[kitten] U2F/FIDO/WebAuthn in draft-ietf-kitten-scram-2fa-01
Simon Josefsson <simon@josefsson.org> Tue, 08 February 2022 10:59 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6214B3A0C66 for <kitten@ietfa.amsl.com>; Tue, 8 Feb 2022 02:59:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b=THKmc9zh; dkim=pass (2736-bit key) header.d=josefsson.org header.b=gU8mhVwv
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PbxWwtYg-J6k for <kitten@ietfa.amsl.com>; Tue, 8 Feb 2022 02:59:14 -0800 (PST)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AA1C3A0BFE for <kitten@ietf.org>; Tue, 8 Feb 2022 02:59:14 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2110; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding :Content-ID:Content-Description; bh=G3ShcZ05ZqLp9wJIZ1DJv2YT7UfjXghe0fheBu8Ldvw=; t=1644317954; x=1645527554; b=THKmc9zh9DHT2VRGiqZp3J0WUXsySAmNDmV/k1aaRMQG5Nf1WxZN2G0rO0Ngh4Um/HkhfB9p71U rkT+Ej08oDw==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2110; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:To:From:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description; bh=G3ShcZ05ZqLp9wJIZ1DJv2YT7UfjXghe0fheBu8Ldvw=; t=1644317954; x=1645527554; b=gU8mhVwvbKCdMdqU66jWGVmtRT3UjQN+q6YwJ/hcRB7FWernWSBWxUKAylUIgfddb+IggMGXBAd CaHebfKyz03P4Y2W3tunfXhLbiKpg/9vlHvpLZA+DcWPa6ZEHq0s64Rsu8kJz1P2czjYRk6oI1kaw 6sTBp5Xllnpit56lRYu8iJ60xa1MM5EIGR4AG3ky0UshFBB1/fVLu6M3AS2AI64GXIlaVUp3Ln4Zn EvIiFrDPH5Wa3F4RpRAZSh79ESxAXCRBN4DjoaMMc1a830VgSh09Z2kw1GVpWuy2G2+rGuZDtB3um 98ydki/czejk/Q99VzSz3Eotv9DFnsG5QxejviDd2MfBBQRL7Fvp2Bx249dqTU5iD4QDaXgJZoQbG aOZx9XPt/nge/dnPs8caczkk+obl7Bx6K3lG4MWmELdDHxkf0SckOPBzl3DXEjP4JE0Yckrl3;
Received: from [2001:9b1:41ac:ff00:40a7:b17b:f92a:40e8] (port=59120 helo=latte) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <simon@josefsson.org>) id 1nHODD-000G5H-TZ for kitten@ietf.org; Tue, 08 Feb 2022 11:59:06 +0100
From: Simon Josefsson <simon@josefsson.org>
To: kitten@ietf.org
References: <164312561194.29378.12687557189314117323@ietfa.amsl.com>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:22:220208:internet-drafts@ietf.org::Bk/wBZBGRUc0UH51:0xQO
X-Hashcash: 1:22:220208:i-d-announce@ietf.org::6E61jRwWMEBW3aGT:4SOg
X-Hashcash: 1:22:220208:kitten@ietf.org::UNXq2dm89yeL6BV1:FEb5
Date: Tue, 08 Feb 2022 11:59:04 +0100
In-Reply-To: <164312561194.29378.12687557189314117323@ietfa.amsl.com> (internet-drafts@ietf.org's message of "Tue, 25 Jan 2022 07:46:52 -0800")
Message-ID: <87pmnx1v5z.fsf@latte.josefsson.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/u2QyHaYvUeKl0D4cDnLJHiYV7OU>
Subject: [kitten] U2F/FIDO/WebAuthn in draft-ietf-kitten-scram-2fa-01
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Feb 2022 10:59:21 -0000
I think the document should discuss how U2F/FIDO/WebAuthn would be supported, since that is (to my knowledge) the best recommended openly standardized 2fa protocol available. What do you think? OATH HOTP/TOTP was superseded as the best recommended choice 5+ years ago when U2F became available. Alternatively, perhaps this document should specify a SCRAM-TOTP variant only, and not allow sub-protocol flexibility, to reduce the number of sub-negotitations we have in popular SASL mechanisms. Sub-negotiation within a SASL mechanism seems to be one major reason why SASL mechanisms fail as far as I can judge. /Simon
- [kitten] I-D Action: draft-ietf-kitten-scram-2fa-… internet-drafts
- [kitten] U2F/FIDO/WebAuthn in draft-ietf-kitten-s… Simon Josefsson
- Re: [kitten] U2F/FIDO/WebAuthn in draft-ietf-kitt… Alexey Melnikov