IETF Logo Mail Archive

Re: [saag] SHA-1 to SHA-n transition

Nicolas Williams <Nicolas.Williams@sun.com> Mon, 02 March 2009 18:41 UTC

Return-Path: <Nicolas.Williams@sun.com>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3254E28C22C for <saag@core3.amsl.com>; Mon, 2 Mar 2009 10:41:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.996
X-Spam-Level:
X-Spam-Status: No, score=-5.996 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PQ4E9O8BXr+r for <saag@core3.amsl.com>; Mon, 2 Mar 2009 10:41:52 -0800 (PST)
Received: from sca-ea-mail-3.sun.com (sca-ea-mail-3.Sun.COM [192.18.43.21]) by core3.amsl.com (Postfix) with ESMTP id 4867D28C151 for <saag@ietf.org>; Mon, 2 Mar 2009 10:41:52 -0800 (PST)
Received: from dm-central-01.central.sun.com ([129.147.62.4]) by sca-ea-mail-3.sun.com (8.13.6+Sun/8.12.9) with ESMTP id n22IgI7H006121 for <saag@ietf.org>; Mon, 2 Mar 2009 18:42:18 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-01.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id n22IgI9m007304 for <saag@ietf.org>; Mon, 2 Mar 2009 11:42:18 -0700 (MST)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n22IPmVX013072; Mon, 2 Mar 2009 12:25:48 -0600 (CST)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n22IPmID013071; Mon, 2 Mar 2009 12:25:48 -0600 (CST)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Mon, 02 Mar 2009 12:25:47 -0600
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Jeffrey Hutzelman <jhutz@cmu.edu>
Message-ID: <20090302182547.GX9992@Sun.COM>
References: <0c2301c9979f$8a1cd770$0600a8c0@china.huawei.com> <2788466ED3E31C418E9ACC5C3166155768B2CE@mou1wnexmb09.vcorp.ad.vrsn.com> <20090226143809.GF7227@mit.edu> <1235663917.3293.16.camel@localhost> <20090226165448.GK9992@Sun.COM> <20090227022359.8D45150822@romeo.rtfm.com> <20090302161134.GG9992@Sun.COM> <20090302172135.DA43650822@romeo.rtfm.com> <200903021720.n22HKZOv006388@grapenut.srv.cs.cmu.edu> <864C82388E530D27DCB6002F@minbar.fac.cs.cmu.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <864C82388E530D27DCB6002F@minbar.fac.cs.cmu.edu>
User-Agent: Mutt/1.5.7i
Cc: der Mouse <mouse@Rodents-Montreal.ORG>, saag@ietf.org
Subject: Re: [saag] SHA-1 to SHA-n transition
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2009 18:41:53 -0000

On Mon, Mar 02, 2009 at 01:19:13PM -0500, Jeffrey Hutzelman wrote:
> --On Monday, March 02, 2009 11:11:22 AM -0600 Nicolas Williams 
> <Nicolas.Williams@sun.com> wrote:
> 
> >It will be a long time before users can be trained not to type passwords
> >into attacker-controlled dialogs -- that is definitely true.
> 
> No, no.  It's a long way down the road to the chemist's.  It will be 
> _forever_ before users can be trained not to type passwords into 
> attacker-controlled dialogs.  We've been trying for decades, and some of 
> the users in question have _been here_ for decades, and the message still 
> hasn't gotten through.

Mostly because the technology to move beyond application-controlled
dialogs has not been deployed or the technologies that have been have
been unsatisfactory.  All I see in your reply is surrender.

> >And we'll
> >also have passwords for a long time yet.
> 
> Again, probably forever.

Indeed, cell phones and all.

> >DIGEST-MD5 exists, and I'd advocate its use, but currently that always
> >results in a browser-controlled dialog that app designers hate
> 
> To a certain extent, this is too bad.  For password dialogs to be safe, 
> they _must_ be browser-controlled (or system-controlled) dialogs over which 
> the app designers have no control.  Note that virtually all of the security 
> problems the web has today result from app designers demanding and browser 
> vendors granting more control over the client computer than the system was 
> designed to give them.

Indeed.  I'm proposing an incremental approach to this problem.  Perhaps
I'm talking to the wrong crowd -- at SAAG we're mostly security
engineers, whereas any conversation about overcoming the above problem
must involve web application developers.

> Just for the record, the amount of control the system was designed to give 
> app designers over the client computer is.... zero!  Every security, 
> performance, and usability problem the Web has today can be traced to 
> violations of that design principle.

Agreed.

Nico
--

v2.23.0 | Report a Bug | By Email