IETF Logo Mail Archive

Re: [IPsec] [Cfrg] Beginning discussion on secure password-only authentication for IKEv2

Yoav Nir <ynir@checkpoint.com> Thu, 04 March 2010 22:45 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 518A528C0DE; Thu, 4 Mar 2010 14:45:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.224
X-Spam-Level:
X-Spam-Status: No, score=-3.224 tagged_above=-999 required=5 tests=[AWL=-0.376, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, SARE_OBFU_ALL=0.751]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1EQi33pf+zeD; Thu, 4 Mar 2010 14:45:30 -0800 (PST)
Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by core3.amsl.com (Postfix) with ESMTP id ED04D3A8714; Thu, 4 Mar 2010 14:45:29 -0800 (PST)
Received: from il-ex01.ad.checkpoint.com (il-ex01.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id o24MjMsd020439; Fri, 5 Mar 2010 00:45:22 +0200 (IST)
X-CheckPoint: {4B9036B2-0-1B201DC2-2FFFF}
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Fri, 5 Mar 2010 00:45:42 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: Yaron Sheffer <yaronf@checkpoint.com>, "Blumenthal, Uri - 0662 - MITLL" <uri@ll.mit.edu>, "'pgut001@cs.auckland.ac.nz'" <pgut001@cs.auckland.ac.nz>
Date: Fri, 05 Mar 2010 00:44:50 +0200
Thread-Topic: [IPsec] [Cfrg] Beginning discussion on secure password-only authentication for IKEv2
Thread-Index: Acq7KC8PKsqPZeyaS82L9IZwtcsVqQAlSlXsAAYACsAABbz49Q==
Message-ID: <006FEB08D9C6444AB014105C9AEB133FB3764FB9FA@il-ex01.ad.checkpoint.com>
References: <20100304170852.F34FB3A8B85@core3.amsl.com>, <7F9A6D26EB51614FBF9F81C0DA4CFEC801BE05CB5975@il-ex01.ad.checkpoint.com>
In-Reply-To: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BE05CB5975@il-ex01.ad.checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "'ipsec@ietf.org'" <ipsec@ietf.org>, "'cfrg@irtf.org'" <cfrg@irtf.org>
Subject: Re: [IPsec] [Cfrg] Beginning discussion on secure password-only authentication for IKEv2
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Mar 2010 22:45:31 -0000

Explaining a joke spoils all the fun, but here goes:

It's not like PKI is working out better for user authentication.
And password-in-https-form is also vulnerable to online dictionary attacks.
Now if they were using TLS-EAP....
But that, of course, suffers from excessive layering.

________________________________________
From: ipsec-bounces@ietf.org [ipsec-bounces@ietf.org] On Behalf Of Yaron Sheffer [yaronf@checkpoint.com]
Sent: Thursday, March 04, 2010 22:05
To: Blumenthal, Uri - 0662 - MITLL; 'pgut001@cs.auckland.ac.nz'
Cc: 'ipsec@ietf.org'; 'cfrg@irtf.org'
Subject: Re: [IPsec] [Cfrg] Beginning discussion on secure password-only authentication for IKEv2

Can someone please explain the joke to me? Nelson was asked about TLS-PSK (RFC 4279) and he replied that it can easily be abused. TLS-PSK (similarly to IKE-PSK) is vulnerable to dictionary attacks if used with a short secret (a.k.a. "password"), at least in the presence of an active attacker. So I think his response was entirely appropriate. What am I missing?

Thanks,
        Yaron

> -----Original Message-----
> From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf
> Of Blumenthal, Uri - 0662 - MITLL
> Sent: Thursday, March 04, 2010 19:09
> To: 'pgut001@cs.auckland.ac.nz'
> Cc: 'ipsec@ietf.org'; 'cfrg@irtf.org'
> Subject: Re: [IPsec] [Cfrg] Beginning discussion on secure password-
> only authentication for IKEv2
>
> Well, during my long and fruitful career I've come across many asinine
> statements - but this pearl from your collection outshines mine! Indeed
> "straight from the horse's" (or in the context - "mule's"?) mouth (no
> offense meant to those wonderful equestrians).
>
> I'm struck speechless (which is unusual, as anybody who knows me would
> confirm :-).
>
> Regards,
> Uri
>
> ----- Original Message -----
> From: pgut001 <pgut001@wintermute02.cs.auckland.ac.nz>
> To: pgut001@cs.auckland.ac.nz <pgut001@cs.auckland.ac.nz>; Blumenthal,
> Uri - 0662 - MITLL
> Cc: cfrg@irtf.org <cfrg@irtf.org>; ipsec@ietf.org <ipsec@ietf.org>
> Sent: Wed Mar 03 18:20:53 2010
> Subject: Re: [Cfrg] [IPsec] Beginning discussion on secure password-
> only authentication for IKEv2
>
> "Blumenthal, Uri - 0662 - MITLL" <uri@ll.mit.edu> writes:
>
> >On the vendor side - perhaps EKE patent concern was the cause (you
> >implement/sell free SRP and get slapped with EKE licensing)? And the
> users
> >found alternative solutions in the meanwhile?
>
> Nope.  It's been supported in OpenSSL since 0.9.9, but not in any
> browser.
> The reason for not supporting it in Firefox is so astonishingly
> boneheaded
> that I'll quote the original message to make sure that it's straight
> from the
> horse's mouth ("PSK cipher suites" = non-patent-encumbered EKE in TLS-
> talk):
>
> -- Snip --
>
> Subject: Re: NSS implementation of TLS-PSK/ RFC 4279
> Date: Tue, 14 Oct 2008 14:01:10 -0700
> From: Nelson B Bolyard <nelson@bolyard.me>
> Reply-To: mozilla's crypto code discussion list
> <dev-tech-crypto@lists.mozilla.org>
>
> jengler@berkeley.edu wrote, On 2008-10-14 13:52 PDT:
> > I was wondering if implementation of TLS-PSK (RFC 4279) is currently
> in
> > development. I do not see it in the current NSS source or roadmap.
> Thank
> > you for any help.
> >
> > -John Engler
>
> No.  There are no plans to include any PSK cipher suites in NSS.
> Because of the enormous potential for PSK cipher suites to be
> misused by application developers, there is strong resistance to
> incorporating them into NSS.
>
> -- Snip --
>
> As for Microsoft, Opera, etc who knows?  (If you work on, or have
> worked on,
> any of these browsers, I'd like to hear more about why it hasn't been
> considered).  I think it'll be a combination of two factors:
>
> 1. Everyone knows that passwords are insecure so it's not worth trying
> to do
>    anything with them.
>
> 2. If you add failsafe mutual authentication via EKE to browsers, CAs
> become
>    entirely redundant.
>
> So the browser vendors' approach is to ignore EKE and keep on waiting
> for PKI
> to start working, forever if necessary.  "PKI meurt, elle ne se rend
> pas!" [0].
>
> Peter.
>
> [0] Hat tip to Luther Martin for the quote :-).
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>
> Scanned by Check Point Total Security Gateway.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Scanned by Check Point Total Security Gateway.

v2.23.0 | Report a Bug | By Email