Re: [kitten] Comments on draft-ietf-kitten-password-storage-00
Sam Whited <sam@samwhited.com> Sun, 22 November 2020 20:36 UTC
Return-Path: <sam@samwhited.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCA793A0CEA; Sun, 22 Nov 2020 12:36:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.22
X-Spam-Level:
X-Spam-Status: No, score=-0.22 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=samwhited.com header.b=Rco30FS1; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=bc16CqSL
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ypotWkn-6YX8; Sun, 22 Nov 2020 12:36:41 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 354543A0CE8; Sun, 22 Nov 2020 12:36:41 -0800 (PST)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 728815C0078; Sun, 22 Nov 2020 15:36:40 -0500 (EST)
Received: from imap34 ([10.202.2.84]) by compute4.internal (MEProxy); Sun, 22 Nov 2020 15:36:40 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samwhited.com; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type:content-transfer-encoding; s=fm1; bh=Ji 2pdjewR4sA7t3Ck1fa9KgFivbjoAiEVW/qIjRj9tg=; b=Rco30FS1NdZr6yT6FU 8Opc/cCXSsykq3nGvY0XR/y5elhg3PMmMINCB8jaG3bkIR0lhhdD8NIAdokHcb3P 8kiYpnv2XOGUumSMpKqvxIml33oNftd4seoI72vLOt9m9TLGMYABj7W9KkIQhscn 44PCMFy17NIlHB+GIZBcxjTw8vwf145CwWMvY5FtcTSLXRWcKcYFZJZ6apGmvfHR y0mSvOD1D4kpQ4Irz5BbyIIpUqLUcT4J7IDhMip9EDDnuzUakjoXME6xnQ4SImlJ 5FTV/oBTfUcMul1ShkO0V37uEAveFyJzSpUkPnakEwVdiJibhZUvRE06aEclaInl cjYg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=Ji2pdjewR4sA7t3Ck1fa9KgFivbjoAiEVW/qIjRj9 tg=; b=bc16CqSL19/z5fFfjRZSMQ9flbhbJqkbbOHQRbzRhbad/iMlZZwGJAdcz t7wRHAm/rjrH5W6Tpnmsit0n3pTD1eVkFC79aTL7k2TJBPBZ4HF/hXTpE8ch9e+z /MSBoMgB95d58jptP0vaHHK0CRTChEyUlZ7yZEXEl9LWo75MDPgNl+7Gdh59K5xV BAkVcR3ZEuzlR1XEwjENzV2uASMll54t0aZ/6QpSjreXqP7KOnOZJpShfnwIaBWI 0JtKiRD7Qy6YDoJGf3l6++xEI6jk2BmgYTY1peQf9aQD24HLbvECrzcV/1s2hxEh xQ9Sj+4OW4cCb7wwEaEXy/G/FlDcQ==
X-ME-Sender: <xms:18u6X49_cvQoEx3_R4g6gyYVHeeEIOusjE1vzMT_4XzqQRfjE-OGEQ> <xme:18u6XwvmJNXjpFHpRGyC7fb-7XgaWo7tMgU7H6b0XZ5mFeqd8ulIK6J36HHmIah3i 0vl7gx4908rJ1ndWQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudeggedgudegvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefofgggkfgjfhffhffvufgtgfesthhqredtreerjeenucfhrhhomhepfdfu rghmucghhhhithgvugdfuceoshgrmhesshgrmhifhhhithgvugdrtghomheqnecuggftrf grthhtvghrnhepfeduudekkeeuteeuleefgeeuvdeuvdffhedvveeiffeghefhjefftdev veeuvdffnecuffhomhgrihhnpehivghtfhdrohhrghenucevlhhushhtvghrufhiiigvpe dtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehsrghmsehsrghmfihhihhtvggurdgtohhm
X-ME-Proxy: <xmx:18u6X-As6HpVHbk-2h9eu1j4JiAm4fr3tSePYapK0l9sVY50c50HqQ> <xmx:18u6X4fHj9CF-6XgatBjOYMWgqMR48AR1sW28_CfSTw5EZBPH-EKCw> <xmx:18u6X9MCMzmSFhUe6-c3L_IlqE-uTiQA9zvlJ5oxH7x0Q3qJwitxLw> <xmx:2Mu6X-qDxXdJvuDCYalf_0X3Gj53h14RNqL95Sl6xJf48pJgTw23kQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 6B3EA1460063; Sun, 22 Nov 2020 15:36:39 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-622-g4a97c0b-fm-20201115.001-g4a97c0b3
Mime-Version: 1.0
Message-Id: <8d757904-4f41-4981-90fe-e94b6039d00b@www.fastmail.com>
In-Reply-To: <DM5PR14MB1308CB22AD3043E3BAE644CCB8EF0@DM5PR14MB1308.namprd14.prod.outlook.com>
References: <6dde1303-3d0c-6811-c201-00edbe5ab84e@bluepopcorn.net> <jlgk0wleoi6.fsf@redhat.com> <DM5PR14MB130837085BB6E5FB1B592469B8140@DM5PR14MB1308.namprd14.prod.outlook.com> <099cf65d-5a57-4e64-93cd-8504aa3bb97d@www.fastmail.com> <cdb36f4a-12e9-c5ee-aa2a-d31685660d13@isode.com> <d20a0afc-92eb-4de0-b2ec-2739af56fcf2@www.fastmail.com> <DM5PR14MB13088072C2B2970C804FFBE6B8EF0@DM5PR14MB1308.namprd14.prod.outlook.com> <c2641638-e311-494a-91f0-1571c86a9468@www.fastmail.com> <DM5PR14MB1308CB22AD3043E3BAE644CCB8EF0@DM5PR14MB1308.namprd14.prod.outlook.com>
Date: Sun, 22 Nov 2020 20:36:10 +0000
From: Sam Whited <sam@samwhited.com>
To: Ludovic BOCQUET <lbxmpp@live.com>, Alexey Melnikov <alexey.melnikov@isode.com>, Robbie Harwood <rharwood@redhat.com>, Jim Fenton <fenton@bluepopcorn.net>, KITTEN Working Group <kitten@ietf.org>
Cc: "draft-ietf-kitten-password-storage@ietf.org" <draft-ietf-kitten-password-storage@ietf.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/HvgK_J-b3ecXwXNZO-g3MULGt-w>
Subject: Re: [kitten] Comments on draft-ietf-kitten-password-storage-00
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Nov 2020 20:36:43 -0000
On Sun, Nov 22, 2020, at 12:04, Ludovic BOCQUET wrote: > After my previous comments, maybe it is not clear to all in this > list, sorry. I apologize for the confusion, but I am still not sure what you are advocating for in this email. It appeared that you want the order that Alexey suggested, which I already said I would update in the next draft. It also appears that you're asking again for me to add references to the various new SCRAM mechanisms, but as I have already told you I plan on waiting a bit. There is no harm in waiting for more feedback on them before referencing them in this I-D. > Please read my comments after. I am not sure what comments you are referring to. > I have never said finalize today or tomorrow. And other parts can be > improved. I apologize, I thought when you said "The final 'draft-ietf-kitten-password- storage' must be validated like a RFC after the next two I-Ds, it is really important" you meant that we should move password-storage to RFC after two more drafts and this is what I was pushing back on. I am sorry if I misunderstood. > - "draft-ietf-kitten-tls-channel-bindings-for-tls13" I-D updates or > obsoletes RFC5929 (but it is not specified in header) I'm not sure if this is true or not. Maybe it just updates them since they are still valid for TLS 1.2? I could go either way. I will make a note that this needs updating in a future revision. Thanks. > - "draft-ietf-kitten-password-storage" I-D updates RFC8600 (but it is > not specified in header) I don't think this one is true unless we're going to count this as updating every single protocol that uses SCRAM. > Do not forget that: 1 - CRAM-MD5 to Historic: > - https://tools.ietf.org/html/draft-ietf-sasl-crammd5-to-historic-00 > // 20 November 2008 > - https://tools.ietf.org/html/draft-zeilenga-luis140219-crammd5-to-historic-00 > // June 29, 2017 I don't think we need to reference every obsolete hashing mechanism, I just mentioned that old MD5 mechanisms aren't a good idea in the example of how to order mechanisms. > Maybe it is time to take them off completely from the list even if > they are after PLAIN. They are off the list, the only place they are mentioned is in an example of how to order mechanisms. If this is causing confusion maybe they shouldn't be mentioned there either though. I'll consider it for the next draft. Thank you for your feedback. I'm sorry if I missed anything, it was a very long email and included feedback on multiple I-Ds. In future it might be best to provide feedback for different I-Ds in different threads. Hopefully I responded to all the important bits. —Sam
- [kitten] Comments on draft-ietf-kitten-password-s… Jim Fenton
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Robbie Harwood
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Sam Whited
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Ludovic BOCQUET
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Sam Whited
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Sam Whited
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Alexey Melnikov
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Sam Whited
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Ludovic BOCQUET
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Sam Whited
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Sam Whited
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Alexey Melnikov
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Ludovic BOCQUET
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Sam Whited
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Ludovic BOCQUET