[kitten] Downgrade Protection for SCRAM and OPAQUE SASL mechanisms
Thilo Molitor <thilo@eightysoft.de> Tue, 13 December 2022 20:37 UTC
Return-Path: <thilo@eightysoft.de>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A83AC14CF11; Tue, 13 Dec 2022 12:37:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAD_ENC_HEADER=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=eightysoft.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ggn2DVN1_FAG; Tue, 13 Dec 2022 12:37:27 -0800 (PST)
Received: from mail.molitor-dietzel.de (mail.molitor-dietzel.de [IPv6:2a01:4f8:190:13cf::4:2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X448 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA563C14CEE3; Tue, 13 Dec 2022 12:37:21 -0800 (PST)
Received: from laptop.localnet (everest.eightysoft.de [49.12.6.215]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.molitor-dietzel.de (Postfix) with ESMTPSA id 5CDC41DD4A4; Tue, 13 Dec 2022 21:37:16 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eightysoft.de; s=eightysoft.de; t=1670963836; bh=ISRoo0jqh0cVfoYONgQbemzmXJzdJp0F0AEd7BAkZ7I=; h=From:To:Subject:Date:Message-ID:MIME-Version: Content-Transfer-Encoding:Content-Type:From:To:Subject:Date: MIME-Version:Content-Type:Content-Transfer-Encoding: Content-Disposition:Message-ID:List-Unsubscribe: List-Unsubscribe-Post:Sender:In-Reply-To; b=Q4j6cCpkl1Wjy8lWWvnl0D4s4eVt8FDZkiGe7mj7RbP6uoAaFkNSzloZxERWdlVpn rV9bJRxyAjk+2ER3UCg5WNkumV0r0btMYF8U+rRSQd6ZTWocly2AaaRbajiqPl/RfC rBA9QRfhwjSxGIh7kBiYP8h+44hUG/1hSpHSVTyTnFwAzsKgf1RVPmDpELuz1wCX6f x+aK07TlS0TkH5mgG8z2/PKHksUUraWQafEmxVoddqbi8bTXUa8sAwyyN+ixCwiInG G/gCXJBhvsJeoguuhPlGzK6Wn4W+qa9qbVVrdDc0da2YLuqZHGuxx+FOd/t8QgGq9o 3kppGhffNQybPZ/1W4yer+hHxowGvrHueapJXGE4elnpcOmRc8PmJYTJMHJHmwli7z enZzXHr9G/zH3X+KCUdN+MWqysBgDfDYIZs/2eJmqw+pkbeMDX2tDTBNvW5/Ke/qT6 qsjlpZ3+0WUplzl00L+AYkRPpa5EM3uWqguRVLuphYHfzm7c2NTQ+0332kT+mNQpQM 0aHGRHIVH7KAfkWqaFvXTrXX9fVVyKSl1O/yrVdEM3aEW61owhijtKOAA6W1SRorvn xgb4cJTjy/Z+39ucIXAcbzchJZosGCfmjYxgYxN9YNYkdetwcrQyQzRQgPorQRPrpQ lGxOD6gAgVmp/5HSLlnp9s0E=
From: Thilo Molitor <thilo@eightysoft.de>
To: draft-reitzenstein-kitten-opaque.authors@ietf.org
Cc: kitten@ietf.org, info@monal-im.org
Date: Tue, 13 Dec 2022 21:37:15 +0100
Message-ID: <12059722.sNYRjDeLcX@laptop>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/knXARMbWzyu_-4lX3O0eGbn3Qp8>
Subject: [kitten] Downgrade Protection for SCRAM and OPAQUE SASL mechanisms
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Dec 2022 20:37:33 -0000
Hi all, I recently tried to make SCRAM and especially the negotiated channel-binding more secure when using SASL in XMPP. The result can be viewed over here: https://xmpp.org/extensions/xep-0474.html While this works, I would very much like to bring this to the next level and make that an I-D for all protocols to benefit from that. More than that: Adding something similar to the SASL OPAQUE I-D should be more or less straight forward and because the server sends the channel-binding data to the client rather than the other way round as with SCRAM, downgrades could not only be detected after the fact, but authentication could be aborted before being complete. I'm happy to help bringing this to the OPAQUE I-D. Kind regards, Thilo Molitor
- [kitten] Downgrade Protection for SCRAM and OPAQU… Thilo Molitor