IETF Logo Mail Archive

Re: [kitten] Stating support for HTTP-SASL on the HTTP WG list

Nico Williams <nico@cryptonector.com> Sun, 29 January 2023 04:28 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3CD9C14CE38 for <kitten@ietfa.amsl.com>; Sat, 28 Jan 2023 20:28:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KgU8qh8PsKwo for <kitten@ietfa.amsl.com>; Sat, 28 Jan 2023 20:28:41 -0800 (PST)
Received: from bee.birch.relay.mailchannels.net (bee.birch.relay.mailchannels.net [23.83.209.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B516FC14F730 for <kitten@ietf.org>; Sat, 28 Jan 2023 20:28:41 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id DEE873C15C1; Sun, 29 Jan 2023 04:28:40 +0000 (UTC)
Received: from pdx1-sub0-mail-a234.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 5EC013C12C7; Sun, 29 Jan 2023 04:28:40 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1674966520; a=rsa-sha256; cv=none; b=GGNGrbHtfVXW43FRaDZGryyzcxRdFYl4B+YMndMZpApC0IlxEN+s1UH49Hnszhs/r3Got7 +Biw3gqAs2iNQEt9JAgaIIXaH923LczIJMciKj3OJVef3YLPKFo8ZEy1KlGr2pM6ILTtsi pOfn+lzFAkL4hcn7Qc6VeeKEMLCZ1TLF2qCdU1B23Wc3jAl4+zinUssxyWTlundnKNQ0MC uyBuGssDl96fD31Q1sWym9ymQYLJiJW/JHQ0XwDlvz2+NkXgwfJeATCQSwL+oTTEw9TSG2 7aBWfhgd7cGioT5q+jTo114tpPU+SWQVk18lPbaD8nAnNS536BWk5sSzE1AvVQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1674966520; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:dkim-signature; bh=3cO0otQ7Tn1mva0d+ggidLXl+WUv7dIMobbv3ByUMe8=; b=nLpNKJhIYiUw/x/PfTKY0CSz1WkYQpHmNxAqg2atjQmk4YqI+7YihCJWtnbtBjrRbD2aYZ h2qcGZDkz7RnhG8/ip/nEl0ANRW9Jax9bcAxNIAkBgAw5sgZCxUyFe6KHqAylNlhs3Nd9J c8WI4P4PMm+j1yKMVp3x3bgqdr5zcGybrrpk/sKywvkRWiC97uOwsjdnuIGfHFyMGxhAgQ CgUN8DUgMofzqMr+56YIHyNf+SwDqoLVr8kkXJlSKQhez8sNcCiARI3lwNcB+sTS3VK/sR R5exWHfouAwSStZ0lx70AfcjLdgO2/U9dOa0n8VeYUxCWAiytqHMwmtFAKR5vw==
ARC-Authentication-Results: i=1; rspamd-5fb8f68d88-lpb2v; auth=pass smtp.auth=dreamhost smtp.mailfrom=nico@cryptonector.com
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Hook-Abiding: 778b1c7a226370e3_1674966520634_410544709
X-MC-Loop-Signature: 1674966520634:1397977314
X-MC-Ingress-Time: 1674966520634
Received: from pdx1-sub0-mail-a234.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.99.229.7 (trex/6.7.1); Sun, 29 Jan 2023 04:28:40 +0000
Received: from gmail.com (cpe-66-25-27-1.tx.res.rr.com [66.25.27.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a234.dreamhost.com (Postfix) with ESMTPSA id 4P4JGb5rs6z9f; Sat, 28 Jan 2023 20:28:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptonector.com; s=dreamhost; t=1674966520; bh=3cO0otQ7Tn1mva0d+ggidLXl+WUv7dIMobbv3ByUMe8=; h=Date:From:To:Cc:Subject:Content-Type; b=YEVptU4cZtYa+OxKgejzgZ0I+S6FKQZ2c0vxWYQCxv6aHZyxcc4zxpwwmNlCRloh+ jEVOO9FQ7ycPYT79bGb19PEGkRy4UvvX48aHCEmk0Dqq4SbMTnxXIfSgEw1Or8P4ur CJ+W/dIM0p5Fbu9uapO/1aTP5DkuWjk5Dbrb589xMfC6NRTNSlZP7V780ZsI3Cd1I/ ugTbnbfVE5ht51IcHINwFcOdxNgGmtZtWg4Der3s9Rbbb5NRDRga5WmFbJPBIENbPz gnXSiBl+laI00McaWfj2A7gGr/5Xh7FwvbDw5gBPsZ9oEMuIkzTjGwW5k/n/A0zpxQ /bGBwkomTckvQ==
Date: Sat, 28 Jan 2023 22:28:37 -0600
From: Nico Williams <nico@cryptonector.com>
To: Russ Allbery <eagle@eyrie.org>
Cc: kitten@ietf.org
Message-ID: <Y9X19YVm2OUDEYTZ@gmail.com>
References: <20230127160101.GB635@openfortress.nl> <048e6943f02302bb5cf7b8c55521931ce3748d30.camel@redhat.com> <20230128215854.629841D6333@pb-smtp20.pobox.com> <87a622tdd1.fsf@hope.eyrie.org> <875ycqtcmd.fsf@hope.eyrie.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <875ycqtcmd.fsf@hope.eyrie.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/C-qRKsZJ6YAmN1nLNFOEI2TvKpw>
Subject: Re: [kitten] Stating support for HTTP-SASL on the HTTP WG list
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jan 2023 04:28:45 -0000

On Sat, Jan 28, 2023 at 04:20:42PM -0800, Russ Allbery wrote:
> Russ Allbery <eagle@eyrie.org> writes:
> > I was curious after reading the initial message how this new proposal
> > planned to deal with the multi-step authentication negotiation process
> > in HTTP.  Maybe that's being discussed on the other list?
> 
> I've now looked at the spec, and it looks like this is being handled with
> 401 or 407 responses plus embedding the server state in the response and
> expecting the client to reflect it on subsequent requests.
> 
> I think this would work theoretically (at least I don't see why it
> wouldn't), but I'm very curious about how widely this has been tested in
> HTTP scenarios involving round-robin load-balancing.  Making the client
> replay the state provides enough of a theoretical hook to allow moving an
> in-progress authentication session from one backend server to another, but
> has this been done in practice with Cyrus SASL and similar SASL libraries?
> My first reaction is that this is asking a lot of the SASL library on the
> server side to be able to reconstitute and continue a halfway-constructed
> SASL session that was negotiated by a different server, but maybe that
> first reaction is erroneous.

Certainly the state should be encrypted, but this does create replay
attacks, and whether a SASL mechanism is vulnerable or not may vary.

Also, this implies that there is something in SASL like
GSS_Export_sec_context() that works with partially established contexts.
That function would have to have direct support for encrypting the state
so that if the mechanism were vulnerable to replays then it wouldn't
implement the encrypted state functionality.

Nico
--

v2.23.0 | Report a Bug | By Email