Re: [kitten] complementary OPAQUE SASL mechanism draft
Nadja Reitzenstein <me@dequbed.space> Mon, 17 October 2022 23:08 UTC
Return-Path: <me@dequbed.space>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 355B3C152568 for <kitten@ietfa.amsl.com>; Mon, 17 Oct 2022 16:08:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.308
X-Spam-Level:
X-Spam-Status: No, score=-1.308 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, KHOP_HELO_FCRDNS=0.398, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=dequbed.space
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FpQjKgojZJI0 for <kitten@ietfa.amsl.com>; Mon, 17 Oct 2022 16:08:24 -0700 (PDT)
Received: from mail2.paranoidlabs.org (tureis.comfix.cc [148.251.10.134]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60900C1522AF for <kitten@ietf.org>; Mon, 17 Oct 2022 16:08:22 -0700 (PDT)
Received: from [IPV6:2001:9e8:17fa:6500:a15e:60b0:d899:5a5e] (unknown [IPv6:2001:9e8:17fa:6500:a15e:60b0:d899:5a5e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by mail2.paranoidlabs.org (PlabsMail) with ESMTPSA id C4E0933F30E; Mon, 17 Oct 2022 23:08:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dequbed.space; s=rsa-20210101; t=1666048100; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=E3r/fYMSGIMi925vujn/KwMWnugdA/GYS2jzqFlxA0g=; b=Hzhk2jSq1YISXv4EyrF95KkiQAeB9xyI0AW+/BsAqM+N9AgTUH9LiKr7nobbm9hvEL0fqW nAhbqh3QXm6IRhefz3ge5i1WpgQsmUeuYvW5RyMsEEndPgEzgBJKxY2zLUpNF71Y0v2NdG My/DkXHUZuUEsdKJpJwCZwg6hD6Qieqam/zKuL2fJVSTGNTZ5r9dLrOVieYxzGnYZtBO3t EGkqzOzr9GQhRIpBd4zBhQLGVThDTEgSioK4elxSLiyXtKVZAlRSXLBTCPSh3V6ZkBwKJW 8oFMbHx2/zdD1tW0dRO2peUzxAwy36apuACUnqfsRDmgnjYBNnGZzL+92Qxung==
Message-ID: <9f421065-f7c8-a14a-70ca-d92a16f9b906@dequbed.space>
Date: Tue, 18 Oct 2022 01:08:16 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.3.3
Content-Language: en-US
To: Simon Josefsson <simon=40josefsson.org@dmarc.ietf.org>
References: <Y0mWXEZYl2d6/32Z@localhost> <878rlinswv.fsf@latte.josefsson.org> <05d5c01177a294cc21960ec5395fb00630d87f89.camel@redhat.com> <87r0zanlwp.fsf@latte.josefsson.org>
From: Nadja Reitzenstein <me@dequbed.space>
Cc: KITTEN IETF WG <kitten@ietf.org>
In-Reply-To: <87r0zanlwp.fsf@latte.josefsson.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/4hVK6jHGOEXmppP-Ob-36nWodpM>
Subject: Re: [kitten] complementary OPAQUE SASL mechanism draft
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Oct 2022 23:08:29 -0000
> For example, the PBKDF2 iteration count for > SCRAM. There is no reliable way to recover and retry with other > parameters. The problem was introducing an unecessary parametrization. What exactly is the failure pattern you describe here? A client doesn't have to pre-compute anything before it receives the iteration count from the server, and I have not yet met an implementation of PBKDF2 that couldn't be configured in its iteration count. The only problem I can think of right now is when a client is storing the expanded Client- & ServerKey instead of caching the password itself. Which doesn't apply to OPAQUE as there is no similar caching that can be done without impacting protocol security — the password is directly passed to Blind which should use a different value for each authentication. (Thinking about it this is definitely a security relevant point that I should mention in my draft!) > It is often easier to introduce two sets of SASL mechanisms FOO-FOO and > FOO-BAR, withou no further sub-parameters or sub-negotiations, and get > that to work in applications than to introduce a family FOO-* and modify > applications to support the kind of sub-negotiation and per-mechanism > parametrization. I personally don't see the drawback of allowing parameters for the KDF to be transmitted, but if there's consensus against it I'm also not opposed to have the parameters fixed. The argon2 RFC does specifically mention a suggested configuration that we can refer to for this. ~Nadja
- [kitten] complementary OPAQUE SASL mechanism draft Stefan Marsiske
- Re: [kitten] complementary OPAQUE SASL mechanism … Simon Josefsson
- Re: [kitten] complementary OPAQUE SASL mechanism … Simo Sorce
- Re: [kitten] complementary OPAQUE SASL mechanism … Simon Josefsson
- Re: [kitten] complementary OPAQUE SASL mechanism … Dave Cridland
- Re: [kitten] complementary OPAQUE SASL mechanism … Simon Josefsson
- Re: [kitten] complementary OPAQUE SASL mechanism … Nadja Reitzenstein