Re: [kitten] Fwd: I-D Action: draft-melnikov-scram-2fa-00.txt

Florian Schmaus <flo@geekplace.eu> Thu, 19 March 2020 13:53 UTC

Return-Path: <fschmaus@gmail.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F254B3A29C5 for <kitten@ietfa.amsl.com>; Thu, 19 Mar 2020 06:53:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.111
X-Spam-Level:
X-Spam-Status: No, score=-3.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_MSPIKE_H2=-1.463, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RJ_fdqtaZnbo for <kitten@ietfa.amsl.com>; Thu, 19 Mar 2020 06:53:05 -0700 (PDT)
Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 858C53A29C3 for <kitten@ietf.org>; Thu, 19 Mar 2020 06:53:05 -0700 (PDT)
Received: by mail-wr1-f41.google.com with SMTP id i9so3058934wrx.12 for <kitten@ietf.org>; Thu, 19 Mar 2020 06:53:05 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=wQttBIceW1TqK6grImC5290YZxfP5fX2AA39/ZiUYQ4=; b=kgx75uaD0EXw6F48pjXkrU/ZjR2I52x4HOLqWIyRcWybPHLLpZdlPNfzqqIegzphQV o+qXc77820xp3+Q/6km0JYdwJUtD+a0MYfWko8p1EdyzdmYnC7PkMc7DxlcekTgunoSs nyeKPdWpdVPq9sEecXtRpRpWsDgNdiLF44YN5jxTr726FTkR8Boz1zojpoLkUwMop3Ux A7SX7qzLqhSn6tc/R97FGexBIpQKEPj5VNzO503PWAba3/FQcqcbZ4sIHLKWmWLPBRiS x5+NPlVsE519TRUQgaBAQKeOhuh/syCYpRrHOGaueMFVeRO2twA2e40zj0bdV0CY11Rv GXnQ==
X-Gm-Message-State: ANhLgQ2WB1NQsghDemtrrCCMq9Va6sHhrarkYuyAux3ShEvb718edBFT vq3M8tS6+zfDjAG1OZVBoCGNqilpc50=
X-Google-Smtp-Source: =?utf-8?q?ADFU+vsYzy6v75PVQhwVcTp8ROhDsBoSPBg0HlQ0bNGh?= =?utf-8?q?VWKjd3MGANyCMCPBWhrn7B1yCOeGr0pyNg=3D=3D?=
X-Received: by 2002:a5d:56cd:: with SMTP id m13mr4349066wrw.236.1584625983506; Thu, 19 Mar 2020 06:53:03 -0700 (PDT)
Received: from neo-pc.sch (55d4389f.access.ecotel.net. [85.212.56.159]) by smtp.gmail.com with ESMTPSA id n63sm15385wmf.6.2020.03.19.06.53.02 for <kitten@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 19 Mar 2020 06:53:02 -0700 (PDT)
To: kitten@ietf.org
References: <158462386052.13384.7911173297625270492@ietfa.amsl.com> <1330abb0-f0ae-3399-0486-4d7f7ff63267@isode.com>
From: Florian Schmaus <flo@geekplace.eu>
Message-ID: <7b8fc0af-a0e4-6c13-8bcd-da6be3b70cc6@geekplace.eu>
Date: Thu, 19 Mar 2020 14:53:01 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0
MIME-Version: 1.0
In-Reply-To: <1330abb0-f0ae-3399-0486-4d7f7ff63267@isode.com>
Content-Type: text/plain; charset=windows-1252
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/sQ8M_E0SZ4nvGegGdI9Q83soZaU>
Subject: Re: [kitten] Fwd: I-D Action: draft-melnikov-scram-2fa-00.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2020 13:53:08 -0000

On 3/19/20 2:25 PM, Alexey Melnikov wrote:
> Hi all,
> 
> As I had various conversations with people saying that SASL doesn't
> support 2 factor authentication, I posted a short draft which shows how
> to add 2 factor authentication to SCRAM. This is mostly a proof of
> concept and I am planning to work on another draft explaining how to do
> the same for SASL OAUTH.
> 
> (If I remember correctly I also talked to Dave Cridland about doing a
> more generic extension to the SASL framework itself by allowing
> protocols to invoke multiple SASL mechanism in a sequence and achieving
> 2FA that way. I would be interested in developing this concept as well,
> but it would take longer than just extending some existing SASL mechanisms.)
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-melnikov-scram-2fa/
>
> If people can have a look and provide feedback, that would be much
> appreciated.

How does the client discover that the SCRAM 2FA extension is required?
Is it encoded in the SASL mechanism name, akin to SCRAM -PLUS?

- Florian