IETF Logo Mail Archive

Re: [kitten] The Hashed-Token SASL Mechanism (SASL-HT)

Sam Whited <sam@samwhited.com> Tue, 17 October 2017 16:28 UTC

Return-Path: <sam@samwhited.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0C8113305E for <kitten@ietfa.amsl.com>; Tue, 17 Oct 2017 09:28:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.321
X-Spam-Level:
X-Spam-Status: No, score=-1.321 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=samwhited.com header.b=vB735QZD; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Yh6tFkIZ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TVKGhuJvbbbO for <kitten@ietfa.amsl.com>; Tue, 17 Oct 2017 09:28:14 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C18D13303A for <kitten@ietf.org>; Tue, 17 Oct 2017 09:28:14 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id C5EF720EA6 for <kitten@ietf.org>; Tue, 17 Oct 2017 12:28:13 -0400 (EDT)
Received: from web5 ([10.202.2.215]) by compute4.internal (MEProxy); Tue, 17 Oct 2017 12:28:13 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samwhited.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=zZHfCi2tn07F9xojAOLDbnuuerpQg 6hQe1DVVdLxxrw=; b=vB735QZDOwR3XFU4afPq9+xGG4+XxmckuuNlOvXfYVXIo 9ZhoT+rz6Q88/eFsinh42hNUPMwbT1Xhx6qm6rEsFUuO5oRfcLn6gXUSFexYItoW EwuzOvftJxCr1Zb8O3h8Xw6bzZ+9jzOYa2VPWtya1Z0a4jAq2H/+GI4599+Aop/p S6MEMO5WZAjMqCxxKUdqKY5yZakzujmjZDnWyeRUevDMqvFbORNh9mLCYIFlEAYp /CTTnRXRlV4UApRU1hOG1bStD4obNgakVWzWwoHzgs77vN91+6iqWfjnt73DBQGe PuYE2NfuoErCaFjdPMRwkjC+gX6hZhWt9BDldsQew==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=zZHfCi 2tn07F9xojAOLDbnuuerpQg6hQe1DVVdLxxrw=; b=Yh6tFkIZb5oJ48WDUhuhfs oN1GJW9d3VN8VQAipjLExoI81UIoJ9T/X7pgDnOJdb/3LX/Z//gKhWOoAWlUC0BV RlY2KEM4wU6A3sFGgHhpOSEVU7oBjwYsympV323gjFeMmM8raUT9HPWD1hYE0wEr YewoCMiy/mtBrgJFJd6zNJTYZvzY712bvrh2ajb9N/JLGZemi1O9PQnH0uXNEWBy d+xSLwN6hdoaMukFO7Cw7V7x8g3rhx1o0NwWb1aMJ9KG5tQIXiNI0dNW8cSswlR/ rLoP6TIgnCZqdMI3qplQ0xiRn21US1JoZ+oklT+XvETwKfka690e6+baTZNjntFw ==
X-ME-Sender: <xms:nS_mWcPlEADZX9Bm3neuHGDixgwLtwIVM-wzdwlEBU0I2QrVcf1unw>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id A109A9E2F6; Tue, 17 Oct 2017 12:28:13 -0400 (EDT)
Message-Id: <1508257693.3561021.1141849248.0C392C2B@webmail.messagingengine.com>
From: Sam Whited <sam@samwhited.com>
To: kitten@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-26fdae60
References: <9913d71b-ae22-cc48-34b8-fb29fdf9a00c@geekplace.eu> <1508249331.3526135.1141665400.36944376@webmail.messagingengine.com> <9d5401e4-2068-d8f3-226c-b427be54587c@geekplace.eu>
Date: Tue, 17 Oct 2017 11:28:13 -0500
In-Reply-To: <9d5401e4-2068-d8f3-226c-b427be54587c@geekplace.eu>
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/Mjv_w5-za6AWpS-pC5A9cGVuJHM>
Subject: Re: [kitten] The Hashed-Token SASL Mechanism (SASL-HT)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Oct 2017 16:28:16 -0000

On Tue, Oct 17, 2017, at 11:20, Florian Schmaus wrote:
> I am not sure about that. SCRAM has the same requirement.

I'd forgotten that. That doesn't seem like a good reason to do it here
though. I ignore this requirement in my SCRAM implementation as well.

What if I have an application protocol that does its normalization using
a different system that's incompatible with PRECIS, or doesn't use
Unicode (in China I've been told that there's another system that's
widely used)? Or what if the username in a particular system is
something like an email or JID that may already apply multiple profiles
(usernamecasemapped to the localpart, IDNA2008 style normalization to
the domainpart), do we really want to apply usernamecasemapped again on
top of the existing application applied profiles?

—Sam

v2.23.0 | Report a Bug | By Email