[kitten] draft-hansen-scram-sha256 and incorporating session hashing for channel binding

Tony Hansen <tony@att.com> Tue, 24 February 2015 16:50 UTC

Return-Path: <tony@att.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 81CEE1A8784 for <kitten@ietfa.amsl.com>; Tue, 24 Feb 2015 08:50:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.189
X-Spam-Status: No, score=-3.189 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id jhiNZTh2S_EH for <kitten@ietfa.amsl.com>; Tue, 24 Feb 2015 08:50:49 -0800 (PST)
Received: from nbfkord-smmo05.seg.att.com (nbfkord-smmo05.seg.att.com []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A4D61A1B5E for <kitten@ietf.org>; Tue, 24 Feb 2015 08:50:48 -0800 (PST)
Received: from unknown [] (EHLO alpi154.enaf.aldc.att.com) by nbfkord-smmo05.seg.att.com(mxl_mta-7.2.4-5) over TLS secured channel with ESMTP id 8ebace45.0.4907786.00-2237.13798659.nbfkord-smmo05.seg.att.com (envelope-from <tony@att.com>); Tue, 24 Feb 2015 16:50:49 +0000 (UTC)
X-MXL-Hash: 54ecabe9378d970f-1bd42983167e28b280d182a22dea355548900b2b
Received: from enaf.aldc.att.com (localhost []) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id t1OGomBN012152 for <kitten@ietf.org>; Tue, 24 Feb 2015 11:50:48 -0500
Received: from alpi131.aldc.att.com (alpi131.aldc.att.com []) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id t1OGohMr012095 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <kitten@ietf.org>; Tue, 24 Feb 2015 11:50:43 -0500
Received: from alpi153.aldc.att.com (alpi153.aldc.att.com []) by alpi131.aldc.att.com (RSA Interceptor) for <kitten@ietf.org>; Tue, 24 Feb 2015 16:50:39 GMT
Received: from aldc.att.com (localhost []) by alpi153.aldc.att.com (8.14.5/8.14.5) with ESMTP id t1OGodNa013668 for <kitten@ietf.org>; Tue, 24 Feb 2015 11:50:39 -0500
Received: from mailgw1.maillennium.att.com (maillennium.att.com []) by alpi153.aldc.att.com (8.14.5/8.14.5) with ESMTP id t1OGoYi8012942 for <kitten@ietf.org>; Tue, 24 Feb 2015 11:50:34 -0500
Received: from tonys-macbook-pro.local (unknown[](untrusted sender)) by maillennium.att.com (mailgw1) with ESMTP id <20150224165033gw1000ceele>; Tue, 24 Feb 2015 16:50:34 +0000
X-Originating-IP: []
Message-ID: <54ECABD8.3090902@att.com>
Date: Tue, 24 Feb 2015 11:50:32 -0500
From: Tony Hansen <tony@att.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
CC: "kitten@ietf.org" <kitten@ietf.org>
References: <54DC00D0.2050900@cs.tcd.ie> <54EC66FF.50603@cs.tcd.ie>
In-Reply-To: <54EC66FF.50603@cs.tcd.ie>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-AnalysisOut: [v=2.0 cv=EtBlW1gA c=1 sm=1 a=VXHOiMMwGAwA+y4G3/O+aw==:17 a]
X-AnalysisOut: [=9cW_t1CCXrUA:10 a=mJp9S24oyUUA:10 a=6ASjcdcU7ckA:10 a=BLc]
X-AnalysisOut: [eEmwcHowA:10 a=IkcTkHD0fZMA:10 a=zQP7CpKOAAAA:8 a=0HtSIViG]
X-AnalysisOut: [9nkA:10 a=48vgC7mUAAAA:8 a=jQSuHIxzjw1VzZep4TIA:9 a=QEXdDO]
X-AnalysisOut: [2ut3YA:10]
X-Spam: [F=0.2000000000; CM=0.500; S=0.200(2014051901)]
X-MAIL-FROM: <tony@att.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/5CW02AkMQrrdd2uilIHzjXIF3wM>
Subject: [kitten] draft-hansen-scram-sha256 and incorporating session hashing for channel binding
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Feb 2015 16:50:50 -0000

On 2/24/15 6:56 AM, Stephen Farrell wrote:
> But in addition, there were two substantive issues that ought be
> resolved before IETF LC:
> 1. a new channel binding or requiring tls-session-hash (and I guess
>     some explanatory text about why that is good/needed)

To recap:

Simon Josefsson made this comment:

> Since SCRAM was published, we have learned that the tls-unique channel
> binding is insecure -- it would be nice if we could combine the SHA256
> update with another default channel binding type to resolve that
> problem.  In my view, the problem with SCRAM today isn't primarily its
> use of SHA1 but it's broken channel binding.

Martin Thompson responded:

> We have a solution for that:
> https://tools.ietf.org/html/draft-ietf-tls-session-hash

I've read through tls-session-hash and am unsure how to proceed here.

One of my goals when proposing SCRAM-SHA-256 was to not change the 
protocol at all, other than updating the hash algorithm.

I'm not sure how to incorporate a recommendation for session hashing 
here. I'm thinking this would be best handled by adding something to the 
Security Considerations section. Does that seem right?

Would anyone be willing to suggest text changes for these comments?

     Tony Hansen