Re: [kitten] [saag] AD sponsoring draft-hansen-scram-sha256

Simon Josefsson <simon@josefsson.org> Sat, 23 May 2015 14:35 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41A1A1A1B48; Sat, 23 May 2015 07:35:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TuhBST7vzYxt; Sat, 23 May 2015 07:35:43 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07FD51A1B6B; Sat, 23 May 2015 07:35:42 -0700 (PDT)
Received: from latte.josefsson.org ([155.4.17.3]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t4NEZROp030315 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Sat, 23 May 2015 16:35:29 +0200
Date: Sat, 23 May 2015 16:35:26 +0200
From: Simon Josefsson <simon@josefsson.org>
To: Karthikeyan Bhargavan <karthikeyan.bhargavan@inria.fr>
Message-ID: <20150523163526.7e7d5e14@latte.josefsson.org>
In-Reply-To: <F2896AD9-127C-4F7B-BC21-CF29C148D36D@inria.fr>
References: <54DC00D0.2050900@cs.tcd.ie> <87r3tqqj9y.fsf@latte.josefsson.org> <CABkgnnWbCV6kWF0F4zCj+-jjf67MkkkCb-nYNonsTA04Ojd5jQ@mail.gmail.com> <20150216115457.3c16fdbf@latte.josefsson.org> <F2896AD9-127C-4F7B-BC21-CF29C148D36D@inria.fr>
X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/.hvmA=uvI9hcR2USMr=tHVP"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/FduU7gaajgYT-ypNJXTO20J-5QU>
Cc: "kitten@ietf.org" <kitten@ietf.org>, "http-auth@ietf.org" <http-auth@ietf.org>, Martin Thomson <martin.thomson@gmail.com>, "saag@ietf.org" <saag@ietf.org>
Subject: Re: [kitten] [saag] AD sponsoring draft-hansen-scram-sha256
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 May 2015 14:35:44 -0000

> I have a separate question: would there be value in defining a new
> session-level channel binding (updating rfc5929) based on
> tls-session-hash?

I offered
https://tools.ietf.org/html/draft-josefsson-sasl-tls-cb-03 as an
alternative to tls-unique back in the days.  The issue with using only
the client/server-random (a'la TLS Finished) was discussed back then
and for -01 in 2008 I fixed the construct to be more secure (credit to
Eric Rescorla and Sam Hartman who made me aware of the concern).

My draft derives the channel binding in a way similar to
tls-session-hash.  I would appreciate if you could take a look and tell
me if you believe that it would solve the triple-handshake concern.

/Simon