Passwords over the wire and WebAuthn woes
Michael Thomas <mike@mtcc.com> Thu, 07 May 2020 21:05 UTC
Return-Path: <mike@fresheez.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D74A53A0DA8 for <ietf@ietfa.amsl.com>; Thu, 7 May 2020 14:05:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.651
X-Spam-Level:
X-Spam-Status: No, score=-1.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ocSYmDtninVA for <ietf@ietfa.amsl.com>; Thu, 7 May 2020 14:05:56 -0700 (PDT)
Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52C343A0CBE for <ietf@ietf.org>; Thu, 7 May 2020 14:05:56 -0700 (PDT)
Received: by mail-pj1-x1030.google.com with SMTP id q24so3191948pjd.1 for <ietf@ietf.org>; Thu, 07 May 2020 14:05:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc-com.20150623.gappssmtp.com; s=20150623; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=sRS0nRXbdaSXjs5IXxXK5PTavr0Sycz2USObywb2K60=; b=aoL7eNAb/zX+Dyi0k+L1gGk9QLjw79TJ6gD1mkwUBZ/NgtbXvPyjf4AC29Ho96qN6N BEKzwBl8iDiXEsq190mTrNp1GICJCcnx/9EFLOy5S/gFJ0FIJIxIdGoQYK1xf466KzJb KNAE+mGgstjKsvKyzBn7wObLN7++KibOo0odzIaOoKjHeVM55M1jKoZJ2NMk7mYveKSz V3sDOkaYTfsRLGhmBQlCCOawS8BwlIwHcA8UG9KUhcbJ3aoVgWWAcW1WCiNS1fA21aom U6v2tKRh0z4aRNhh27kzyKObBowSa03WnuAd9YFVPdWxgOjVYRAySK7+sooTjQrU/MP3 0Jrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=sRS0nRXbdaSXjs5IXxXK5PTavr0Sycz2USObywb2K60=; b=QPtLGelNFY3acPcCd1GBcAAAcEjBLFJD3PABj8yBQOWKEZpCEk+Kh37hMvCbve/hRn 9CJvhKwodtbikxYwZT5Y63EXmRTke+t9OK1USP4heeSugE90ODDMpq5sBz9VR5yjKdg/ GE4op5KxkMftfVbnP+HN0mPk2yvG/i/YXoB9TZ+wjsZqaPyfFwNJlLyTqnPTxcwdBqGf ZOfy/cZ+vsTxAuRy2J4N28khLK7jxoKbuE8DROu6papneg6dnFj/sNdE+eHXl0ZJraer JE0cKj0k7qq8Q1UNoCIlcsDmbY1ERowFNekFMxkcn7RNgSo5nX2sxevOFHwg9tlmizxk Df3Q==
X-Gm-Message-State: AGi0PuZi5wWTSAcGeScmh6y9AbGb+qn/lCRl3TXa3Z5mf6tQmWpRFRiX sz5yHcOc3Q0E2+XfCBmvwTuBB7tuzjg=
X-Google-Smtp-Source: APiQypLQyqUFm/WEn7b2Cm3/Xl8Jzms9lNRDVl+jy+R9qL7lT8nY00F2akzibrwRa/aX8AxocgSYiA==
X-Received: by 2002:a17:902:a586:: with SMTP id az6mr14562279plb.201.1588885555066; Thu, 07 May 2020 14:05:55 -0700 (PDT)
Received: from mike-mac.lan ([170.75.129.87]) by smtp.gmail.com with ESMTPSA id h14sm5726988pfq.46.2020.05.07.14.05.53 for <ietf@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 07 May 2020 14:05:54 -0700 (PDT)
To: IETF Discussion Mailing List <ietf@ietf.org>
From: Michael Thomas <mike@mtcc.com>
Subject: Passwords over the wire and WebAuthn woes
Message-ID: <6604a0ab-c714-81fb-9bc7-7834182c7bdf@mtcc.com>
Date: Thu, 07 May 2020 14:05:53 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/PWZKtF1mlkw_kt50Th8UjhmxbdE>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 May 2020 21:05:59 -0000
Yes, yes, I know this is not w3c, hear me out if you will. A while back, I started trying to implement a webauthn client and server to test it out to see if it was really the answer to our HOBA (rfc 7486) experimental rfc. The answer seems to be yes and no. From what I can tell webauthn is extremely centered on solving the problem of using crypto frobs to sign bits to be put on the wire. Local credential stores (ie, private keys sitting on your disk) seem to have been either out of scope, or mostly ignored. I tried to get it to work on Chrome and Firefox, and it seems that Chrome doesn't have the ability at all, and Firefox requires an about:flag that enables it. I was not able to get it to work. This is really dismaying because local credential stores are completely adequate for a huge number of cases. If deployed it could substantially reduce the reuse of passwords, allowing users to just remember one really good local password to open their credential store. The other part about introducing crypto frobs is that it makes the entire protocol much more difficult to understand and deploy. I wrote code way back then with the HOBA stuff, and webauthn was really hard to understand even though I knew what was happening at a high level. W3C has since then also released WebCrypto which gives apps the ability to roll their own public key auth between browser clients and server auth backends. I had implement some flows between client and server for joins, logins, and enrolling new devices once you have joined. As it turned out, the actual code to implement it was really straightforward: it took me about a day to back integrate webcrypto into my old krufty JS RSA libraries that I had scrounged years ago. So here's the question: the flows that I created are definitely over the wire. But they are over the wire between really one party, the web site owner, since they control the code (= server, client js) on both ends. However as everybody knows, security is not easy so getting those flows *correct* is very hard. I have some experience here, and it's mainly telling me that I'm sure I got things wrong. So what is the policy within IETF where a site could roll their own, but really shouldn't because it ought to be vetted? Is standardizing such a thing in scope in IETF or other standards bodies? Because at its heart is not interoperability across implementation, but vetting a security design that goes over the wire. Mike PS: I am in no way bashing on w3c. they solved a hard problem, but it seems they left out or ignored the one I was hoping they'd solved along the way. PPS: I have an implementation of this running, and a github repo if anybody is interested in seeing what I did
- Passwords over the wire and WebAuthn woes Michael Thomas
- Re: Passwords over the wire and WebAuthn woes Benjamin Kaduk
- Re: Passwords over the wire and WebAuthn woes Phillip Hallam-Baker
- Re: Passwords over the wire and WebAuthn woes Michael Thomas
- Re: Passwords over the wire and WebAuthn woes Benjamin Kaduk
- Re: Passwords over the wire and WebAuthn woes Michael Thomas