IETF Logo Mail Archive

Re: [IPsec] [Cfrg] Beginning discussion on secure password-only authentication for IKEv2

"Blumenthal, Uri - 0662 - MITLL" <uri@ll.mit.edu> Thu, 04 March 2010 17:08 UTC

Return-Path: <uri@ll.mit.edu>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 05D6B3A8D4F; Thu, 4 Mar 2010 09:08:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.129
X-Spam-Level:
X-Spam-Status: No, score=-6.129 tagged_above=-999 required=5 tests=[AWL=-0.282, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_OBFU_ALL=0.751, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dxaEWaZ613lM; Thu, 4 Mar 2010 09:08:53 -0800 (PST)
Received: from mx2.ll.mit.edu (MX2.LL.MIT.EDU [129.55.12.46]) by core3.amsl.com (Postfix) with ESMTP id F34FB3A8B85; Thu, 4 Mar 2010 09:08:52 -0800 (PST)
Received: from LLE2K7-HUB01.mitll.ad.local (LLE2K7-HUB01.mitll.ad.local) by mx2.ll.mit.edu (unknown) with ESMTP id o24H5AO7032437; Thu, 4 Mar 2010 12:08:49 -0500
From: "Blumenthal, Uri - 0662 - MITLL" <uri@ll.mit.edu>
To: "'pgut001@cs.auckland.ac.nz'" <pgut001@cs.auckland.ac.nz>
Date: Thu, 04 Mar 2010 12:08:43 -0500
Thread-Topic: [Cfrg] [IPsec] Beginning discussion on secure password-only authentication for IKEv2
Thread-Index: Acq7KC8PKsqPZeyaS82L9IZwtcsVqQAlSlXs
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=5.0.0-0908210000 definitions=main-1003040140
Message-Id: <20100304170852.F34FB3A8B85@core3.amsl.com>
Cc: "'ipsec@ietf.org'" <ipsec@ietf.org>, "'cfrg@irtf.org'" <cfrg@irtf.org>
Subject: Re: [IPsec] [Cfrg] Beginning discussion on secure password-only authentication for IKEv2
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Mar 2010 17:08:54 -0000

Well, during my long and fruitful career I've come across many asinine statements - but this pearl from your collection outshines mine! Indeed "straight from the horse's" (or in the context - "mule's"?) mouth (no offense meant to those wonderful equestrians).

I'm struck speechless (which is unusual, as anybody who knows me would confirm :-).

Regards,
Uri

----- Original Message -----
From: pgut001 <pgut001@wintermute02.cs.auckland.ac.nz>
To: pgut001@cs.auckland.ac.nz <pgut001@cs.auckland.ac.nz>; Blumenthal, Uri - 0662 - MITLL
Cc: cfrg@irtf.org <cfrg@irtf.org>; ipsec@ietf.org <ipsec@ietf.org>
Sent: Wed Mar 03 18:20:53 2010
Subject: Re: [Cfrg] [IPsec] Beginning discussion on secure password-only authentication for IKEv2

"Blumenthal, Uri - 0662 - MITLL" <uri@ll.mit.edu> writes:

>On the vendor side - perhaps EKE patent concern was the cause (you
>implement/sell free SRP and get slapped with EKE licensing)? And the users
>found alternative solutions in the meanwhile?

Nope.  It's been supported in OpenSSL since 0.9.9, but not in any browser.
The reason for not supporting it in Firefox is so astonishingly boneheaded
that I'll quote the original message to make sure that it's straight from the
horse's mouth ("PSK cipher suites" = non-patent-encumbered EKE in TLS-talk):

-- Snip --

Subject: Re: NSS implementation of TLS-PSK/ RFC 4279
Date: Tue, 14 Oct 2008 14:01:10 -0700
From: Nelson B Bolyard <nelson@bolyard.me>
Reply-To: mozilla's crypto code discussion list
<dev-tech-crypto@lists.mozilla.org>

jengler@berkeley.edu wrote, On 2008-10-14 13:52 PDT:
> I was wondering if implementation of TLS-PSK (RFC 4279) is currently in
> development. I do not see it in the current NSS source or roadmap. Thank
> you for any help.
>
> -John Engler

No.  There are no plans to include any PSK cipher suites in NSS.
Because of the enormous potential for PSK cipher suites to be
misused by application developers, there is strong resistance to
incorporating them into NSS.

-- Snip --

As for Microsoft, Opera, etc who knows?  (If you work on, or have worked on,
any of these browsers, I'd like to hear more about why it hasn't been
considered).  I think it'll be a combination of two factors:

1. Everyone knows that passwords are insecure so it's not worth trying to do
   anything with them.

2. If you add failsafe mutual authentication via EKE to browsers, CAs become
   entirely redundant.

So the browser vendors' approach is to ignore EKE and keep on waiting for PKI
to start working, forever if necessary.  "PKI meurt, elle ne se rend pas!" [0].

Peter.

[0] Hat tip to Luther Martin for the quote :-).

v2.23.0 | Report a Bug | By Email