IETF Logo Mail Archive

Re: Poll: pure SCRAM versa SCRAM-as-GS2

Kurt Zeilenga <Kurt.Zeilenga@isode.com> Tue, 10 February 2009 17:59 UTC

Return-Path: <owner-ietf-sasl@mail.imc.org>
X-Original-To: ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com
Delivered-To: ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 33DE63A6B52 for <ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com>; Tue, 10 Feb 2009 09:59:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hAR6SWxuHAP8 for <ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com>; Tue, 10 Feb 2009 09:59:42 -0800 (PST)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id F34843A6A55 for <sasl-archive-Zoh8yoh9@ietf.org>; Tue, 10 Feb 2009 09:59:41 -0800 (PST)
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n1AHtnOl090990 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 10 Feb 2009 10:55:49 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n1AHtne4090989; Tue, 10 Feb 2009 10:55:49 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n1AHtc4M090975 for <ietf-sasl@imc.org>; Tue, 10 Feb 2009 10:55:49 -0700 (MST) (envelope-from Kurt.Zeilenga@isode.com)
Received: from [172.16.2.112] (shiny.isode.com [62.3.217.250]) by rufus.isode.com (submission channel) via TCP with ESMTPSA id <SZG=lgB0lKSZ@rufus.isode.com>; Tue, 10 Feb 2009 17:55:35 +0000
Cc: Alexey Melnikov <alexey.melnikov@isode.com>, SASL WG <ietf-sasl@imc.org>
Message-Id: <ECCB0FE3-78A2-474F-A5B4-1B4380E825C2@isode.com>
From: Kurt Zeilenga <Kurt.Zeilenga@isode.com>
To: Nicolas Williams <Nicolas.Williams@sun.com>
In-Reply-To: <20090210155912.GM9992@Sun.COM>
Subject: Re: Poll: pure SCRAM versa SCRAM-as-GS2
Date: Tue, 10 Feb 2009 09:55:31 -0800
References: <498B569C.7070400@isode.com> <01AAA59C-9449-40FC-B9F1-1E7848A8D339@Isode.com> <20090210155912.GM9992@Sun.COM>
X-Mailer: Apple Mail (2.930.3)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>

On Feb 10, 2009, at 7:59 AM, Nicolas Williams wrote:

>
> On Mon, Feb 09, 2009 at 01:09:43PM -0800, Kurt Zeilenga wrote:
>> I would have assumed one difference between these two approaches is
>> that if SCRAM were implemented as a GSA-API, the GS2- variant would  
>> be
>> capable of providing a SASL security layer.  If that were so, this
>> would lead to a significant interoperability problem as there would  
>> be
>> two classes of support:
>> 	non-GSS-API implementations: no security layer (use TLS)
>> 	GSS-API implementations: GS2 security layer
>
> Nope.

Then I might consider GS2-SCRAM as incomplete.  Given the goal that  
GSS-API SCRAM be generally usable outside of SASL, it seems  
appropriate for GSS-API SCRAM to support GSS-API wrapping.

But for native SCRAM, I think it reasonable not to offer a mechanism  
given the implicit goal of keeping it simple (and hence relying solely  
relying TLS).

I see the goals of GS2-SCRAM and the goals of native SCRAM as somewhat  
divergent.

I'm not opposed to having both.  I rather have a simple native SASL/ 
SCRAM and a robust GSS-API SCRAM, then something which is neither.

> The idea was that because all these SASL apps rely on TLS today for
> session security what you'd do is SCRAM-as-GS2 with channel binding to
> TLS (wait for it: "channel binding is too complicated!" even though  
> it's
> just one more input into a hash/hmac that's already there and has to
> be).  Thus: no need for SASL/SCRAM security layers.
>
>> Regardless of this, I simply don't thing scram-gs2 is "simple"  
>> enough.
>
> Details.  Please provide details.

Of course, "simple" enough is quite subjective characteristic.   When  
I first said this it was a gut reaction.  Here are some things which  
lead me to my characterization of SCRAM-GS2 not being "simple" enough.

Draft-newman-auth-scram-gs2-00.txt contains a normative reference to  
draft-ietf-sasl-gs2-10.txt.  This implies an implementor must read and  
understand draft-ietf-sasl-gs2-10.txt, as well as elements of its  
normative references, in order to implement the protocol.  (I doubt  
this normative reference can be downgraded.)

The GS2 ABNF is twice as long.

Not written in the GS2 specification, but needed to ensure broad  
adoption, is interoperability between the two classes of  
implementations.  Interoperability between classes of implementations  
is quite difficult to achieve in general, and the best way (I think)  
to avoid such interoperability problems is not to have classes of  
implementation.

-- Kurt

v2.23.0 | Report a Bug | By Email