Re: Random data
Kurt Zeilenga <Kurt.Zeilenga@isode.com> Tue, 12 August 2008 20:53 UTC
Return-Path: <owner-ietf-sasl@mail.imc.org>
X-Original-To: ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com
Delivered-To: ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 715253A6827 for <ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com>; Tue, 12 Aug 2008 13:53:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.98
X-Spam-Level:
X-Spam-Status: No, score=-1.98 tagged_above=-999 required=5 tests=[AWL=0.066, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9sKYKyMUpj1z for <ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com>; Tue, 12 Aug 2008 13:53:42 -0700 (PDT)
Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id 8D2423A63EC for <sasl-archive-Zoh8yoh9@ietf.org>; Tue, 12 Aug 2008 13:53:42 -0700 (PDT)
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m7CKlll5070053 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 12 Aug 2008 13:47:47 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m7CKllXv070052; Tue, 12 Aug 2008 13:47:47 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m7CKlkm5070046 for <ietf-sasl@imc.org>; Tue, 12 Aug 2008 13:47:46 -0700 (MST) (envelope-from Kurt.Zeilenga@Isode.com)
Received: from [192.168.1.100] ((unknown) [75.141.233.128]) by rufus.isode.com (submission channel) via TCP with ESMTPA id <SKH28ABe8BoH@rufus.isode.com>; Tue, 12 Aug 2008 21:47:45 +0100
X-SMTP-Protocol-Errors: NORDNS
Cc: Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@gmail.com>, ietf-sasl@imc.org
Message-Id: <1EF9889A-DC6B-4318-9F4D-F854E715AC48@Isode.com>
From: Kurt Zeilenga <Kurt.Zeilenga@isode.com>
To: Tom Yu <tlyu@MIT.EDU>
In-Reply-To: <ldvmyjii7ho.fsf@cathode-dark-space.mit.edu>
Subject: Re: Random data
Date: Tue, 12 Aug 2008 13:47:42 -0700
References: <ldvlki6dqqu.fsf@cathode-dark-space.mit.edu> <45F8475F.729B@xyzzy.claranet.de> <8F2528F5-886C-4E8F-B334-3438BA925F43@Isode.com> <g7r2et$50e$1@ger.gmane.org> <377B7578-AC45-49D9-94BC-706CC6029609@Isode.com> <g7rl7f$kdl$1@ger.gmane.org> <ldvsktabh09.fsf@cathode-dark-space.mit.edu> <g7ru9t$hrf$1@ger.gmane.org> <ldvmyjii7ho.fsf@cathode-dark-space.mit.edu>
X-Mailer: Apple Mail (2.926)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
On 12 Aug 2008, at 8:21 AM, Tom Yu wrote: > > "Frank Ellermann" <nobody@xyzzy.claranet.de> writes: > >> Tom Yu wrote: >> >>>> The right hand side of a challenge in "Message-ID format" >>>> can be twisted into what I expect by an attacker, it's no >>>> security feature. >> >>> Might this have been an aborted attempt at specifying how >>> to use the challenge to transmit additional information to >>> a server, such as channel binding information? Or am I >>> thinking of DIGEST? >> >> I'd guess that RFC 2195 uses the format of a Message-ID for >> a challenge, because that's what APOP also uses, and a known >> (for mail and news related protocols) concept. > > I meant that the introduction in draft-ietf-sasl-crammd5 of a new > requirement that an implementation not interpret the "string that > RFC2195 required to look like a RFC822 msg-id" might have been an > aborted attempt to provide a "covert channel" for signaling the use of > a channel binding. > > Alternatively, the new requirement that the client not interpret the > challenge string might be an effort to improve interoperability with > servers that do not send challenge strings that strictly conform to > the syntax of RFC822 or RFC2822 msg-id strings. > > Authors or others, please elaborate if you recall the history of this > change. > If I recall correctly, there was concern that some implementations might verify that string adheres to requirements that might placed upon msg-id strings in other situations. The desire was to say that string has no semantical value. Maybe there is a better way to say that... -- Kurt
- Re: Security (crammd5) Frank Ellermann
- Re: Security (was: WG Last Call: draft-ietf-sasl-… Philip Guenther
- Security (was: WG Last Call: draft-ietf-sasl-cram… Frank Ellermann
- Interoperability (was: WG Last Call: draft-ietf-s… Frank Ellermann
- Limited use (was: WG Last Call: draft-ietf-sasl-c… Frank Ellermann
- Random data (was: WG Last Call: draft-ietf-sasl-c… Frank Ellermann
- Re: cram draft bug Alexey Melnikov
- Re: cram draft bug Kurt Zeilenga
- Re: WG Last Call: draft-ietf-sasl-crammd5-08.txt Alexey Melnikov
- Re: WG Last Call: draft-ietf-sasl-crammd5-08.txt Alexey Melnikov
- Re: cram draft bug Alexey Melnikov
- cram draft bug Lyndon Nerenberg
- Re: WG Last Call: draft-ietf-sasl-crammd5-08.txt Simon Josefsson
- WG Last Call: draft-ietf-sasl-crammd5-08.txt Tom Yu
- Future of SASLprep Simon Josefsson
- Re: Security Simon Josefsson
- Re: Random data Simon Josefsson
- Re: Interoperability (was: WG Last Call: draft-ie… Kurt Zeilenga
- Re: Interoperability (was: WG Last Call: draft-ie… Kurt Zeilenga
- Re: Interoperability Frank Ellermann
- Re: Interoperability Kurt Zeilenga
- Re: Interoperability Kurt Zeilenga
- Re: Interoperability Sam Hartman
- Re: Security (was: WG Last Call: draft-ietf-sasl-… Kurt Zeilenga
- Re: Limited use (was: WG Last Call: draft-ietf-sa… Kurt Zeilenga
- Re: Random data (was: WG Last Call: draft-ietf-sa… Kurt Zeilenga
- Re: Interoperability Frank Ellermann
- Re: Random data Frank Ellermann
- Re: Interoperability Frank Ellermann
- Re: Random data Kurt Zeilenga
- Re: Random data Lyndon Nerenberg
- Re: Random data Frank Ellermann
- Re: Future of SASLprep Frank Ellermann
- Re: Random data Tom Yu
- Re: Future of SASLprep Simon Josefsson
- Re: Random data Frank Ellermann
- Re: Future of SASLprep Frank Ellermann
- Re: Interoperability Sam Hartman
- Re: Random data Tom Yu
- Re: Interoperability Frank Ellermann
- Re: Security Kurt Zeilenga
- Re: Future of SASLprep Kurt Zeilenga
- Re: Security Simon Josefsson
- Re: Security Kurt Zeilenga
- Re: Security Frank Ellermann
- Re: Random data Frank Ellermann
- Re: Security Jeffrey Hutzelman
- Re: Security Kurt Zeilenga
- Re: Random data Kurt Zeilenga
- Re: Security Frank Ellermann
- Re: Random data Frank Ellermann
- Re: Security Frank Ellermann
- Re: Security Simon Josefsson
- Re: Random data Lyndon Nerenberg
- Re: Security Hallvard B Furuseth
- Re: Random data Lyndon Nerenberg
- Re: Security Simon Josefsson
- Re: Security Sam Hartman
- Re: Random data Kurt Zeilenga
- Re: Random data Frank Ellermann
- Re: Random data Frank Ellermann
- Re: Random data Simon Josefsson
- Re: Security Simon Josefsson
- Re: Security Frank Ellermann
- Re: Security Sam Hartman
- Re: Random data Kurt Zeilenga
- RE: Security Paul Leach
- Re: Security Sam Hartman
- Re: Security Frank Ellermann
- Re: Security Sam Hartman
- RE: Security Paul Leach
- Re: Random data Tony Finch
- Re: Random data Frank Ellermann
- Re: Security Frank Ellermann
- Re: Random data Kurt Zeilenga
- Re: Future of SASLprep Sam Hartman
- Re: Random data Simon Josefsson
- Re: Random data Frank Ellermann
- Re: Security Kurt Zeilenga
- Re: Security Simon Josefsson
- Re: Security Kurt Zeilenga
- Re: Security Sam Hartman