IETF Logo Mail Archive

Re: [kitten] The Hashed-Token SASL Mechanism (SASL-HT)

Sam Whited <sam@samwhited.com> Tue, 17 October 2017 14:09 UTC

Return-Path: <sam@samwhited.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F04D134222 for <kitten@ietfa.amsl.com>; Tue, 17 Oct 2017 07:09:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.822
X-Spam-Level:
X-Spam-Status: No, score=-0.822 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=samwhited.com header.b=r7i+lBrl; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=PQ5El6+B
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PzMVyNvrFbq9 for <kitten@ietfa.amsl.com>; Tue, 17 Oct 2017 07:08:57 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FEA3132FB1 for <kitten@ietf.org>; Tue, 17 Oct 2017 07:08:52 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id CE68C206BB for <kitten@ietf.org>; Tue, 17 Oct 2017 10:08:51 -0400 (EDT)
Received: from web5 ([10.202.2.215]) by compute4.internal (MEProxy); Tue, 17 Oct 2017 10:08:51 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samwhited.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=mih8o3KrAkNH3+UMpPO8i9W4eYBVn JE5M4eIGbbfi2g=; b=r7i+lBrlN+L0CmPBCM+o9tmtXMZAlPQekjs+GQXhQ9eoV HbnjDG4CA/XslQfnVxXvv+KvnEfm8MsyIkkkLtUJ0lqxGZiWu2aZ5wILHM1OCsf6 v/rdDnaCP+WYPD7Sl6dh/ohqcrnD7H1fXO+Mc5FO7SPcfInVa17CWir2Qovxfl95 i+p5zo6hAIdrJFg+kOK4J5lMaRuvuWqYe3NsYWtPZmmb5Ey2r0bJPYf3eWO+6R2D GIsbrlXm9JswBOi6bnRZDcTRExssKQnAOI3x2cVPiRWWBfCy3RpMvbn2b8WHY5rR kcxhiPuETRXX6pXVRwMFBtmKHlLWwDliNVWP97y5w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=mih8o3 KrAkNH3+UMpPO8i9W4eYBVnJE5M4eIGbbfi2g=; b=PQ5El6+BszY20g6MsVd3Ol uPe169cChvnKPxp1+yrWjLAAUuL0stlfsNIyaC0+gyuSubnk4CmqRDdEfsuKfyaQ 1BRFjCS79ZRsyFxnd1/eq9dVppKF195SLwMGTyrJqYENIZHpNhEDzeboQPTtd/wL Y1LjSEu2GG5HU5XGzPEdmJjYcPzxmKoqJEFuEQBUv/HeSMdM7BUMdNS3MYA+22Zl UlO9yxdsMK3ZyIi9TZWwOYkSxFsTqu0yAY66MwPmZeC4BSFq2xa6GbuYirM14u3N M/fW0HZq+QY3EUqqv/2xXWX+CaT6/7uOfXbh5V46yLqbO1Y6ujo9OpSkqO1AUYLg ==
X-ME-Sender: <xms:8w7mWcxsFYr8QQuFMJ3SNgvrxaeQtr791arE3eJIDBxKRkuFYuC2rg>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id A20B79E2F3; Tue, 17 Oct 2017 10:08:51 -0400 (EDT)
Message-Id: <1508249331.3526135.1141665400.36944376@webmail.messagingengine.com>
From: Sam Whited <sam@samwhited.com>
To: kitten@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-26fdae60
References: <9913d71b-ae22-cc48-34b8-fb29fdf9a00c@geekplace.eu>
In-Reply-To: <9913d71b-ae22-cc48-34b8-fb29fdf9a00c@geekplace.eu>
Date: Tue, 17 Oct 2017 09:08:51 -0500
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/ArPA7yrFUd-0QWT4dYnbtSSwEAE>
Subject: Re: [kitten] The Hashed-Token SASL Mechanism (SASL-HT)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Oct 2017 14:09:03 -0000

On Fri, Sep 29, 2017, at 04:08, Florian Schmaus wrote:
> I would like to note the existence of draft-schmaus-kitten-sasl-ht-01:
> 
> https://tools.ietf.org/html/draft-schmaus-kitten-sasl-ht-01

After a quick read through of the latest draft, the only thing I found
which I wasn't sure about was the following:

> Before sending the authentication identity string the initiator SHOULD
> prepare the data with the UsernameCaseMapped profile of [RFC7613].

This limits the SASL mechanisms usefulness to Unicode encodings. I'd
suggest that normalizing the username is something the application
protocol should do, it should not be required by the authentication
framework (as far as SASL is concerned these should just be bytes).

—Sam

P.S. Also note that 7613 was recently replaced by RFC 8265, if this
reference is kept it may be good to update it.

v2.23.0 | Report a Bug | By Email