IETF Logo Mail Archive

Re: [kitten] The Hashed-Token SASL Mechanism (SASL-HT)

Florian Schmaus <flo@geekplace.eu> Sun, 12 November 2017 09:29 UTC

Return-Path: <fschmaus@gmail.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E6AD124BE8 for <kitten@ietfa.amsl.com>; Sun, 12 Nov 2017 01:29:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.72
X-Spam-Level:
X-Spam-Status: No, score=-1.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zUMRIRIrjOvV for <kitten@ietfa.amsl.com>; Sun, 12 Nov 2017 01:29:54 -0800 (PST)
Received: from mail-wm0-f48.google.com (mail-wm0-f48.google.com [74.125.82.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AC86120726 for <kitten@ietf.org>; Sun, 12 Nov 2017 01:29:54 -0800 (PST)
Received: by mail-wm0-f48.google.com with SMTP id r68so9782975wmr.3 for <kitten@ietf.org>; Sun, 12 Nov 2017 01:29:54 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:cc:references:message-id:date :user-agent:mime-version:in-reply-to; bh=jhAY/6xzwWiR8UUtwfD0NtPo3kMA50nkWCvz1AL9bUg=; b=LLH2V2dDjPlNzyCR8lap1+ICmiilxParsa3eM2TeC41xDbWR3YeXw0G8lPKeGuB50R jSEewQVNDDcml9gtDqu9r/PhTsiarkAiL+2cF8jUKXoow7aIpUBwxd0lx9wSmmY803qo vRYbsijS13R+jD0jlWLMxm44yQEJqklgZ1qZL5tiFTfl4ugPfkIG7OPY0lo/WT3SGkkK wzdcWThmDlZ8Qn4fVHTPr/I/z3DBdh3t77HzF0wAHei73+vxfJmiHVZSwZH+gaqk8qkG i7ICb8uaABAB4yk8szAIgQt8w5ePNcX+BVn6mSJugwcUMw30Z1kVCRET91lDJBnBXPAD GXyg==
X-Gm-Message-State: AJaThX5X9l1ZqdRL7vj9dnJtl9hLt9VXQFPKJje7TNBEoxRrBk2/fqk1 E2PbNGJjVoE5DgaJXT2/PsdSuBT3
X-Google-Smtp-Source: AGs4zMYIbaRE2nJ8zNJm+bJFtUktGAaJn0I1y5hsTIeRDzb9sbDLlc1VlcxYXM5TV/D1VsrG5arUCQ==
X-Received: by 10.80.135.226 with SMTP id 31mr8220644edz.210.1510478992605; Sun, 12 Nov 2017 01:29:52 -0800 (PST)
Received: from ?IPv6:2001:a62:110a:1e01:72c8:490c:b0a9:6be1? ([2001:a62:110a:1e01:72c8:490c:b0a9:6be1]) by smtp.googlemail.com with ESMTPSA id h2sm11575181edc.89.2017.11.12.01.29.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 12 Nov 2017 01:29:51 -0800 (PST)
From: Florian Schmaus <flo@geekplace.eu>
To: kitten@ietf.org
References: <9913d71b-ae22-cc48-34b8-fb29fdf9a00c@geekplace.eu>
Message-ID: <d5d0af8e-428d-f99e-e210-58b6238d3412@geekplace.eu>
Date: Sun, 12 Nov 2017 10:29:49 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <9913d71b-ae22-cc48-34b8-fb29fdf9a00c@geekplace.eu>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="1hSm9cQ9HPCUBHSlqbrh7rpDMOCxFprFu"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/vfSra9CkQMs2RA3lHy1tHeLlzVY>
Subject: Re: [kitten] The Hashed-Token SASL Mechanism (SASL-HT)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Nov 2017 09:29:56 -0000

I have just published -03 of draft-schmaus-kitten-sasl-ht, which is now
available online at

https://tools.ietf.org/html/draft-schmaus-kitten-sasl-ht-03

Besides some minor changes the major ones are:

The incorporation of the requirements of the application specific
extension protocol, which where already stated in the ProtoXEP [1], but
really belong (also) in he HT SASL mechanism.

Describe how (I believe) the Hashed Token SASL mechanism could be used
with TLS 1.3 early data safely.

An attempt to clarify that the used tokens are one time tokens.


The I-D is now in a state where its authors need a mentor or guide on
how we continue from here on. That is obviously why I put PSA into the
cc, but help from other people is, of course, also appreciated. :)

- Florian

1: http://geekplace.eu/xeps/xep-isr-sasl2/xep-isr-sasl2.html

v2.23.0 | Report a Bug | By Email