IETF Logo Mail Archive

Re: [kitten] Comments on draft-ietf-kitten-password-storage-00

Ludovic BOCQUET <lbxmpp@live.com> Sun, 22 November 2020 12:04 UTC

Return-Path: <lbxmpp@live.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A21BB3A14AF; Sun, 22 Nov 2020 04:04:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.099
X-Spam-Level:
X-Spam-Status: No, score=-1.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=live.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Syemj9r00BL; Sun, 22 Nov 2020 04:04:50 -0800 (PST)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12olkn2036.outbound.protection.outlook.com [40.92.23.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 780F03A14AD; Sun, 22 Nov 2020 04:04:50 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=P8Sug/ZZmn+Yi6xodyjHbKrf0G+tIjS4W9t5YzGrQMuqiFV0XXYb3qSHeDhourx2XZnyFfB7Wq+LQpyhSMFG9o4SWUbq6ZO/lXD03oPRlQRZNXVclznjrcUmKGYvJKGdVRGTmeBAXs8uAcoEdW+R40IcirnUEZLsyTOMtmiEDjmTeeRtTf4QZK7v9dOhKmBmJX/ZuxpFXz0x+ZYT90P2+DHTAtViOSQgviP0CI3BAaHnx0TGkAnkCHsmkWl/KxQiGy8tG5gAdboOzMtJsXO2sNXrJpDIuokYcCG8NcgyLnJKG5WiWES+Cv9F4TYh8A8aPAKJFsNtCCjxQseknfAwFA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0jKxfA6ZeQyhTzJQUwrRw1D7Sh/1QDr1cqVKrOI+HyE=; b=kVGvxSuHudzziGc5V4frnBRm5QpKcb8L1KyDKy8+ZcrkZP58QaRi70ryJL8DWA5rh15wZA+M7Jc4NH7eFbVqY8TlU1l3gNnd5u9fIWE0OJfVBGmgfIAOLWRHrStC32mb1JIN9UnmNiIAq2IQYlWBilsW3OtNWQ48IXgB8jUmvCFKLqORvmsTgVW0717V9oeqMawcxnvOWXDVsGd4eYG22pJJxZh4d7QMqYNoLdWOtUp7EYyftjLCkNnwtHQHLZZHBue47jk4H6u7iMSDPVoSQkGkLd80KhVOOAhXO0F9oH3BBB5IPjxn1bqMIUIy4CmjRSv5wByCq2f74Wo+lOc18g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=live.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0jKxfA6ZeQyhTzJQUwrRw1D7Sh/1QDr1cqVKrOI+HyE=; b=SU922rDAyziQ/fB2lyDpIMEx517k4kMn4/9qbI5+SkNZJM8lbqkTGBh5f/8gN8vjwpDsxyAtuqrdhydOIkfah16NN3lq57x1E8zz4vys7J2UbcMQQ3u2a7vSmzAg7kqszTFzpXNxGFPIvCj2sXrvBoUy/WCf7gabqDhJDSXb59K3/zH+74ZbVUszOe91aEdm6i7ROGFDU5GLKONFc459j7J/GawvDdBXIAajp2bJKdTYIKgxlckhxKp9lWfN+AvuTR4YthMEnh5uf7CAsda7aD7ELRMZ8ZwvG1wCOwcmH1KqVZqFFKY7oBtjgrfNb765ecN70uKW0j7gkzJLFsWPrg==
Received: from MW2NAM12FT013.eop-nam12.prod.protection.outlook.com (2a01:111:e400:fc65::4e) by MW2NAM12HT053.eop-nam12.prod.protection.outlook.com (2a01:111:e400:fc65::205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.12; Sun, 22 Nov 2020 12:04:48 +0000
Received: from DM5PR14MB1308.namprd14.prod.outlook.com (2a01:111:e400:fc65::43) by MW2NAM12FT013.mail.protection.outlook.com (2a01:111:e400:fc65::80) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.11 via Frontend Transport; Sun, 22 Nov 2020 12:04:48 +0000
Received: from DM5PR14MB1308.namprd14.prod.outlook.com ([fe80::fc62:447d:49e4:71d8]) by DM5PR14MB1308.namprd14.prod.outlook.com ([fe80::fc62:447d:49e4:71d8%8]) with mapi id 15.20.3589.021; Sun, 22 Nov 2020 12:04:48 +0000
From: Ludovic BOCQUET <lbxmpp@live.com>
To: Sam Whited <sam@samwhited.com>, Alexey Melnikov <alexey.melnikov@isode.com>, Robbie Harwood <rharwood@redhat.com>, Jim Fenton <fenton@bluepopcorn.net>, KITTEN Working Group <kitten@ietf.org>
CC: "draft-ietf-kitten-password-storage@ietf.org" <draft-ietf-kitten-password-storage@ietf.org>
Thread-Topic: [kitten] Comments on draft-ietf-kitten-password-storage-00
Thread-Index: AQHWgx8GB467h9kG20m5bHwptIPHSal0/TqAgDqFl7SAACFxgIAHMG2AgAF7oQCAACWCkIAAW3iAgAAao/A=
Importance: high
X-Priority: 1
Date: Sun, 22 Nov 2020 12:04:48 +0000
Message-ID: <DM5PR14MB1308CB22AD3043E3BAE644CCB8EF0@DM5PR14MB1308.namprd14.prod.outlook.com>
References: <6dde1303-3d0c-6811-c201-00edbe5ab84e@bluepopcorn.net> <jlgk0wleoi6.fsf@redhat.com> <DM5PR14MB130837085BB6E5FB1B592469B8140@DM5PR14MB1308.namprd14.prod.outlook.com> <099cf65d-5a57-4e64-93cd-8504aa3bb97d@www.fastmail.com> <cdb36f4a-12e9-c5ee-aa2a-d31685660d13@isode.com> <d20a0afc-92eb-4de0-b2ec-2739af56fcf2@www.fastmail.com> <DM5PR14MB13088072C2B2970C804FFBE6B8EF0@DM5PR14MB1308.namprd14.prod.outlook.com>, <c2641638-e311-494a-91f0-1571c86a9468@www.fastmail.com>
In-Reply-To: <c2641638-e311-494a-91f0-1571c86a9468@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker: OriginalChecksum:5DF698F50D2BD8D5FB5BA3E44F951CD97E7F84FFB760D5BA9144CF14FEFEE929; UpperCasedChecksum:186032E4AD10D0DF1713C8B9CB2E8015EFB986497E6797822E70C5B0E83A1746; SizeAsReceived:7603; Count:47
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [MU/Sbnme2if8TESt9Fbf5Wam9jjNlJNs]
x-ms-publictraffictype: Email
x-incomingheadercount: 47
x-eopattributedmessage: 0
x-ms-office365-filtering-correlation-id: 213131dc-ec0f-487c-3025-08d88edecf8a
x-ms-traffictypediagnostic: MW2NAM12HT053:
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: biANGR4KZeBtrOKDuRe5ZJkKHbBnjCtNw36qgRnvH+sakUei0kQJukEZq/dWiRqS11mt3iLeKFaVu6oBZKak6bKurUUneZl0G9/8bBk0ZJ0FLDrK5NuqxFbfKN1tQZmLousCoJyBWBKzlXGgbJS5Zg9fB+WG6F9mCMKFrdtEvNH1Pnk1U6oZ0bm7oqjx7vfhNYbMzj+EhzJDIGy6iqIaq9SvTpNCx+DLv4qMBDNc1GIR/S/6+APbvZc2e4+GwahN
x-ms-exchange-antispam-messagedata: q6nIarXCjzjodmlDd+xAuoHYJ0PK6w+hEAn7a6O+1KOUb5GwDcw0ujE0nGA+Gs4+ipGH8Z+nx5NgngCzp2zoQyn9h0xC0Ed0dv/RwS8zoy0sCA2mbP75b1ZO6xz9dsvDsyTDx68KwwYEganmpumBvA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM5PR14MB1308CB22AD3043E3BAE644CCB8EF0DM5PR14MB1308namp_"
MIME-Version: 1.0
X-OriginatorOrg: live.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-AuthSource: MW2NAM12FT013.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 213131dc-ec0f-487c-3025-08d88edecf8a
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Nov 2020 12:04:48.7639 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2NAM12HT053
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/91lsw03boAFkWtXia5UX_aqAlRc>
Subject: Re: [kitten] Comments on draft-ietf-kitten-password-storage-00
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Nov 2020 12:04:53 -0000

Hello all,

After my previous comments, maybe it is not clear to all in this list, sorry.

Sam and others, I have requested you to have in this "draft-ietf-kitten-password-storage" I-D:

  *   SCRAM-SHA3-512-PLUS
  *   SCRAM-SHA-512-PLUS
  *   SCRAM-SHA-256-PLUS
  *   SCRAM-SHA-1-PLUS
  *   SCRAM-SHA3-512
  *   SCRAM-SHA-512
  *   SCRAM-SHA-256
  *   SCRAM-SHA-1

And added in "References":

  *   https://tools.ietf.org/html/draft-melnikov-scram-sha3-512
  *   https://tools.ietf.org/html/draft-melnikov-scram-sha-512

Currently we can see only and with a bad order:

  *   EXTERNAL
  *   SCRAM-SHA-1-PLUS, SCRAM-SHA-256-PLUS
  *   SCRAM-SHA-1, SCRAM-SHA-256
  *   PLAIN
  *   DIGEST-MD5, CRAM-MD5

The bad order of SCRAM is always here in "-01": "1" before "256" and on one line.

And Alexey Melnikov has confirmed here:

  *   https://mailarchive.ietf.org/arch/msg/kitten/8GglIHO_8kgZtk83D-8XOsZxuxE/

But Alexey Melnikov has said about SCRAM-SHA-512(-PLUS) and SCRAM-SHA3-512(-PLUS):
"I am Ok with you not including SCRAM-SHA-512, etc until these documents are approved for publication or at least adopted by the Kitten WG.
As far as the IETF process is concerned, if you include a normative reference to it in your draft now, your document couldn't be published as an RFC until after all normative references are published as RFCs."

  *   https://mailarchive.ietf.org/arch/msg/kitten/fqeNdi5-n8_x3zw4NIy7Yi8ayLo/

Please read my comments after.

It is to be ready and I have specified to wait that the 2 I-Ds become 2 RFCs and after "draft-ietf-kitten-password-storage" I-D can be updated with RFC links and after this I-D can become an RFC.
I would not to see a next I-D to update again.

I have never said finalize today or tomorrow.
And other parts can be improved.

And I think, that it is possible to add a reference to "draft-ietf-kitten-tls-channel-bindings-for-tls13" I-D into "draft-ietf-kitten-password-storage" I-D too.

  *   https://tools.ietf.org/html/draft-ietf-kitten-tls-channel-bindings-for-tls13

In order, steps:
1 - "draft-ietf-kitten-password-storage" I-D can have "draft-ietf-kitten-tls-channel-bindings-for-tls13" I-D link
2 - "draft-ietf-kitten-password-storage" I-D can have "draft-melnikov-scram-sha-512" I-D link
3 - "draft-ietf-kitten-password-storage" I-D can have "draft-melnikov-scram-sha3-512" I-D link
4 - "draft-ietf-kitten-tls-channel-bindings-for-tls13" I-D become an RFC
5 - "draft-melnikov-scram-sha-512" I-D become an RFC
6 - "draft-melnikov-scram-sha3-512" I-D become an RFC
7 - "draft-ietf-kitten-password-storage" I-D is updated with new links and your I-D can become an RFC

The goal is to do not create a new RFC some days after with forgotten parts.

Note:
- "draft-ietf-kitten-tls-channel-bindings-for-tls13" I-D updates or obsoletes RFC5929 (but it is not specified in header)
- "draft-ietf-kitten-password-storage" I-D updates RFC8600 (but it is not specified in header)

If we look previous RFCs (there are a lot), we can see in some examples:
- In RFC5801: https://tools.ietf.org/html/rfc5801, a link to RFC5802 (released at the same time: RFC5801/RFC5802/RFC5803)
- In RFC5802: https://tools.ietf.org/html/rfc5802, a link to RFC5803 (released at the same time: RFC5801/RFC5802/RFC5803)
- In RFC6120: https://tools.ietf.org/html/rfc6120, a link to RFC6121 and RFC6122 (released at the same time: RFC6120/RFC6121/RFC6122)
- In RFC8446: https://tools.ietf.org/html/rfc8446, a link to  draft-ietf-tls-tls13-vectors-06
- In RFC7590: https://tools.ietf.org/html/rfc7590, a link to draft-ietf-dane-srv-14 + draft-ietf-xmpp-posh-04 + draft-ietf-xmpp-dna-10

1 - We can see it is possible to release several RFCs at the same time, it is a great organization and a great synchronization.
2 - We can see that it is possible to have draft in a new RFC.

We can see that Alexey Melnikov has added my request, there is a draft-ietf-kitten-tls-channel-bindings-for-tls13 reference in:

  *   https://tools.ietf.org/html/draft-melnikov-scram-sha-512-01
  *   https://tools.ietf.org/html/draft-melnikov-scram-sha3-512-01

Do not forget that:
1 - CRAM-MD5 to Historic:
- https://tools.ietf.org/html/draft-ietf-sasl-crammd5-to-historic-00 // 20 November 2008
- https://tools.ietf.org/html/draft-zeilenga-luis140219-crammd5-to-historic-00 // June 29, 2017

2 - RFC6331: Moving DIGEST-MD5 to Historic:
- https://tools.ietf.org/html/rfc6331 // July 2011

Maybe it is time to take them off completely from the list even if they are after PLAIN.

Thanks for reading me.

Regards,

BOCQUET Ludovic

________________________________
From: Sam Whited <sam@samwhited.com>
Sent: Wednesday, November 4, 2020 8:47 PM
To: Ludovic BOCQUET <lbxmpp@live.com>; Alexey Melnikov <alexey.melnikov@isode.com>; Robbie Harwood <rharwood@redhat.com>; Jim Fenton <fenton@bluepopcorn.net>; KITTEN Working Group <kitten@ietf.org>
Cc: draft-ietf-kitten-password-storage@ietf.org <draft-ietf-kitten-password-storage@ietf.org>
Subject: Re: [kitten] Comments on draft-ietf-kitten-password-storage-00

Following up on this after our conversation out-of-band since I
apparently misunderstood this sentence:

On Wed, Nov 4, 2020, at 13:03, Ludovic BOCQUET wrote:
> Note: The final "draft-ietf-kitten-password-storage" must be validated
> like a RFC after the next two I-Ds, it is really important.

I appreciate your confidence and desire to see this published as an RFC,
but I don't think we can set such an aggressive timeline on it.

I'll be the first to complain about working with the IETFs obtuse
process (someone was kind enough to sit me down and walk me through the
whole thing on video chat and I still have no idea how any of it works
or what my role as an author is, the tools are impossible to use, the
format is impossible to write, etc.), but picking an arbitrary number of
drafts before advancing a document with a lot of subtle bits that need
expert review doesn't seem like a good idea to me.

Sorry, I'd love to see it advance too, but I'm not sure it's ready
quite yet. We have plenty of time to see what happens with the other
SCRAM I-D first. If one document or the other looks like it's ready to
advance, we can reevaluate this position before doing so. Don't worry,
if the new SCRAM mechanisms look like they're going to work out, we'll
get them in there!

Although I haven't heard many other opinions; if waiting on linking the
other SCRAM I-Ds seems too conservative I'd love to be told I'm wrong by
more seasoned IETF folks.

Thanks,
Sam

v2.23.0 | Report a Bug | By Email