Re: [kitten] AD sponsoring draft-hansen-scram-sha256

Simon Josefsson <simon@josefsson.org> Mon, 16 February 2015 09:48 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8107A1A879F; Mon, 16 Feb 2015 01:48:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uKJvqLYjLIzI; Mon, 16 Feb 2015 01:48:43 -0800 (PST)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2EBC1A1A94; Mon, 16 Feb 2015 01:48:42 -0800 (PST)
Received: from latte.josefsson.org ([IPv6:2001:16d8:cca1:0:2999:8dd0:70ed:36a2]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t1G9mQlW002499 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 16 Feb 2015 10:48:27 +0100
From: Simon Josefsson <simon@josefsson.org>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <54DC00D0.2050900@cs.tcd.ie>
OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt
X-Hashcash: 1:22:150216:saag@ietf.org::Jc2JG4WsjrZNwtiw:BHUR
X-Hashcash: 1:22:150216:stephen.farrell@cs.tcd.ie::YPH3Px1gxiJuxrcN:5ofE
X-Hashcash: 1:22:150216:kitten@ietf.org::ZDkkZ4ZLrYOkxmVC:NKIr
X-Hashcash: 1:22:150216:http-auth@ietf.org::JYW4JhqrwSxgt6go:wIal
Date: Mon, 16 Feb 2015 10:48:25 +0100
In-Reply-To: <54DC00D0.2050900@cs.tcd.ie> (Stephen Farrell's message of "Thu, 12 Feb 2015 01:24:32 +0000")
Message-ID: <87r3tqqj9y.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.5 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/hWrDI0vAhRHXMvyywcvtrYoBOHc>
Cc: "kitten@ietf.org" <kitten@ietf.org>, "http-auth@ietf.org" <http-auth@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Subject: Re: [kitten] AD sponsoring draft-hansen-scram-sha256
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Feb 2015 09:48:44 -0000

Stephen Farrell <stephen.farrell@cs.tcd.ie> writes:

> Hiya,
>
> I've been asked to AD sponsor draft-hansen-scram-sha256 [1] as it's
> needed for some work in http-auth but doesn't quite fit with any
> current WG. I plan to start an IETF LC for that shortly, but please
> do let me know if there are any issues.

Since SCRAM was published, we have learned that the tls-unique channel
binding is insecure -- it would be nice if we could combine the SHA256
update with another default channel binding type to resolve that
problem.  In my view, the problem with SCRAM today isn't primarily its
use of SHA1 but it's broken channel binding.

A suggested (not even mandated) pbkdf iteration count of at least 4096
is unchanged since RFC 5802 -- I'd really like to see that be
significantly higher.  Back in 2000 an iteration count of 1000 was
recommended as the minimum.  Surely computational power has increased
more than a factor of four since then.

/Simon

> This was previously discussed on the kitten WG list, so (with
> the WG chairs' permission) I'd ask that you send any comments
> there if you've any before I start the IETF LC. (Reply-to is
> set to the kitten WG list.)
>
> Thanks,
> S.
>
> [1] https://tools.ietf.org/html/draft-hansen-scram-sha256