Re: Proprietary or non-standard SMTP AUTH mechanisms
Alexey Melnikov <alexey.melnikov@isode.com> Thu, 12 January 2012 17:31 UTC
Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id q0CHV322094765 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 12 Jan 2012 10:31:03 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id q0CHV3k7094764; Thu, 12 Jan 2012 10:31:03 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id q0CHV2aT094759 for <ietf-smtp@imc.org>; Thu, 12 Jan 2012 10:31:02 -0700 (MST) (envelope-from alexey.melnikov@isode.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1326389460; d=isode.com; s=selector; i=@isode.com; bh=ZDb/zcM2fLXpsNrb8X/gjwYI9LvbIduvVBUWW4ZvTFs=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=FCAgATLNMELMfkWHDtwN1Lb2a95xvDNNk/2UOPNS/P4jPRTGfP13bMk1wf9KsOQpwQg2Ab vE9oS+Iakeu+mYAXUBedAgblIgkohNt4XQV1AgzdIJgqs5+Wrk5QuDJQD0KGE+vSsiVPWb Iq8PmaoAZOzAuGLITBEGwZx4io8eSuo=;
Received: from [172.16.1.29] (shiny.isode.com [62.3.217.250]) by rufus.isode.com (submission channel) via TCP with ESMTPSA id <Tw8Y1ABOhTVk@rufus.isode.com>; Thu, 12 Jan 2012 17:31:00 +0000
Message-ID: <4F0F18E7.2050606@isode.com>
Date: Thu, 12 Jan 2012 17:31:19 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:8.0) Gecko/20111105 Thunderbird/8.0
To: John C Klensin <john-ietf@jck.com>
CC: "Murray S. Kucherawy" <msk@cloudmark.com>, ietf-smtp@imc.org
Subject: Re: Proprietary or non-standard SMTP AUTH mechanisms
References: <F5833273385BB34F99288B3648C4F06F19C6C1582F@EXCH-C2.corp.cloudmark.com> <4F0EB21D.5050206@isode.com> <30353C7ACB1879BF600FAB8B@PST.JCK.COM>
In-Reply-To: <30353C7ACB1879BF600FAB8B@PST.JCK.COM>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>
On 12/01/2012 16:14, John C Klensin wrote: > --On Thursday, January 12, 2012 10:12 +0000 Alexey Melnikov > <alexey.melnikov@isode.com> wrote: > >>> For example, is there an unofficial SMTP AUTH mechanism that >>> allows unencoded binary data in the challenges or responses? >>> A vendor controlling both the client and the server could >>> get away with something like that, but something >>> standards-based analyzing that traffic might be confused by >>> it. >>> >> All SASL exchange data in SMTP must be base64 encoded, so no >> unencoded binary data can ever occur if IETF standards are >> followed. > Alexey, Hi John, > Yes, but I don't think that was Murray's question. SMTP AUTH > was originally designed in the absence of SASL. We hope all > non-SASL applications/implementations have disappeared, but I > wouldn't count on it. When we designed CRAM-MD5, we were at > least vaguely aware of an assortment of cookie/ shared > not-very-secret approaches floating around, some of which relied > on binary data. I hope those have disappeared too, but I have > no way to verify that they have. > > What people forget as they quibble about the security properties > of CRAM-MD5 was that it was specified precisely to illustrate > that something was possible that would not require much more > server effort and support than plain-text passwords (a > requirement that Kerberos and assorted digital signature plans > could not satisfy) and that would be at least a tad more secure > against eavesdropping than either those passwords or [other] > cleartext shared secrets. Our goal wasn't "high security > mechanism" (we knew how to do those), but "significantly better > than clear text" and that largely to prove a point in the IETF. > > But security by obscurity always has some appeal, especially > when eavesdropping in the transmission channel are not believed > to be issues, and old SMTP implementations tend to linger around > as long as they are still perceived as working (e.g., no new > feature appears that they don't have and that is considered > important). So I don't have much confidence that all of those > old cases have been eliminated and Murray's question, at least > as I understood it, starts me muttering about proving universal > negatives. While what you say is possible (AUTH= hack is a proof), the requirement for base64 encoding AUTH exchange comes from draft-myers-smtp-auth-00.txt dated April 1995 (which later became RFC 2554). So it looks like binary data was never allowed in SMTP AUTH. (In general SASL mechanisms can exchange arbitrary binary data. How such data is transfered on the wire is defined by protocols that use SASL.)
- Re: Proprietary or non-standard SMTP AUTH mechani… Hector Santos
- RE: Proprietary or non-standard SMTP AUTH mechani… Murray S. Kucherawy
- Re: Proprietary or non-standard SMTP AUTH mechani… Hector Santos
- Re: Proprietary or non-standard SMTP AUTH mechani… Alexey Melnikov
- Re: Proprietary or non-standard SMTP AUTH mechani… John C Klensin
- Re: Proprietary or non-standard SMTP AUTH mechani… Alexey Melnikov
- Proprietary or non-standard SMTP AUTH mechanisms Murray S. Kucherawy