Re: [kitten] draft-hansen-scram-sha256 and incorporating session hashing for channel binding

Tony Hansen <tony@att.com> Tue, 26 May 2015 22:24 UTC

Return-Path: <tony@att.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DAB61B323A for <kitten@ietfa.amsl.com>; Tue, 26 May 2015 15:24:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.789
X-Spam-Level:
X-Spam-Status: No, score=-1.789 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tfGcAQzop6a3 for <kitten@ietfa.amsl.com>; Tue, 26 May 2015 15:24:23 -0700 (PDT)
Received: from nbfkord-smmo06.seg.att.com (nbfkord-smmo06.seg.att.com [209.65.160.94]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAD5A1B3221 for <kitten@ietf.org>; Tue, 26 May 2015 15:24:22 -0700 (PDT)
Received: from unknown [144.160.229.23] (EHLO alpi154.enaf.aldc.att.com) by nbfkord-smmo06.seg.att.com(mxl_mta-7.2.4-5) over TLS secured channel with ESMTP id 692f4655.0.4899610.00-2056.13106110.nbfkord-smmo06.seg.att.com (envelope-from <tony@att.com>); Tue, 26 May 2015 22:24:22 +0000 (UTC)
X-MXL-Hash: 5564f2961f38413f-de34fe8819b7d9374ce746de2f28665ef83b1f9b
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id t4QMOLRj013398 for <kitten@ietf.org>; Tue, 26 May 2015 18:24:21 -0400
Received: from alpi131.aldc.att.com (alpi131.aldc.att.com [130.8.218.69]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id t4QMOG6g013353 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <kitten@ietf.org>; Tue, 26 May 2015 18:24:18 -0400
Received: from alpi153.aldc.att.com (alpi153.aldc.att.com [130.8.42.31]) by alpi131.aldc.att.com (RSA Interceptor) for <kitten@ietf.org>; Tue, 26 May 2015 22:24:04 GMT
Received: from aldc.att.com (localhost [127.0.0.1]) by alpi153.aldc.att.com (8.14.5/8.14.5) with ESMTP id t4QMO4EV021783 for <kitten@ietf.org>; Tue, 26 May 2015 18:24:04 -0400
Received: from mailgw1.maillennium.att.com (maillennium.att.com [135.25.114.99]) by alpi153.aldc.att.com (8.14.5/8.14.5) with ESMTP id t4QMNwhj021526 for <kitten@ietf.org>; Tue, 26 May 2015 18:24:00 -0400
Received: from flcdtd01bk9538.itservices.sbc.com (flcdtd01bk9538.itservices.sbc.com?[135.110.240.72](misconfigured sender)) by maillennium.att.com (mailgw1) with ESMTP id <20150526222358gw1000cec7e>; Tue, 26 May 2015 22:23:58 +0000
X-Originating-IP: [135.110.240.72]
Message-ID: <5564F27D.70109@att.com>
Date: Tue, 26 May 2015 18:23:57 -0400
From: Tony Hansen <tony@att.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
CC: "kitten@ietf.org" <kitten@ietf.org>
References: <54DC00D0.2050900@cs.tcd.ie> <54EC66FF.50603@cs.tcd.ie> <54ECABD8.3090902@att.com> <87zj82f1yj.fsf@latte.josefsson.org> <54F4B8B8.8090406@isode.com> <555FC6CF.5020306@att.com> <20150523162728.5b6b63cd@latte.josefsson.org>
In-Reply-To: <20150523162728.5b6b63cd@latte.josefsson.org>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="euk3u1TEbFRVwKhe8VIQvsjJLw2MmPBvX"
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-AnalysisOut: [v=2.0 cv=DLg4FVxb c=1 sm=1 a=VXHOiMMwGAwA+y4G3/O+aw==:17 a]
X-AnalysisOut: [=9cW_t1CCXrUA:10 a=tHvJy1wsfNMA:10 a=Canz06MUmCAA:10 a=BLc]
X-AnalysisOut: [eEmwcHowA:10 a=zQP7CpKOAAAA:8 a=h1PgugrvaO0A:10 a=jwRGozL_]
X-AnalysisOut: [yhds8iGoRyoA:9 a=pILNOxqGKmIA:10 a=j4nzMFrpAAAA:8 a=ksZ6Tr]
X-AnalysisOut: [X1T2DVG6tTqZUA:9]
X-Spam: [F=0.2000000000; CM=0.500; S=0.200(2014051901)]
X-MAIL-FROM: <tony@att.com>
X-SOURCE-IP: [144.160.229.23]
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/R8g7WZrRHUSaGMOU0ZVcLyD2Nzw>
Subject: Re: [kitten] draft-hansen-scram-sha256 and incorporating session hashing for channel binding
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 May 2015 22:24:24 -0000

On 5/23/15 10:27 AM, Simon Josefsson wrote:
> ...
> This text has nothing to do with the tls-session-hash issue? 

Sorry, it has the text I added because of earlier issues brought up
within this thread. No, it doesn't address tls-session-hash.

> If you don't want to ship a known insecure protocol, I believe the
> options are to either include text similar to what I proposed above,
> or to replace tls-unique with a secure TLS channel binding (e.g.,
> draft-josefsson-sasl-tls-cb). Shipping a known insecure protocol is
> another option, but then you should add a security consideration
> explaining that tls-unique is not secure without tls-session-hash and
> that consistency with (the also insecure) RFC 5802 was deemed more
> important security.

Your suggested text is:

    "To be secure SCRAM-SHA-256-PLUS has to be used over a TLS channel
that MUST have [TLS-SESSION-HASH] negotiated."

You then go on to say: "Personally, I would prefer to change to another
mandatory channel binding that is secure for all TLS versions."

Given the other comments in this thread, I'm not sure the suggested text
is the right thing to add.

    Tony Hansen