IETF Logo Mail Archive

Re: [kitten] Requesting WG adoption of several SCRAM related documents

Alexey Melnikov <alexey.melnikov@isode.com> Wed, 27 October 2021 11:13 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C20A73A0E84 for <kitten@ietfa.amsl.com>; Wed, 27 Oct 2021 04:13:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.429
X-Spam-Level:
X-Spam-Status: No, score=-5.429 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-3.33, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lXGmjuW91jVZ for <kitten@ietfa.amsl.com>; Wed, 27 Oct 2021 04:13:49 -0700 (PDT)
Received: from statler.isode.com (Statler.isode.com [62.232.206.189]) by ietfa.amsl.com (Postfix) with ESMTP id B09C13A0E82 for <kitten@ietf.org>; Wed, 27 Oct 2021 04:13:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1635333227; d=isode.com; s=june2016; i=@isode.com; bh=2dzCQGChGAgcTQfaH1efftlMBcY9uvuFW5J/fuH6cQY=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=hsYKVBFwwX/zGKFN+9t96Rz3yBdC8Ho+H0oatUFdWKDKS0l3lUX4c3/ma/XISoW2qyG27D FkZkNXZ+M90x6RRgLNYWZAY2x9urPUhxnPAKDr19TG3t4U78J5xOyEwG1Jl+XqIrw4vBlL jKu/Zxy8QGyL/IxlAzm3XWcWx6sCWhE=;
Received: from [192.168.1.222] (host5-81-100-13.range5-81.btcentralplus.com [5.81.100.13]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <YXk0agALZIYM@statler.isode.com>; Wed, 27 Oct 2021 12:13:46 +0100
To: Simon Josefsson <simon@josefsson.org>
Cc: "kitten@ietf.org" <kitten@ietf.org>, Robbie Harwood <rharwood@redhat.com>
References: <4a14c16b-644f-ac40-7b3a-a1712c9aa3d2@isode.com> <87ilxjo6e1.fsf@latte.josefsson.org>
From: Alexey Melnikov <alexey.melnikov@isode.com>
Message-ID: <86d03520-467c-42c8-4969-e2b306804eae@isode.com>
Date: Wed, 27 Oct 2021 12:13:35 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0
In-Reply-To: <87ilxjo6e1.fsf@latte.josefsson.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/5-esVLc7u2APoia1psnp7RKjVU0>
Subject: Re: [kitten] Requesting WG adoption of several SCRAM related documents
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Oct 2021 11:13:55 -0000

Hi Simon,

On 26/10/2021 21:52, Simon Josefsson wrote:
> Hi.  I'm not strongly opposed to these work items, but I do feel
> publishing these documents without adressing high-level concerns have a
> risk of causing problems during deployment.  I think the WG should
> understand and consider the implication before adopting the documents -
> maybe there is alternative work that needs to happen before/instead.
>
> 1) For SCRAM-2FA how is user interaction supposed to work for
> applications that open many connections?  This is the problem that
> turned out to kill deployment of SAML20 and OPENID20 for typical
> environments.  I think this is a serious problem for any SASL mechanisms
> that works with non-long-term secrets, and I think we should ponder if
> there is some generic mechanism (like SASL re-authentication or
> authentication resumption) that needs to be standardized.  Otherwise I
> think SCRAM-2FA will end up in the same way, and cause people to do a
> lot of work to try to implement it and run into the same problems.
Very good point. I think Dave Cridland had a proposal for a generic SASL 
resumption mechanism 
<https://www.ietf.org/archive/id/draft-cridland-kitten-clientkey-00.txt> 
and I support adopting it to address this problem.
> 2) Add new hashes for SCRAM causes complexity in applications to specify
> and support multiple database entries for different
> password-equivalents.
This is not really a new thing, although multiple SCRAM mechanisms 
certainly made it worse. Some backends can store multiple values and 
some can't.
> There is no real guidance on how clients and
> servers should treat multiple hash variants and negotiation between
> them.  SASL does not handle sub-mechanism negotiation well, so it has a
> security complexity cost.  I wrote about some of this in
> https://blog.josefsson.org/2021/06/08/whats-wrong-with-scram/ and at
> least one problem is worth repeating:
>
>    How to negotiate which variant to use is not well-defined. Consider if
>    the server only has access to a SCRAM-SHA-1 hashed password for user X
>    and a SCRAM-SHA-256 hashed password for user Y. What mechanisms should
>    it offer to an unknown client? Offering both is likely to cause
>    authentication failures, and the fall-back behaviour of SASL is poor.

I think this is a generic SASL problem when there are different sets of 
users that use different SASL mechanism/credentials. (E.g. the same 
problem exists if some users have SCRAM-SHA-1 credential and some can 
only use EXTERNAL).

This is also a quality of implementation issue. Many implementations can 
iterate through several SASL mechanisms until one of them succeeds.


Anyway, I am happy to work on better advice for SASL implementors or 
some other way to help improve this.

Best Regards,

Alexey

> /Simon
>
> Alexey Melnikov <alexey.melnikov@isode.com> writes:
>
>> Dear Kitten WG participants,
>>
>> I would like to request WG adoption of several SCRAM related documents:
>>
>> 1) Extensions to Salted Challenge Response (SCRAM) for 2 factor
>> authentication
>> <https://datatracker.ietf.org/doc/draft-melnikov-scram-2fa/>
>>
>> There were some earlier discussions of this document and it seems to
>> be in scope for the current charter.
>>
>> 2) SCRAM-SHA-512 and SCRAM-SHA-512-PLUS Simple Authentication and
>> Security Layer (SASL) Mechanisms
>> <https://datatracker.ietf.org/doc/draft-melnikov-scram-sha-512/>
>>
>> This is already implemented in Cyrus SASL, so it would be good to have
>> stable documentation.
>>
>> 3) SCRAM-SHA3-512 and SCRAM-SHA3-512-PLUS Simple Authentication and
>> Security Layer (SASL) Mechanisms
>> <https://datatracker.ietf.org/doc/draft-melnikov-scram-sha3-512/>
>>
>> Best Regards,
>>
>> Alexey
>>
>> P.S. As I am editing various documents mentioned in this email, my
>> co-chair Robbie will judge consensus on adoption of each document.
>>

v2.23.0 | Report a Bug | By Email