Re: [kitten] Request for review of a SASL mechanism using the OPAQUE aPAKE
Rick van Rein <rick@openfortress.nl> Wed, 19 October 2022 08:08 UTC
Return-Path: <vanrein@vanrein.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13D34C1522C9 for <kitten@ietfa.amsl.com>; Wed, 19 Oct 2022 01:08:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.346
X-Spam-Level:
X-Spam-Status: No, score=-2.346 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kpnmail.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gI5Nt26rH4Jh for <kitten@ietfa.amsl.com>; Wed, 19 Oct 2022 01:08:29 -0700 (PDT)
Received: from ewsoutbound.kpnmail.nl (ewsoutbound.kpnmail.nl [195.121.94.167]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C299AC1522A7 for <kitten@ietf.org>; Wed, 19 Oct 2022 01:08:26 -0700 (PDT)
X-KPN-MessageId: 289ab09a-4f85-11ed-a5a6-005056abbe64
Received: from smtp.kpnmail.nl (unknown [10.31.155.40]) by ewsoutbound.so.kpn.org (Halon) with ESMTPS id 289ab09a-4f85-11ed-a5a6-005056abbe64; Wed, 19 Oct 2022 10:08:04 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kpnmail.nl; s=kpnmail01; h=content-type:mime-version:message-id:subject:to:from:date; bh=4YAVF6sYmZem+sZdGR+j6oQ1lapAbt7GUr+8FHIHpSU=; b=DhJd8F+GBi9hJVEYiB5QCgwajSK9cXEvtPVKkF4wlikMg6shCAxwsKvZA4hk1EhHURId25pny50qK 6tRvlwwwn4k2P4JZRvukKUTLgGECxDC9381HyEbfVsx1kJb1Ke9lTmMIxt58q4HNT7PBbWjW25lpZ2 MrH2vePLH2/fk0vo=
X-KPN-MID: 33|TX0V/L/Fdvj7eRWZQMIQq+XzdCoObenlM+Tb067hs62KiBkaeryOIlS59tZLWu5 P6F8MYWpU1TSQZ1aJxCgG3lTwsHBbMgaF63tmY1T0kvo=
X-KPN-VerifiedSender: No
X-CMASSUN: 33|9Ym6HHPy4PsppbVhyob/Pke/zN4M/B7PtTvW6L4WVgF0TVIX6K3p9yH6sVidQQA UsfzMkg/p3uG+fRy69yp5rQ==
X-Originating-IP: 77.173.183.203
Received: from fame.vanrein.org (77-173-183-203.fixed.kpn.net [77.173.183.203]) by smtp.xs4all.nl (Halon) with ESMTPSA id 33d552f7-4f85-11ed-9ebb-005056ab7584; Wed, 19 Oct 2022 10:08:23 +0200 (CEST)
Received: by fame.vanrein.org (Postfix, from userid 1000) id 8B3672A1E5; Wed, 19 Oct 2022 08:08:23 +0000 (UTC)
Date: Wed, 19 Oct 2022 08:08:23 +0000
From: Rick van Rein <rick@openfortress.nl>
To: kitten@ietf.org
Message-ID: <20221019080823.GA21910@openfortress.nl>
Mail-Followup-To: kitten@ietf.org
References: <e5a00d86-48a1-d602-0ee8-8cb80c06f826@dequbed.space> <87edvgjgjq.fsf@latte.josefsson.org> <a574a4ec-1aeb-d2fc-85d7-e72d5904a639@dequbed.space>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <a574a4ec-1aeb-d2fc-85d7-e72d5904a639@dequbed.space>
User-Agent: Mutt/1.5.20 (2009-06-14)
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/pLG6ra8909uxk5YOWyF7Cc6aHak>
Subject: Re: [kitten] Request for review of a SASL mechanism using the OPAQUE aPAKE
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2022 08:08:34 -0000
Hello Nadja, > That is an interesting point I hadn't considered. In the original > discussion[¹] > that sparked me writing the draft several people did argue for such > an OPAQUE > mechanism to provide a security layer. Yes, I was one of those. I was thinking of the (undocumented) work on RFB that can employ a secure layer, among others. I made an embedding of SASL into ASCII that could benefit; and I made Also, I've rethought what I really find useful, and that was key derivation as that might help to add entropy to overthrow analysis with a quantum computer. This may or may not be a group opinion, I don't know. I defined key derivation in Section 2.7 of draft-vanrein-diameter-sasl-07 and left it to applications to use it or not (as is the case with the encrypting form of security layer). > And given that OPAQUE *is* a key > exchange protocol, it does suggest itself. Yes, it would be a waste to squander such useful information. The key derivation mechanism noted above is less forceful than a security layer, and I think it adds value. (I know this may be a discussion all of its own.) > My personal stance on > that point is > however that SASL security layer today are strictly worse than just > using TLS. TLS however, is designed for single-hop protection. Protocols that are commonly relayed, such as HTTP and SIP for which I defined SASL embeddings, may be difficult to protect withouth end-to-end keying. > In fact, the only way I'd approach a security layer is as "STARTTLS in > a trench coat" — i.e. by using in essence TLS-PSK to bootstrap the > TLS context to > then use as security layer. I'm not sure I understand. Are you talking of TLS after SASL? That is quite uncommon, it is unsafe for most SASL mechanisms (I know OPAQUE can do this, but most application protocols will probably not support STARTTLS after AUTH). If you intend to use TLS-PSK you need to be aware that there is no framework for standard key identities, so you could not rely on it in a standard. But I suppose a reasonable hack could be to send a prefix UUID to your key identity (if any) and formalise what the meaning of that UUID is. The risk of a clash is minimal, and it does fit within the TLS-PSK framework. Cheers, -Rick
- [kitten] Request for review of a SASL mechanism u… Nadja von Reitzenstein Cerpnjak
- Re: [kitten] Request for review of a SASL mechani… Simon Josefsson
- Re: [kitten] Request for review of a SASL mechani… Dave Cridland
- Re: [kitten] Request for review of a SASL mechani… Florian Schmaus
- Re: [kitten] Request for review of a SASL mechani… Rick van Rein
- Re: [kitten] Request for review of a SASL mechani… Rick van Rein
- Re: [kitten] Request for review of a SASL mechani… Nadja von Reitzenstein Cerpnjak
- Re: [kitten] Request for review of a SASL mechani… Nadja von Reitzenstein Cerpnjak
- Re: [kitten] Request for review of a SASL mechani… Rick van Rein
- Re: [kitten] Request for review of a SASL mechani… Dave Cridland
- Re: [kitten] Request for review of a SASL mechani… Nadja von Reitzenstein Cerpnjak
- Re: [kitten] Request for review of a SASL mechani… Rick van Rein
- Re: [kitten] Request for review of a SASL mechani… Alexey Melnikov