Re: [kitten] AD sponsoring draft-hansen-scram-sha256
Peter Saint-Andre - &yet <peter@andyet.net> Fri, 13 February 2015 15:37 UTC
Return-Path: <peter@andyet.net>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A508A1A8742 for <kitten@ietfa.amsl.com>; Fri, 13 Feb 2015 07:37:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ux6ncZTNPQvm for <kitten@ietfa.amsl.com>; Fri, 13 Feb 2015 07:37:07 -0800 (PST)
Received: from mail-ie0-f182.google.com (mail-ie0-f182.google.com [209.85.223.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AE1A1A874A for <kitten@ietf.org>; Fri, 13 Feb 2015 07:37:04 -0800 (PST)
Received: by iebtr6 with SMTP id tr6so9767324ieb.10 for <kitten@ietf.org>; Fri, 13 Feb 2015 07:37:03 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=9749Hhr9+4l6z887q+S7yTmao0lhOvoTPnLkBp6QYrM=; b=ZdjweslOSdtDzTlWTGAeSDRRZRxU16ebUvHzI5pHLY19hFwQ0/p1Zt4hQmj2PsYktQ SOAKkgwpoJZUsbNBG0StUyQOFhGQ4R94lglSZHIdPrdON3jSjExYjrqanOq8hFhUspOg b0Wb1a4c7EXmUTB1iOKhGTct98GS8qbPgIiUYSu73ZfGf3oYTvbXh8RJ1wQfasXKnPDp m7yf3lGm/5YYyGRolyeT7+qNmjRAoSpvSvGXlZjsCK/SCfhYeMPId1sIzBEWs+du1o1Y fn3gzwEMOd4qWHOlXa41pRhHxOueNYlB1A8zQhBDAuy5JF17oDX6HOWUs29AHiTTqC5P YGrQ==
X-Gm-Message-State: ALoCoQnWDHlwT6GwajStk+OxEeLWHNUIupzcthsdDgjLy918UmKJ/C21E6UhZpYretta/5w5OrjR
X-Received: by 10.107.134.160 with SMTP id q32mr12674994ioi.70.1423841822913; Fri, 13 Feb 2015 07:37:02 -0800 (PST)
Received: from aither.local (c-73-34-202-214.hsd1.co.comcast.net. [73.34.202.214]) by mx.google.com with ESMTPSA id j5sm4614069iod.31.2015.02.13.07.37.01 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 13 Feb 2015 07:37:02 -0800 (PST)
Message-ID: <54DE1A1C.6020908@andyet.net>
Date: Fri, 13 Feb 2015 08:37:00 -0700
From: Peter Saint-Andre - &yet <peter@andyet.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: "kitten@ietf.org" <kitten@ietf.org>
References: <54DC00D0.2050900@cs.tcd.ie>
In-Reply-To: <54DC00D0.2050900@cs.tcd.ie>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/_BrBgeUJPQXmJwxt_3iTbMcFlHw>
Subject: Re: [kitten] AD sponsoring draft-hansen-scram-sha256
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Feb 2015 15:37:08 -0000
On 2/11/15 6:24 PM, Stephen Farrell wrote:
>
> Hiya,
>
> I've been asked to AD sponsor draft-hansen-scram-sha256 [1] as it's
> needed for some work in http-auth but doesn't quite fit with any
> current WG. I plan to start an IETF LC for that shortly, but please
> do let me know if there are any issues.
>
> This was previously discussed on the kitten WG list, so (with
> the WG chairs' permission) I'd ask that you send any comments
> there if you've any before I start the IETF LC. (Reply-to is
> set to the kitten WG list.)
This is a helpful document. Herewith a few comments.
§2
For the SCRAM-SHA-256/SCRAM-SHA-256-PLUS SASL mechanisms, servers
SHOULD announce a hash iteration-count of at least 4096.
Because (per RFC 5082) it is mandatory for the server to announce a hash
iteration-count, I'm wondering if that could be better expressed as:
For the SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL mechanisms, the
hash iteration-count announced by a server SHOULD be at least 4096.
§3
It might be helpful here (or in the introduction) to describe why we
need these mechanisms, i.e., presumably they might have stronger
security properties or greater predicted longevity than the SCRAM
mechanisms based on SHA-1.
Nits:
§1
mechanism are defined -> mechanisms are defined
§4
I doubt that we need RFC 2119 language in the form.
Peter
- [kitten] AD sponsoring draft-hansen-scram-sha256 Stephen Farrell
- Re: [kitten] AD sponsoring draft-hansen-scram-sha… Peter Saint-Andre - &yet
- Re: [kitten] AD sponsoring draft-hansen-scram-sha… Tony Hansen
- Re: [kitten] AD sponsoring draft-hansen-scram-sha… Peter Saint-Andre - &yet
- Re: [kitten] AD sponsoring draft-hansen-scram-sha… Simon Josefsson
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Simon Josefsson
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Alexey Melnikov
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Dave Cridland
- Re: [kitten] AD sponsoring draft-hansen-scram-sha… Simon Josefsson
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Martin Thomson
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Sam Whited
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Stephen Farrell
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Tony Hansen
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Tony Hansen
- [kitten] draft-hansen-scram-sha256 and the hash i… Tony Hansen
- [kitten] draft-hansen-scram-sha256 and incorporat… Tony Hansen
- Re: [kitten] draft-hansen-scram-sha256 and the ha… Dave Cridland
- Re: [kitten] draft-hansen-scram-sha256 and the ha… Alexey Melnikov
- Re: [kitten] draft-hansen-scram-sha256 and the ha… Tony Hansen
- Re: [kitten] draft-hansen-scram-sha256 and the ha… Simon Josefsson
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Simon Josefsson
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Alexey Melnikov
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Simon Josefsson
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Alexey Melnikov
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Tony Hansen
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Karthikeyan Bhargavan
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Simon Josefsson
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Simon Josefsson
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Nico Williams
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Nico Williams
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Simon Josefsson
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Simon Josefsson
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Stephen Farrell
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Nico Williams
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Tony Hansen
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Nico Williams
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Simon Josefsson
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Tony Hansen
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Nico Williams
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Simon Josefsson
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Simon Josefsson
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Nico Williams
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Tony Hansen