IETF Logo Mail Archive

Re: [precis] Stephen Farrell's No Objection on draft-ietf-precis-saslprepbis-17: (with COMMENT)

Alexey Melnikov <alexey.melnikov@isode.com> Wed, 27 May 2015 15:47 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: precis@ietfa.amsl.com
Delivered-To: precis@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B36F1B2CD5; Wed, 27 May 2015 08:47:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d3umGlxTrJaM; Wed, 27 May 2015 08:47:11 -0700 (PDT)
Received: from waldorf.isode.com (waldorf.isode.com [217.34.220.150]) by ietfa.amsl.com (Postfix) with ESMTP id 954791B2D72; Wed, 27 May 2015 08:47:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1432741629; d=isode.com; s=selector; i=@isode.com; bh=Da6tJB8zeMF/IA+Uy9f9u4wLjQB0k6Io/Wl5DD/TiyQ=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=Sie9wFJ7nwdDp7z5GOfcDnv20oKqNXpj5u/MOLN7amGe7ThROjO1TR6qKGA1N7OFx3J2rB FaAgqpyUpEgCLv75zZqalyo+eb4JS9p3rnqllg2dEGyJ2iItyGsnd8RfsAlLcSpK9QH72b Vi2IdEQ9LY3Ko1bv/MgKgMyL03kuvTM=;
Received: from [172.20.1.215] (dhcp-215.isode.net [172.20.1.215]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <VWXm=AAZW2LB@waldorf.isode.com>; Wed, 27 May 2015 16:47:09 +0100
Message-ID: <5565E6EB.7010505@isode.com>
Date: Wed, 27 May 2015 16:46:51 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
To: Peter Saint-Andre - &yet <peter@andyet.net>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
References: <20150527132109.25645.76593.idtracker@ietfa.amsl.com> <5565DB7E.6080508@andyet.net> <5565DEF5.6090405@cs.tcd.ie> <5565E295.1010505@andyet.net> <5565E65D.9030605@andyet.net>
In-Reply-To: <5565E65D.9030605@andyet.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/precis/fXVF9XhiPwTc9J-CdEdMzBrteqU>
Cc: draft-ietf-precis-saslprepbis.ad@ietf.org, precis-chairs@ietf.org, precis@ietf.org, draft-ietf-precis-saslprepbis@ietf.org, draft-ietf-precis-saslprepbis.shepherd@ietf.org
Subject: Re: [precis] Stephen Farrell's No Objection on draft-ietf-precis-saslprepbis-17: (with COMMENT)
X-BeenThere: precis@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Preparation and Comparison of Internationalized Strings <precis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/precis>, <mailto:precis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/precis/>
List-Post: <mailto:precis@ietf.org>
List-Help: <mailto:precis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/precis>, <mailto:precis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2015 15:47:13 -0000

On 27/05/2015 16:44, Peter Saint-Andre - &yet wrote:
> On 5/27/15 9:28 AM, Peter Saint-Andre - &yet wrote:
>> On 5/27/15 9:12 AM, Stephen Farrell wrote:
>>>
>>> On 27/05/15 15:58, Peter Saint-Andre - &yet wrote:
>>>> On 5/27/15 7:21 AM, Stephen Farrell wrote:
>>>>> Stephen Farrell has entered the following ballot position for
>>>>> draft-ietf-precis-saslprepbis-17: No Objection
>
> <snip/>
>
>>>>> 4.1: zero length password - I think you're wrong on that
>>>>> one but it is arguable. This was a discuss until you told
>>>>> me that 4013 prohibited 'em too so probably no point
>>>>> in changing now if it's just my opinion.
>>>>>
>>>>> There are situations where an empty password is ok (say
>>>>> when I'm not "protecting" something but just want to know
>>>>> what user's profile to use, e.g. for weather) and that is
>>>>> supported in many systems (that hence won't be able to
>>>>> exactly adopt this) and insisting on a non-empty password
>>>>> could be more damaging than allowing a zero-length
>>>>> password, whenever a user re-uses a password for something
>>>>> for which no password is really needed (and which hence is
>>>>> less likely to be well protected) and where that password
>>>>> is also used to protect something of significantly higher
>>>>> value. The zero-length password is also not an interesting
>>>>> subset of the set of stupid passwords really so doesn't
>>>>> deserve to be called out as such (and you say that in the
>>>>> draft when you talk about length-1 passwords.) So I think
>>>>> allowing zero length passwords is better overall, and more
>>>>> consistent with implementations.
>>>>
>>>> I see your point. Do you have a sense of what kind of systems today
>>>> allow zero-length passwords? Given that RFC 4013 prohibited 
>>>> zero-length
>>>> passwords and that they provide no security whatsoever, I don't see a
>>>> compelling reason to modify the recommendation. However, as you say 
>>>> this
>>>> document doesn't provide general guidance on password strengthy 
>>>> anyway,
>>>> so I suppose I'd be fine with changing it to SHOULD NOT as long as we
>>>> provide some text about why zero-length passwords are acceptable in 
>>>> some
>>>> existing systems.
>>>
>>> I think most operating systems either allow empty passwords
>>> or else try insist on what they think is "strong" or else
>>> give some strength feedback to the user. Many CLI tools allow
>>> for empty passwords in case they're used in a script and
>>> the same goes for passwords needed by servers that might
>>> ever need to restart without a human. (And yes in most cases
>>> such tools provide a way to input a password from e.g. a
>>> file, but that's often no more secure than no password
>>> given how filesystem access control works.)
>>>
>>> I'll leave it to you folks to decide if you think a SHOULD
>>> NOT is ok or not, but I suspect you might want to check that
>>> the WG are ok with that change from 4013.
>>
>> Most definitely.
>>
>>> I suppose an alternative might be to just note some of
>>> the issues above and say that in a bunch of cases an
>>> application will have to accept as input either <empty-string>
>>> or <password>. I guess that's what's done now in any case
>>> and I'd be fine with handling it that way too if you prefer.
>>
>> Ah, true. That seems preferable to me.
Agreed.
>> Let's see if Alexey and I can formulate some text...
>
> How's this? (I haven't checked it with Alexey yet but he can reply here.)
>
> OLD
>       Note: The prohibition on zero-length passwords is not a
>       recommendation regarding password strength (since a password of
>       only one byte is highly insecure), but is meant to prevent
>       applications from omitting a password entirely.
>
> NEW
>       Note: Some existing systems allow an empty string in places where
>       a password would be expected (e.g., command-line tools that might
>       be called from an automated script, or servers that might need to
>       be restarted without human intervention).  From the perspective of
>       this document (and RFC 4013 before it), these empty strings are
>       not passwords but are workarounds for the practical difficulty of
>       using passwords in certain scenarios.  The prohibition on zero-
>       length passwords is not a recommendation regarding password
>       strength (since a password of only one byte is highly insecure),
>       but is meant to prevent applications from mistakenly omitting a
>       password entirely, since when internationalized characters are
>       accepted a non-empty sequence of characters can result in a zero-
>       length password after canonicalization.
Yes, this looks great. Thank you!

v2.23.0 | Report a Bug | By Email