IETF Logo Mail Archive

Re: [kitten] Comments on draft-ietf-kitten-password-storage-00

Sam Whited <sam@samwhited.com> Wed, 04 November 2020 13:06 UTC

Return-Path: <sam@samwhited.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAC4C3A11C1; Wed, 4 Nov 2020 05:06:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=samwhited.com header.b=pdJQREfd; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=oZ2NrPiH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BFKob4sztl3A; Wed, 4 Nov 2020 05:06:39 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDEC63A0365; Wed, 4 Nov 2020 05:06:38 -0800 (PST)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id E3C125C00F4; Wed, 4 Nov 2020 08:06:37 -0500 (EST)
Received: from imap34 ([10.202.2.84]) by compute4.internal (MEProxy); Wed, 04 Nov 2020 08:06:37 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samwhited.com; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type:content-transfer-encoding; s=fm1; bh=Dz yHOPv4wpRjcQGWzC8BjcKgc5Ix85Pc4EXzvK7iD2E=; b=pdJQREfdUQ4U5hgcEt zjNjnLzSbr/ViRY9mx2DMm2X3XMU52Lc0GKy76Bf+/bcHZ0SJert+M5DUi3tjhRh YtdAWnob3OUEd7iRe7ykYkCdAfTxW0ZwnOq1jJbh0y+QhU6gr8sblNn8HmhzZXnT 5y+jOKlaZH+mi2UNrHUlLC9vBLJlCaw1yNT21i+b1IViJKEUW7HLPLT7ynsY4aYp MQk3xxY3ZjhPEOyX1bz5MQOJdfdnruj64oA69NDkEc1vw0fiQlcWnufqFg5vVhxG O+OcAd2m+Qz5EE3rvgLkFqcVtjiK89qEtWjMSioBl0tS+AjsqDaPrP+HX9IZvHPC dJlg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=DzyHOPv4wpRjcQGWzC8BjcKgc5Ix85Pc4EXzvK7iD 2E=; b=oZ2NrPiHqm/EDfBD8JPUk548ZzzfqkRavPF7HsZlGzF+maOnbGqMZMo6B SEbrrMk3FY36DW9pLuN7hgiULtmhLS0kE9C8X3Ysk1mKNNKMlzV5SPiF7u61OktF 35OZ8TWkFNStClerwNImyry59XcKgW30oYXK+9vmVsDrjbN8dehkV2KHSxZmY8M7 unRNx0BNRFXNyfgbih6wdSeNxC1inUv1zK3+YxcS4Z/2+8wfK4skPm0gPN9k1TGs xIzZ8vaLntPTZwhUv18BlSLCsWGq0CZn28hUbgZd5BKXBYGyOo49AaCC6dVXcFFK hHVdw/ZFHHf+BlPjKONrhrNGcg6cA==
X-ME-Sender: <xms:XaeiXx1QFuiFB3be5ofgr3JTB3LGnnvBzKQKpl9tJpNgGlXqojJ53Q> <xme:XaeiX4FGLCa6xhJOetexWeJg9InKyfxanpEJuHE_RuChGVRf0193xrPs7aLo0lCBh IGLdeFpNswCBlLDuA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedruddthedghedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgfgsehtqhertderreejnecuhfhrohhmpedfufgr mhcuhghhihhtvggufdcuoehsrghmsehsrghmfihhihhtvggurdgtohhmqeenucggtffrrg htthgvrhhnpeefuddukeekueetueelfeeguedvuedvffehvdevieffgeehhfejffdtveev uedvffenucffohhmrghinhepihgvthhfrdhorhhgnecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomhepshgrmhesshgrmhifhhhithgvugdrtghomh
X-ME-Proxy: <xmx:XaeiXx5DftzdF8mWl8kqQx1Ho4rFcnXjpIhp7BaS9JsA6_4U4g0ZoA> <xmx:XaeiX-3zmnocAFPvC9G14wTdY6g_q08xgl1Ikzu8zt1BHIRw_yLKvA> <xmx:XaeiX0GO4Au8nC6w2PvRWwzvGN8QrwuNNohYRlcxmsK7SXh6OayTrQ> <xmx:XaeiX4DaXuIoIap4DXR_jJ9dVk4sMQa285n0OPL7EYHdC8pOt9r8Jg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 120D21460062; Wed, 4 Nov 2020 08:06:36 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-530-g8da6958-fm-20201021.003-g69105b13-v35
Mime-Version: 1.0
Message-Id: <d20a0afc-92eb-4de0-b2ec-2739af56fcf2@www.fastmail.com>
In-Reply-To: <cdb36f4a-12e9-c5ee-aa2a-d31685660d13@isode.com>
References: <6dde1303-3d0c-6811-c201-00edbe5ab84e@bluepopcorn.net> <jlgk0wleoi6.fsf@redhat.com> <DM5PR14MB130837085BB6E5FB1B592469B8140@DM5PR14MB1308.namprd14.prod.outlook.com> <099cf65d-5a57-4e64-93cd-8504aa3bb97d@www.fastmail.com> <cdb36f4a-12e9-c5ee-aa2a-d31685660d13@isode.com>
Date: Wed, 04 Nov 2020 08:06:16 -0500
From: Sam Whited <sam@samwhited.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>, Ludovic BOCQUET <lbxmpp@live.com>, Robbie Harwood <rharwood@redhat.com>, Jim Fenton <fenton@bluepopcorn.net>, KITTEN Working Group <kitten@ietf.org>
Cc: "draft-ietf-kitten-password-storage@ietf.org" <draft-ietf-kitten-password-storage@ietf.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/GW2JnqkTzHM190Q7w96YS1sGR4U>
Subject: Re: [kitten] Comments on draft-ietf-kitten-password-storage-00
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2020 13:06:42 -0000

Responses inline. TL;DR I agree.

On Tue, Nov 3, 2020, at 09:27, Alexey Melnikov wrote:
> That I agree with. So maybe the following ordering:
> 
> SCRAM-SHA-256-PLUS
> SCRAM-SHA-1-PLUS
> SCRAM-SHA-256
> SCRAM-SHA-1

That seems fine to me, I'll update in the next version.

> Fixing channel binding for TLS 1.3 is something that we need to do 
> anyway. But this is a separate discussion.

See also https://datatracker.ietf.org/doc/draft-ietf-kitten-tls-channel-bindings-for-tls13/, I'd love your feedback there too.

—Sam

v2.23.0 | Report a Bug | By Email