IETF Logo Mail Archive

Re: [saag] SHA-1 to SHA-n transition

Nicolas Williams <Nicolas.Williams@sun.com> Mon, 02 March 2009 16:20 UTC

Return-Path: <Nicolas.Williams@sun.com>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CA3CD3A6902 for <saag@core3.amsl.com>; Mon, 2 Mar 2009 08:20:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.027
X-Spam-Level:
X-Spam-Status: No, score=-6.027 tagged_above=-999 required=5 tests=[AWL=0.019, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MSBzvxWNk4se for <saag@core3.amsl.com>; Mon, 2 Mar 2009 08:20:11 -0800 (PST)
Received: from brmea-mail-1.sun.com (brmea-mail-1.Sun.COM [192.18.98.31]) by core3.amsl.com (Postfix) with ESMTP id D387C3A690F for <saag@ietf.org>; Mon, 2 Mar 2009 08:20:11 -0800 (PST)
Received: from dm-central-02.central.sun.com ([129.147.62.5]) by brmea-mail-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id n22GKbNZ021052 for <saag@ietf.org>; Mon, 2 Mar 2009 16:20:37 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id n22GKaWi041748 for <saag@ietf.org>; Mon, 2 Mar 2009 09:20:37 -0700 (MST)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n22GBZ6s012905; Mon, 2 Mar 2009 10:11:35 -0600 (CST)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n22GBZd7012904; Mon, 2 Mar 2009 10:11:35 -0600 (CST)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Mon, 02 Mar 2009 10:11:35 -0600
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Eric Rescorla <ekr@networkresonance.com>
Message-ID: <20090302161134.GG9992@Sun.COM>
References: <2788466ED3E31C418E9ACC5C3166155768B2CB@mou1wnexmb09.vcorp.ad.vrsn.com> <0c2301c9979f$8a1cd770$0600a8c0@china.huawei.com> <2788466ED3E31C418E9ACC5C3166155768B2CE@mou1wnexmb09.vcorp.ad.vrsn.com> <20090226143809.GF7227@mit.edu> <1235663917.3293.16.camel@localhost> <20090226165448.GK9992@Sun.COM> <20090227022359.8D45150822@romeo.rtfm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20090227022359.8D45150822@romeo.rtfm.com>
User-Agent: Mutt/1.5.7i
Cc: der Mouse <mouse@Rodents-Montreal.ORG>, saag@ietf.org
Subject: Re: [saag] SHA-1 to SHA-n transition
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2009 16:20:12 -0000

On Thu, Feb 26, 2009 at 06:23:59PM -0800, Eric Rescorla wrote:
> I don't want to get into an extensive argument about this on SAAG,
> but I don't think this direction is particularly promising, for
> reasons I've indicated before: namely that you're handwaving
> the difficult part of the problem, UI, which we have no real 
> idea how to solve. Sure, if we solved that, there are any
> number of things we could do, but absent that, the other things
> are fairly useless.

I'm not entirely handwaving the UI part.  There are two major UI
problems: a) the desire for full-screen apps, and, more generally, apps
that have full access to human interface I/O, b) the desire of web
application developers to have full control over credentials prompts.

(a) is practically insurmountable -- SAS helps, but I doubt users will
be happy to use SAS every time they are prompted for credentials.  My
knee-jerk reaction would be to reject full-screen apps.

In my scheme (b) is solved by letting apps prompt for identities,
but not any passwords -- and training users not to enter passwords into
non-secure dialogs (see SAS comment) -- and by having authentication
mechanisms where the relying party does not get to impersonate the
client just because the client authenticated itself (this, in turn,
creates another problem in that lots of web services need delegation).

In particular I think the solution to (b) needs to go hand-in-hand with
any solution to the mutual authentication problem.

> I think you're rather overselling here: this only works well for
> account-based systems. There are plenty of cases where I need to
> connect to someone where I only know their name but I don't yet have
> an account (e.g., https://www.amazon.com). The mechanism that you
> provide doesn't work at all in this case. Rather, you need some
> third-party verifiable mechanism. I suppose one could argue that certs
> aren't a good such mechanism, but they're the one that TLS supports
> and I suspect any replacement would smell a lot like certs.

I just addressed enrolment (I took "but I don't _yet_ have an account"
to refer to enrolment) in a reply to Sam.

For cases that are not enrolment and where you never need user
authentication, but do need server authentication, I can only think of
PKI, and today's weak PKI will just have to do.

Nico
--

v2.23.0 | Report a Bug | By Email