2 have been added to the document in order to help clarify the purpose of the document. Section 1.1 is text that would need to gain some level of consensus and then be included in an ietf-wide last call. I've tried to make it clear that this document is not calling for new security mechanisms to be developed. You reviewed a previous version of section 1.1 that actually did end up focusing on developing authentication mechanisms; my apologies for that wording. It was a result of how I'm thinking about the layers involved, and I believe meant something very different to me than to anyone else who read it. As an aside, Microsoft has been looking at strengthening their HTTP authentication for the enterprise. They managed to find much simpler solutions to extending existing mechanisms than I had suspected were possible. I never expected that developing new security mechanisms would be desirable, but I thought that more work would be needed on how existing mechanisms fit into HTTP than appears to be needed in practice. I still think there is some limited work to do within the scope of the IETF, but much less than I thought when I started this document. * I've taken your suggestion of splitting the concept of passwords into plaintext password protocols and passwords as a user interface concept. This is described in section 2.1 and I think has been integrated throughout the rest of the document. * Rephrased all the discussion of UI to make it clear that we have no confidence (and evidence against) the idea that the UI concepts will work. I've specifically removed any language that implies that UI suggestions are exhaustive; that was never my intent. * Significantly worked on the text of the threat model in order to improve clarity. * Worked on the clarity of the requirements. In a number of cases I had proposed requirements that seemed likely to be true of potential solutions and that were easier to analyze than the actual constraints. I've tried to remove that and actually state the base requirements. * I've added a discussion of the pwdhash class of mechanisms in the discussion of mutual authentication. My position is that pwdhash is an improvement over what we have today. However the phishing possibilities opened up by not doing mutual authentication are serious enough that we want to eventually end up with solutions that support mutual authentication. We don't want to discourage deployment of pwdhash or similar mechanisms though. I think this is an issue where we need to come to some level of consensus. * I've strengthened the text that makes it clear that zero-knowledge mechanisms are non-starters for IPR reasons. If you read text in the current version as implying that this document recommends going down the zero-knowledge path, please point it out so I can remove it. * I've integrated references to the W3C security context work in this space. There is one set of comments I have intentionally not addressed. I disagree with you that the references section of this document should be a reasonable biography of the space. I'm happy to include references that enhance specific new or existing text, but am not interested in a survey of the space. I think this issue was discussed enough during the last call and the IESG telechat that I feel confident it has been reviewed by the community.