IETF Logo Mail Archive

Re: [kitten] Comments on draft-ietf-kitten-password-storage-00

Sam Whited <sam@samwhited.com> Fri, 30 October 2020 00:40 UTC

Return-Path: <sam@samwhited.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBB563A0799; Thu, 29 Oct 2020 17:40:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=samwhited.com header.b=lVKIVxFj; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=dNr1PLCm
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wUWnmANmM6WA; Thu, 29 Oct 2020 17:40:45 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 448C33A0769; Thu, 29 Oct 2020 17:40:45 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 8065C5C0152; Thu, 29 Oct 2020 20:40:44 -0400 (EDT)
Received: from imap34 ([10.202.2.84]) by compute4.internal (MEProxy); Thu, 29 Oct 2020 20:40:44 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samwhited.com; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type:content-transfer-encoding; s=fm1; bh=h3 8mrh6z4htSol6mzYGOQFa0zcw4oXtqBA7i4LxMRT0=; b=lVKIVxFjt49lVbIbXO 09qhCkaQ3FW4vhXO/3GtWRD4QOvUFA78rr7VOZPswLYKYG4DtzQnZxq5xwu9vl3F 2Z/QXRgd5hOKOcy9fZDMwemzv9VqVL/DDOUUCKwIA70W3EdnP61rIm4n6i4OSkFk Zh1QvKe9qK+jFo6lyxzOTsoZwpAlhyfsm8FHZL86XVXP+XIcvVUwU2uMnrMvIXJz TdT+2l21qxfIgZcsun9PVIERsXMEjHIl3diV32cFOXihvUv2TSw/4Iz/t1SZhGoM ay6uymwP+cviBQo8QBIAOKE5gcGCCKAUrwiH2eYtYKOyf3XsXngS8mVFNowsCjAM P4Kw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=h38mrh6z4htSol6mzYGOQFa0zcw4oXtqBA7i4LxMR T0=; b=dNr1PLCmb5QTcgDlbKZZ/oF8GqrGNfmfF8IfI80BSQC6rbqTs2+NTs+Yn a3ejwFRHf9ibdaFsvK2wCpVdsGcJiOaT9UdkzLHpxKFog0r5NJpU9qTjTD6adYEe IBpfncLrNShglAjSsjItczn3uBeO78LSMyS0WBj9T4xuDhfWZuQGN5u8dFHY3IKP SeoTU/bdqtK9PLzjDnXoBIA1JXKsjiHzMiJv4OJFTq/umxRvAresZlEhHcK9CD3D mq0+KG5whlkzTI6wZ/t7WVPTSqQQcSr+Q/7B91ZRgvYr2JQkXSQTvXKY5kZNa59g F6xiHPD17ttEyakrONGKKxSwNuqJg==
X-ME-Sender: <xms:C2GbX85BUlztS6WElxUX-uicQD3MnqJZMZ1CfYQ11kutaz71Fj-Jcg> <xme:C2GbX940A8yf2en7oD2oDs84HfLSjKIl4BmB2ooRKbocEsKstlQhi_gvZJf-E7eQs jRUoGLDSLnP99Jrjw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrleeggddvgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvufgtgfesthhqredtreerjeenucfhrhhomhepfdfurghm ucghhhhithgvugdfuceoshgrmhesshgrmhifhhhithgvugdrtghomheqnecuggftrfgrth htvghrnhepfeduudekkeeuteeuleefgeeuvdeuvdffhedvveeiffeghefhjefftdevveeu vdffnecuffhomhgrihhnpehivghtfhdrohhrghenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpehsrghmsehsrghmfihhihhtvggurdgtohhm
X-ME-Proxy: <xmx:C2GbX7dO5fbfxXB5yLQwZuA8_b9rHw-fs4ZdhwVK1jk13E5hcI3EHA> <xmx:C2GbXxJa8qvpKQIGT5M0Oa_PTX7Px7bKOLnPSdJL2UOp4j-AjRJlOg> <xmx:C2GbXwJK-NNpRkYixUaz-nSSmji4ogP9ihXdI2E6y6ff0dPzSbMhVQ> <xmx:DGGbX3XVDTaNJXfEnIINSX_BmUi2p2PO4QuJ0vGyCMDLOGTQIQYhuQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id C30EE1460062; Thu, 29 Oct 2020 20:40:43 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-530-g8da6958-fm-20201021.003-g69105b13-v35
Mime-Version: 1.0
Message-Id: <099cf65d-5a57-4e64-93cd-8504aa3bb97d@www.fastmail.com>
In-Reply-To: <DM5PR14MB130837085BB6E5FB1B592469B8140@DM5PR14MB1308.namprd14.prod.outlook.com>
References: <6dde1303-3d0c-6811-c201-00edbe5ab84e@bluepopcorn.net> <jlgk0wleoi6.fsf@redhat.com> <DM5PR14MB130837085BB6E5FB1B592469B8140@DM5PR14MB1308.namprd14.prod.outlook.com>
Date: Thu, 29 Oct 2020 20:40:23 -0400
From: Sam Whited <sam@samwhited.com>
To: Ludovic BOCQUET <lbxmpp@live.com>, Robbie Harwood <rharwood@redhat.com>, Jim Fenton <fenton@bluepopcorn.net>, KITTEN Working Group <kitten@ietf.org>
Cc: "draft-ietf-kitten-password-storage@ietf.org" <draft-ietf-kitten-password-storage@ietf.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/AB0mCbFr9wCGTBDe3cQbA9DwGzc>
Subject: Re: [kitten] Comments on draft-ietf-kitten-password-storage-00
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Oct 2020 00:40:47 -0000

Hi Ludovic,

On Thu, Oct 29, 2020, at 18:48, Ludovic BOCQUET wrote:
>  * "When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS
>    variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-
>    256 variants [RFC7677] SHOULD be preferred over SHA-1 variants
>    [RFC5802])"

I disagree with the RFC on this regard, but if further evidence can be
provided I'm all ears. There are no known pre-image attacks against SHA-
1, and the weaknesses I'm aware of at least won't matter for SCRAM since
SHA-1 is only used in the HMAC so to me it seems preferable to encourage
channel binding first, and the specific hash second. That being said,
channel binding isn't actually very useful right now since there's no
way to negotiate it and the existing methods are insecure without the
TLS master secret fix, so maybe it doesn't matter either way.

I am certainly not an expert and will bow to expert opinion if consensus
is against me, so I'd love more feedback on this.

> In the same time, I think that we must to add two new official SCRAM
> drafts of the same author of SCRAM:
>
> Currently SCRAM-SHA-512-PLUS and SCRAM-SHA-512 are missing:
> - https://tools.ietf.org/html/draft-melnikov-scram-sha-512
>
> Currently SCRAM-SHA3-512-PLUS and SCRAM-SHA3-512 are missing:
> - https://tools.ietf.org/html/draft-melnikov-scram-sha3-512

I'm keeping an eye on those and am very excited to see them coming
along! I'd prefer that they go through expert review first though
before adding them to this document (although I do think it's
appropriate to do so since they're both just I-Ds right now, so I don't
feel strongly about this). I wouldn't want this document to go to RFC
and still be referencing those I-Ds, but I don't know what the IETF
position on this is; either way it seems worth waiting and keeping an
eye on them for now.

Thanks for your feedback!

—Sam

v2.23.0 | Report a Bug | By Email