Re: [kitten] Fwd: I-D Action: draft-melnikov-scram-2fa-00.txt

Simon Josefsson <> Fri, 03 April 2020 16:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 62EBC3A1A3A for <>; Fri, 3 Apr 2020 09:29:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 3y183r4E18-J for <>; Fri, 3 Apr 2020 09:29:47 -0700 (PDT)
Received: from ( [IPv6:2001:9b1:8633::105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 526023A1B15 for <>; Fri, 3 Apr 2020 09:29:45 -0700 (PDT)
Received: from latte ( []) (authenticated bits=0) by (8.15.2/8.15.2/Debian-8) with ESMTPSA id 033GTVhY014436 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 3 Apr 2020 16:29:33 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=default; t=1585931373; bh=S5uH/LN/0rwVGEOkTI3q72pGvgHxhx+e/X6SaGbraRo=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=j65k+6SIDzCX66Oh0mc5M5Wzsc38c2xSdvElJTOhtl0Ro6XrMZ5B2F+SCaVZo2iyz lKoZz9yXXJeciHCne9AU+amZQNa5vvD12Q3dvVMWTT6TNPARQhypXS1li583WogI+I bTW7l0/PZ9MggBBeucYMKH1pESRo2F0mz7bWzaAzKT1Gt5GpaDE3W1P76nCyFhTokA H8doPBmu+ldyO/1rDNwze21LA6CJVLUe+mTXZaoFgT7hcJMROxWZFoPePZE+XtocTW LQz0JSPCA/0t8hRnR1NN6a332B9/vH7C2dGzhxODZ5hjMZag8cghfgDfG28JSeMX1j sIw6E1Zlge0dQ==
From: Simon Josefsson <>
To: Alexey Melnikov <>
References: <> <>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=
Date: Fri, 03 Apr 2020 18:29:30 +0200
In-Reply-To: <> (Alexey Melnikov's message of "Thu, 19 Mar 2020 13:25:58 +0000")
Message-ID: <>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.102.2 at
X-Virus-Status: Clean
Archived-At: <>
Subject: Re: [kitten] Fwd: I-D Action: draft-melnikov-scram-2fa-00.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 03 Apr 2020 16:29:50 -0000

Thanks for working on this.  What we discovered with the OpenID/SAML
SASL mechanisms was that a major challenge was to resolve how to resume
sessions in a SASLy way.  To be more specific, the challenge is that a
lot of client applications (IMAP in particlar) expect to be able to open
several sessions to the server.  Having a user perform manual steps per
session won't work, and from a quick look at your document, it looks
like this problem isn't resolve here either.  What is needed is some way
to perform the 2FA authentication once, and then be able to refer to
that authentication in a new SASL authentication step.  With re-newed
energy and interest in this, I beliece we can do better now though.
Some ideas:

1) Specify how TLS resumption of a SASL authenticated session should
assume the same SASL authentication/authorization identity.

2) Specify how EXTERNAL (or some new mechanism) is to be used to
"resume" an earlier 2FA authenticated SASL session.

3) Describe how OAUTH could be used to achieve this.

4) Extend your proposal to generate a magic cookie after successful
authentication that can be provided instead of the 2FA code next time.

The problem is not exactly how to do it: it is to describe one
well-agreed on method that all application implementers can follow, to
get interoperability.

I believe it is a bad idea to implement a generic 2FA mechanism on top
of SCRAM, it will be too flexible with bad interop as a result.
Instead, implement specific 2FA methods so things become easily
implementable.  Your document could be a SCRAM-OATH-TOTP rather than
SCRAM-2FA.  OATH-HOTP/TOTP, U2F, FIDO2, etc each have different
behaviours that make it difficult to support in a generic protocol.


Alexey Melnikov <> writes:

> Hi all,
> As I had various conversations with people saying that SASL doesn't
> support 2 factor authentication, I posted a short draft which shows
> how to add 2 factor authentication to SCRAM. This is mostly a proof of
> concept and I am planning to work on another draft explaining how to
> do the same for SASL OAUTH.
> (If I remember correctly I also talked to Dave Cridland about doing a
> more generic extension to the SASL framework itself by allowing
> protocols to invoke multiple SASL mechanism in a sequence and
> achieving 2FA that way. I would be interested in developing this
> concept as well, but it would take longer than just extending some
> existing SASL mechanisms.)
> If people can have a look and provide feedback, that would be much
> appreciated.
> Best Regards,
> Alexey
> -------- Forwarded Message --------
> Subject: 	I-D Action: draft-melnikov-scram-2fa-00.txt
> Date: 	Thu, 19 Mar 2020 06:17:40 -0700
> From:
> Reply-To:
> To:
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> Title : Extensions to Salted Challenge Response (SCRAM) for 2 factor
> authentication
> Author : Alexey Melnikov
> Filename : draft-melnikov-scram-2fa-00.txt
> Pages : 5
> Date : 2020-03-19
> Abstract:
> This specification describes an extension to family of Simple
> Authentication and Security Layer (SASL; RFC 4422) authentication
> mechanisms called the Salted Challenge Response Authentication
> Mechanism (SCRAM), which provides support for 2 factor
> authentication.
> The IETF datatracker status page for this draft is:
> There are also htmlized versions available at:
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at
> Internet-Drafts are also available by anonymous FTP at:
> _______________________________________________
> I-D-Announce mailing list
> Internet-Draft directories:
> or
> _______________________________________________
> Kitten mailing list