Re: [kitten] draft-hansen-scram-sha256 and incorporating session hashing for channel binding
Nico Williams <nico@cryptonector.com> Tue, 26 May 2015 22:32 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7ED911B32C2 for <kitten@ietfa.amsl.com>; Tue, 26 May 2015 15:32:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.233
X-Spam-Level:
X-Spam-Status: No, score=0.233 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ACOGlnKdFxZ for <kitten@ietfa.amsl.com>; Tue, 26 May 2015 15:32:08 -0700 (PDT)
Received: from homiemail-a96.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id B52171B32B2 for <kitten@ietf.org>; Tue, 26 May 2015 15:32:08 -0700 (PDT)
Received: from homiemail-a96.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a96.g.dreamhost.com (Postfix) with ESMTP id 7BF033B8072; Tue, 26 May 2015 15:32:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=5VzTWIUiT6TELb P7cjs89V6lYJ4=; b=wLjiH5WGrvkLFHongsLB/vCIY4Ev3ZYEpN5Leyye/kUVHv BbdoipYPMDRf6CBO1qDSh/P0W8VGqpQNlSgJnjghVJSgJUoRN8XhbeL/32emDzjM 289VA8S3cz1XJPT6SqOsd1xAxTSST11hEAgb9RwIsv+rmZ1jg2n4XLUacUj1s=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a96.g.dreamhost.com (Postfix) with ESMTPA id 104433B8076; Tue, 26 May 2015 15:32:07 -0700 (PDT)
Date: Tue, 26 May 2015 17:32:07 -0500
From: Nico Williams <nico@cryptonector.com>
To: Tony Hansen <tony@att.com>
Message-ID: <20150526223206.GE27628@localhost>
References: <54DC00D0.2050900@cs.tcd.ie> <54EC66FF.50603@cs.tcd.ie> <54ECABD8.3090902@att.com> <87zj82f1yj.fsf@latte.josefsson.org> <54F4B8B8.8090406@isode.com> <555FC6CF.5020306@att.com> <20150523162728.5b6b63cd@latte.josefsson.org> <5564F27D.70109@att.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <5564F27D.70109@att.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/ttF-Wf-jiBFtfrBLTV4M89Lhd64>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] draft-hansen-scram-sha256 and incorporating session hashing for channel binding
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 May 2015 22:32:09 -0000
On Tue, May 26, 2015 at 06:23:57PM -0400, Tony Hansen wrote: > On 5/23/15 10:27 AM, Simon Josefsson wrote: > > ... > > This text has nothing to do with the tls-session-hash issue? > > Sorry, it has the text I added because of earlier issues brought up > within this thread. No, it doesn't address tls-session-hash. > > > If you don't want to ship a known insecure protocol, I believe the > > options are to either include text similar to what I proposed above, > > or to replace tls-unique with a secure TLS channel binding (e.g., > > draft-josefsson-sasl-tls-cb). Shipping a known insecure protocol is > > another option, but then you should add a security consideration > > explaining that tls-unique is not secure without tls-session-hash and > > that consistency with (the also insecure) RFC 5802 was deemed more > > important security. > > Your suggested text is: > > "To be secure SCRAM-SHA-256-PLUS has to be used over a TLS channel > that MUST have [TLS-SESSION-HASH] negotiated." That is fine, though I'd add "or session resumption MUST NOT have been used". > You then go on to say: "Personally, I would prefer to change to another > mandatory channel binding that is secure for all TLS versions." This is not really appropriate here because it's the applications that need to do this, and we can't say anything here about this that will force them to. But we can repeat what should be security considerations elsewhere, especially since there's currently no RFC providing this particular security consideration. A reference to TLS-SESSION-HASH of the same level (i.e., normative or informative) as RFCs 5246 and 5929 would be nice. Nico --
- [kitten] AD sponsoring draft-hansen-scram-sha256 Stephen Farrell
- Re: [kitten] AD sponsoring draft-hansen-scram-sha… Peter Saint-Andre - &yet
- Re: [kitten] AD sponsoring draft-hansen-scram-sha… Tony Hansen
- Re: [kitten] AD sponsoring draft-hansen-scram-sha… Peter Saint-Andre - &yet
- Re: [kitten] AD sponsoring draft-hansen-scram-sha… Simon Josefsson
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Simon Josefsson
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Alexey Melnikov
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Dave Cridland
- Re: [kitten] AD sponsoring draft-hansen-scram-sha… Simon Josefsson
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Martin Thomson
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Sam Whited
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Stephen Farrell
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Tony Hansen
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Tony Hansen
- [kitten] draft-hansen-scram-sha256 and the hash i… Tony Hansen
- [kitten] draft-hansen-scram-sha256 and incorporat… Tony Hansen
- Re: [kitten] draft-hansen-scram-sha256 and the ha… Dave Cridland
- Re: [kitten] draft-hansen-scram-sha256 and the ha… Alexey Melnikov
- Re: [kitten] draft-hansen-scram-sha256 and the ha… Tony Hansen
- Re: [kitten] draft-hansen-scram-sha256 and the ha… Simon Josefsson
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Simon Josefsson
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Alexey Melnikov
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Simon Josefsson
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Alexey Melnikov
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Tony Hansen
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Karthikeyan Bhargavan
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Simon Josefsson
- Re: [kitten] [saag] AD sponsoring draft-hansen-sc… Simon Josefsson
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Nico Williams
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Nico Williams
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Simon Josefsson
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Simon Josefsson
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Stephen Farrell
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Nico Williams
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Tony Hansen
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Nico Williams
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Simon Josefsson
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Tony Hansen
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Nico Williams
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Simon Josefsson
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Simon Josefsson
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Nico Williams
- Re: [kitten] draft-hansen-scram-sha256 and incorp… Tony Hansen