Re: [Technical Errata Reported] RFC7804 (6633)
Benjamin Kaduk <kaduk@mit.edu> Mon, 02 August 2021 02:34 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB05E3A0C07 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 1 Aug 2021 19:34:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.897
X-Spam-Level:
X-Spam-Status: No, score=-2.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 64XiE8ljN8DL for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 1 Aug 2021 19:34:29 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA8C73A0C0C for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 1 Aug 2021 19:34:29 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1mANjd-0002vq-Gy for ietf-http-wg-dist@listhub.w3.org; Mon, 02 Aug 2021 02:31:21 +0000
Resent-Date: Mon, 02 Aug 2021 02:31:21 +0000
Resent-Message-Id: <E1mANjd-0002vq-Gy@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <kaduk@mit.edu>) id 1mANjc-0002v6-I6 for ietf-http-wg@listhub.w3.org; Mon, 02 Aug 2021 02:31:20 +0000
Received: from outgoing-auth-1.mit.edu ([18.9.28.11] helo=outgoing.mit.edu) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <kaduk@mit.edu>) id 1mANja-0000cQ-Ip for ietf-http-wg@w3.org; Mon, 02 Aug 2021 02:31:20 +0000
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 1722Umat007353 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 1 Aug 2021 22:30:53 -0400
Date: Sun, 01 Aug 2021 19:30:48 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: alexey.melnikov@isode.com, rdd@cert.org, ynir.ietf@gmail.com, rifaat.ietf@gmail.com, benhollbergb@googlemail.com, ietf-http-wg@w3.org
Message-ID: <20210802023048.GG3932@kduck.mit.edu>
References: <20210709081924.E9579F40722@rfc-editor.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20210709081924.E9579F40722@rfc-editor.org>
X-W3C-Hub-Spam-Status: No, score=-10.2
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1mANja-0000cQ-Ip 3e9401b65a161972382beb9e7af51015
X-Original-To: ietf-http-wg@w3.org
Subject: Re: [Technical Errata Reported] RFC7804 (6633)
Archived-At: <https://www.w3.org/mid/20210802023048.GG3932@kduck.mit.edu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/39096
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Adding httpbis since, per https://mailarchive.ietf.org/arch/msg/http-auth/09-9tYS4hvI4C6Uhv1GEWSZ35W4/, http-auth is closed. Alexey, did you have any thoughts on this one? Thanks, Ben On Fri, Jul 09, 2021 at 01:19:24AM -0700, RFC Errata System wrote: > The following errata report has been submitted for RFC7804, > "Salted Challenge Response HTTP Authentication Mechanism". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid6633 > > -------------------------------------- > Type: Technical > Reported by: Ben Hollberg <benhollbergb@googlemail.com> > > Section: 5 > > Original Text > ------------- > This is a simple example of a SCRAM-SHA-256 authentication exchange > (no support for channel bindings, as this feature is not currently > supported by HTTP). Username 'user' and password 'pencil' are used. > Note that long lines are folded for readability. > > C: GET /resource HTTP/1.1 > C: Host: server.example.com > C: [...] > > S: HTTP/1.1 401 Unauthorized > S: WWW-Authenticate: Digest realm="realm1@example.com", > Digest realm="realm2@example.com", > Digest realm="realm3@example.com", > SCRAM-SHA-256 realm="realm3@example.com", > SCRAM-SHA-256 realm="testrealm@example.com" > S: [...] > > C: GET /resource HTTP/1.1 > C: Host: server.example.com > C: Authorization: SCRAM-SHA-256 realm="testrealm@example.com", > data=biwsbj11c2VyLHI9ck9wck5HZndFYmVSV2diTkVrcU8K > C: [...] > > S: HTTP/1.1 401 Unauthorized > S: WWW-Authenticate: SCRAM-SHA-256 > sid=AAAABBBBCCCCDDDD, > data=cj1yT3ByTkdmd0ViZVJXZ2JORWtxTyVodllEcFdVYTJSYVRDQWZ1eEZJ > bGopaE5sRixzPVcyMlphSjBTTlk3c29Fc1VFamI2Z1E9PSxpPTQwOTYK > S: [...] > > C: GET /resource HTTP/1.1 > C: Host: server.example.com > C: Authorization: SCRAM-SHA-256 sid=AAAABBBBCCCCDDDD, > data=Yz1iaXdzLHI9ck9wck5HZndFYmVSV2diTkVrcU8laHZZRHBXVWEyUmFUQ > 0FmdXhGSWxqKWhObEYscD1kSHpiWmFwV0lrNGpVaE4rVXRlOXl0YWc5empm > TUhnc3FtbWl6N0FuZFZRPQo= > C: [...] > > S: HTTP/1.1 200 Ok > S: Authentication-Info: sid=AAAABBBBCCCCDDDD, > data=dj02cnJpVFJCaTIzV3BSUi93dHVwK21NaFVaVW4vZEI1bkxUSlJzamw5N > Uc0PQo= > S: [...Other header fields and resource body...] > > > In the above example, the first client request contains a "data" > attribute that base64 decodes as follows: > > n,,n=user,r=rOprNGfwEbeRWgbNEkqO > > The server then responds with a "data" attribute that base64 decodes > as follows: > > r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF,s=W22ZaJ0SNY7soE > sUEjb6gQ==,i=4096 > > The next client request contains a "data" attribute that base64 > decodes as follows: > > c=biws,r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF,p=dHzbZap > WIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ= > > The final server response contains a "data" attribute that base64 > decodes as follows: > > v=6rriTRBi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4= > > Corrected Text > -------------- > This is a simple example of a SCRAM-SHA-256 authentication exchange > (no support for channel bindings, as this feature is not currently > supported by HTTP). Username 'user' and password 'pencil' are used. > Note that long lines are folded for readability. > > C: GET /resource HTTP/1.1 > C: Host: server.example.com > C: [...] > > S: HTTP/1.1 401 Unauthorized > S: WWW-Authenticate: Digest realm="realm1@example.com", > Digest realm="realm2@example.com", > Digest realm="realm3@example.com", > SCRAM-SHA-256 realm="realm3@example.com", > SCRAM-SHA-256 realm="testrealm@example.com" > S: [...] > > C: GET /resource HTTP/1.1 > C: Host: server.example.com > C: Authorization: SCRAM-SHA-256 realm="testrealm@example.com", > data=biwsbj11c2VyLHI9ck9wck5HZndFYmVSV2diTkVrcU8= > C: [...] > > S: HTTP/1.1 401 Unauthorized > S: WWW-Authenticate: SCRAM-SHA-256 > sid=AAAABBBBCCCCDDDD, > data=cj1yT3ByTkdmd0ViZVJXZ2JORWtxTyVodllEcFdVYTJSYVRDQWZ1eEZJ > bGopaE5sRixzPVcyMlphSjBTTlk3c29Fc1VFamI2Z1E9PSxpPTQwOTY= > S: [...] > > C: GET /resource HTTP/1.1 > C: Host: server.example.com > C: Authorization: SCRAM-SHA-256 sid=AAAABBBBCCCCDDDD, > data=Yz1iaXdzLHI9ck9wck5HZndFYmVSV2diTkVrcU8laHZZRHBXVWEyUmFUQ > 0FmdXhGSWxqKWhObEYscD1kSHpiWmFwV0lrNGpVaE4rVXRlOXl0YWc5empm > TUhnc3FtbWl6N0FuZFZRPQo= > C: [...] > > S: HTTP/1.1 200 Ok > S: Authentication-Info: sid=AAAABBBBCCCCDDDD, > data=dj02cnJpVFJCaTIzV3BSUi93dHVwK21NaFVaVW4vZEI1bkxUSlJzamw5N > Uc0PQo= > S: [...Other header fields and resource body...] > > > In the above example, the first client request contains a "data" > attribute that base64 decodes as follows: > > n,,n=user,r=rOprNGfwEbeRWgbNEkqO > > The server then responds with a "data" attribute that base64 decodes > as follows: > > r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF,s=W22ZaJ0SNY7soE > sUEjb6gQ==,i=4096 > > The next client request contains a "data" attribute that base64 > decodes as follows: > > c=biws,r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF,p=dHzbZap > WIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ= > > The final server response contains a "data" attribute that base64 > decodes as follows: > > v=6rriTRBi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4= > > Notes > ----- > The original base64 encoded values of the client first message and server first message are wrong. > Notice that these values end in K. These values base64 decode to strings that end in new line characters. > > The original base64 encoded values of the client final message and server final message are correct. > Notice that these values end in =. These values base64 decode to string that do not end in new line characters. > > It appears that during the base64 encoding of the client first message and server first message, the newline characters were accidentally included. > The correct base64 encoding is as follows: > > n,,n=user,r=rOprNGfwEbeRWgbNEkqO base64 encodes to biwsbj11c2VyLHI9ck9wck5HZndFYmVSV2diTkVrcU8= > > r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF,s=W22ZaJ0SNY7soEsUEjb6gQ==,i=4096 base64 encodes to cj1yT3ByTkdmd0ViZVJXZ2JORWtxTyVodllEcFdVYTJSYVRDQWZ1eEZJbGopaE5sRixzPVcyMlphSjBTTlk3c29Fc1VFamI2Z1E9PSxpPTQwOTY= > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC7804 (draft-ietf-httpauth-scram-auth-15) > -------------------------------------- > Title : Salted Challenge Response HTTP Authentication Mechanism > Publication Date : March 2016 > Author(s) : A. Melnikov > Category : EXPERIMENTAL > Source : Hypertext Transfer Protocol Authentication > Area : Security > Stream : IETF > Verifying Party : IESG
- Re: [Technical Errata Reported] RFC7804 (6633) Benjamin Kaduk