IETF Logo Mail Archive

Re: [kitten] Comments on draft-ietf-kitten-password-storage-00

Alexey Melnikov <alexey.melnikov@isode.com> Tue, 03 November 2020 14:27 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A350B3A0B9D; Tue, 3 Nov 2020 06:27:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.346
X-Spam-Level:
X-Spam-Status: No, score=-2.346 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.247, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hRzg6uPTc1-Z; Tue, 3 Nov 2020 06:27:48 -0800 (PST)
Received: from statler.isode.com (Statler.isode.com [62.232.206.189]) by ietfa.amsl.com (Postfix) with ESMTP id 20D063A0BAD; Tue, 3 Nov 2020 06:27:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1604413666; d=isode.com; s=june2016; i=@isode.com; bh=FV2PNDB3ZkvUeZYoEOxEjwttUJaI/rZRxgR9Wu02tHY=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=vDaKWqFeiuRmZrVcDESRt1XK5/ReiS+dTkT3icyDZ19s2Y0fwgq9R2SX5C4nJnYwLy7ABt 6et4Dgxvru8bZDSVntS9eb9LblgDlVUDKsin3BHY5vZFJ8dfGh54OtTvOzP9oQv4+z7s9W asbXuZRsoU7eKVwp3BJ5PXTeLHmXXJA=;
Received: from [172.27.251.239] (connect.isode.net [172.20.0.72]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <X6Fo4QAFHywt@statler.isode.com>; Tue, 3 Nov 2020 14:27:45 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
To: Sam Whited <sam@samwhited.com>, Ludovic BOCQUET <lbxmpp@live.com>, Robbie Harwood <rharwood@redhat.com>, Jim Fenton <fenton@bluepopcorn.net>, KITTEN Working Group <kitten@ietf.org>
Cc: "draft-ietf-kitten-password-storage@ietf.org" <draft-ietf-kitten-password-storage@ietf.org>
References: <6dde1303-3d0c-6811-c201-00edbe5ab84e@bluepopcorn.net> <jlgk0wleoi6.fsf@redhat.com> <DM5PR14MB130837085BB6E5FB1B592469B8140@DM5PR14MB1308.namprd14.prod.outlook.com> <099cf65d-5a57-4e64-93cd-8504aa3bb97d@www.fastmail.com>
Message-ID: <cdb36f4a-12e9-c5ee-aa2a-d31685660d13@isode.com>
Date: Tue, 03 Nov 2020 14:27:31 +0000
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0
In-Reply-To: <099cf65d-5a57-4e64-93cd-8504aa3bb97d@www.fastmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/8GglIHO_8kgZtk83D-8XOsZxuxE>
Subject: Re: [kitten] Comments on draft-ietf-kitten-password-storage-00
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2020 14:27:50 -0000

Hi Sam,

I tend to agree with Ludovic on ordering. More on this below:

On 30/10/2020 00:40, Sam Whited wrote:

> Hi Ludovic,
>
> On Thu, Oct 29, 2020, at 18:48, Ludovic BOCQUET wrote:
>>   * "When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS
>>     variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-
>>     256 variants [RFC7677] SHOULD be preferred over SHA-1 variants
>>     [RFC5802])"
> I disagree with the RFC on this regard, but if further evidence can be
> provided I'm all ears. There are no known pre-image attacks against SHA-
> 1, and the weaknesses I'm aware of at least won't matter for SCRAM since
> SHA-1 is only used in the HMAC so to me it seems preferable to encourage
I think trust in SHA-1 is diminishing, so it will be phased out even if 
HMAC-SHA-1 is still considered to be Ok. I think at this point we 
shouldn't encourage use of SHA-1 with SCRAM, unless this is required for 
backward compatibility reasons.
> channel binding first, and the specific hash second.

That I agree with. So maybe the following ordering:

SCRAM-SHA-256-PLUS
SCRAM-SHA-1-PLUS
SCRAM-SHA-256
SCRAM-SHA-1
?

> That being said,
> channel binding isn't actually very useful right now since there's no
> way to negotiate it and the existing methods are insecure without the
> TLS master secret fix, so maybe it doesn't matter either way.
Fixing channel binding for TLS 1.3 is something that we need to do 
anyway. But this is a separate discussion.
> I am certainly not an expert and will bow to expert opinion if consensus
> is against me, so I'd love more feedback on this.
>
>> In the same time, I think that we must to add two new official SCRAM
>> drafts of the same author of SCRAM:
>>
>> Currently SCRAM-SHA-512-PLUS and SCRAM-SHA-512 are missing:
>> -https://tools.ietf.org/html/draft-melnikov-scram-sha-512
>>
>> Currently SCRAM-SHA3-512-PLUS and SCRAM-SHA3-512 are missing:
>> -https://tools.ietf.org/html/draft-melnikov-scram-sha3-512
> I'm keeping an eye on those and am very excited to see them coming
> along! I'd prefer that they go through expert review first though
> before adding them to this document (although I do think it's
> appropriate to do so since they're both just I-Ds right now, so I don't
> feel strongly about this). I wouldn't want this document to go to RFC
> and still be referencing those I-Ds, but I don't know what the IETF
> position on this is; either way it seems worth waiting and keeping an
> eye on them for now.

Fair point.

Best Regards,

Alexey

v2.23.0 | Report a Bug | By Email