IETF Logo Mail Archive

Re: [saag] SHA-1 to SHA-n transition

Nicolas Williams <Nicolas.Williams@sun.com> Mon, 02 March 2009 18:25 UTC

Return-Path: <Nicolas.Williams@sun.com>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3267528C13E for <saag@core3.amsl.com>; Mon, 2 Mar 2009 10:25:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.995
X-Spam-Level:
X-Spam-Status: No, score=-5.995 tagged_above=-999 required=5 tests=[AWL=0.051, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QHc76de+vuX9 for <saag@core3.amsl.com>; Mon, 2 Mar 2009 10:25:34 -0800 (PST)
Received: from sca-ea-mail-1.sun.com (sca-ea-mail-1.Sun.COM [192.18.43.24]) by core3.amsl.com (Postfix) with ESMTP id 3602D3A69B9 for <saag@ietf.org>; Mon, 2 Mar 2009 10:25:34 -0800 (PST)
Received: from dm-central-01.central.sun.com ([129.147.62.4]) by sca-ea-mail-1.sun.com (8.13.7+Sun/8.12.9) with ESMTP id n22IQ0hh029943 for <saag@ietf.org>; Mon, 2 Mar 2009 18:26:00 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-01.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id n22IPx1t059939 for <saag@ietf.org>; Mon, 2 Mar 2009 11:25:59 -0700 (MST)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n22IGxFu013058; Mon, 2 Mar 2009 12:16:59 -0600 (CST)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n22IGvT2013057; Mon, 2 Mar 2009 12:16:57 -0600 (CST)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Mon, 02 Mar 2009 12:16:57 -0600
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Eric Rescorla <ekr@networkresonance.com>
Message-ID: <20090302181657.GV9992@Sun.COM>
References: <0c2301c9979f$8a1cd770$0600a8c0@china.huawei.com> <2788466ED3E31C418E9ACC5C3166155768B2CE@mou1wnexmb09.vcorp.ad.vrsn.com> <20090226143809.GF7227@mit.edu> <1235663917.3293.16.camel@localhost> <20090226165448.GK9992@Sun.COM> <20090227022359.8D45150822@romeo.rtfm.com> <20090302161134.GG9992@Sun.COM> <20090302172135.DA43650822@romeo.rtfm.com> <20090302171122.GM9992@Sun.COM> <20090302181143.2B7B550822@romeo.rtfm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20090302181143.2B7B550822@romeo.rtfm.com>
User-Agent: Mutt/1.5.7i
Cc: saag@ietf.org, der Mouse <mouse@Rodents-Montreal.ORG>
Subject: Re: [saag] SHA-1 to SHA-n transition
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2009 18:25:35 -0000

On Mon, Mar 02, 2009 at 10:11:43AM -0800, Eric Rescorla wrote:
> And the attacker will just pop up a dialog that says "our cool new UI
> system is broken. Type your password into the form for now." This is
> quite clear from [SDO+07].

Clearly.  Eventually this would no longer be true -- but we'll never get
there if we don't provide any mechanisms that can overcome this.
Certificates won't do because passwords remain, and will remain the
lowest common denominator for a long time.

Unless small, portable devices with UIs (mobile phones!) become so
ubiquitous (they're getting there) that they are as portable and ever
present as passwords.  But I suspect the same will apply to that
alternative: it will be years before we stop relying on passwords.

> > Any solution will require training, if nothing else because otherwise
> > everyone will continue doing what we all do today: typing passwords into
> > HTML forms, so that servers get cleartext passwords, and MITMs get all
> > our money.
> 
> "We must do something. This is something. We must do this."

There are so many "this" we can do, and any one will take time.  Choose
an approach.  Requiring that everyone have bluetooth- and NFC-equipped
cell phones (and probably data rate service) and desktops and laptops
(terminals of any kind) will certainly do, provided that such a
requirement is reasonable -- we're getting closer to where it is.

Nico
--

v2.23.0 | Report a Bug | By Email