IETF Logo Mail Archive

Re: I-D ACTION:draft-ietf-sasl-crammd5-to-historic-00.txt

Paul Smith <paul@pscs.co.uk> Wed, 26 November 2008 16:42 UTC

Return-Path: <owner-ietf-sasl@mail.imc.org>
X-Original-To: ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com
Delivered-To: ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 60B1F3A688A for <ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com>; Wed, 26 Nov 2008 08:42:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yiQcTzLeDQ+o for <ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com>; Wed, 26 Nov 2008 08:42:07 -0800 (PST)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 02C163A6837 for <sasl-archive-Zoh8yoh9@ietf.org>; Wed, 26 Nov 2008 08:42:06 -0800 (PST)
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id mAQGUbhA048858 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 26 Nov 2008 09:30:37 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id mAQGUbfQ048857; Wed, 26 Nov 2008 09:30:37 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from mail.pscs.co.uk (mail.pscs.co.uk [77.240.14.73]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id mAQGUORk048848 for <ietf-sasl@imc.org>; Wed, 26 Nov 2008 09:30:36 -0700 (MST) (envelope-from paul@pscs.co.uk)
Received: from lmail.pscs.co.uk ([62.3.195.6]) by mail.pscs.co.uk ([77.240.14.73] running VPOP3) with ESMTP; Wed, 26 Nov 2008 16:30:16 -0000
Received: from [192.168.66.101] ([192.168.66.101]) by lmail.pscs.co.uk ([192.168.66.70] running VPOP3) with ESMTP; Wed, 26 Nov 2008 16:30:12 -0000
Message-ID: <492D7994.7080202@pscs.co.uk>
Date: Wed, 26 Nov 2008 16:30:12 +0000
From: Paul Smith <paul@pscs.co.uk>
User-Agent: Thunderbird 2.0.0.18 (Windows/20081105)
MIME-Version: 1.0
To: John C Klensin <john-ietf@jck.com>
CC: Kurt.Zeilenga@isode.com, ietf-sasl@imc.org, pasi.eronen@nokia.com
Subject: Re: I-D ACTION:draft-ietf-sasl-crammd5-to-historic-00.txt
References: <20081124223001.B88703A682C@core3.amsl.com> <7928C65B3EEAEB90C35C6853@p3.int.jck.com>
In-Reply-To: <7928C65B3EEAEB90C35C6853@p3.int.jck.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Authenticated-Sender: paul
X-Server: VPOP3 Enterprise V2.6.0e - Registered
X-Organisation: Paul Smith Computer Services
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>

John C Klensin wrote:
> I would certainly agree with that conclusion about clear-text
> over TLS if it were substantiated.  However, in a world in which
> typical certs for mail servers seem to be either self-signed (or
> certified on the basis of email address dialogues or domain name
> ownership), in which attacks on the DNS are well-known and the
> proper response to "Bind 8 is dead" may be "before or after Bind
> 4?", methods based on challenge-response may have one advantage
> that the I-D does not discuss, namely being independent of the
> certificate and DNS situation and relationships.  
>   
I think this is an important issue. So, I agree with John's 'plan of
attack' here.

CRAM-MD5 makes it a lot harder for MITM attacks than plain text over an
unverified TLS link does. While plain text over TLS does stop attacks
from 'eavesdroppers' it does nothing for MITM attacks in most cases.

I think one thing that some people seem to forget is that most people
who use email have no clue what TLS is, or how certificates work. For
plain text over TLS to be more secure (IMV) than CRAM-MD5, average users
would have to check mail server certificates, which they won't do.

- I can see the point in the draft about an a priori agreement about
character set, but is that really a big deal? 'sequence of ASCII
printable characters encoded in an octet with zero parity, with no
normalization' pretty much covers every case of passwords I've ever seen
anyone use - even in non-latin character set countries.

- No, CRAM-MD5 doesn't protect the user ID from eavesdroppers, but plain
text over TLS protects neither the user ID nor the password from a MITM
attack if the certificate isn't verified. CRAM-MD5 does protect the
password from both eavesdroppers and MITM attacks. Given that a large
number of mail providers use easily guessable user IDs (for ease of use
by users), I'm not sure how significant this 'weakness' in CRAM-MD5 is
*in real life*.

Now, in *some cases* I can see that plain text/TLS is better than
CRAM-MD5 - where the mail system is managed by competent techies, and
where email software is installed for users by those techies (so
certificates can be configured properly), but in the vast majority of
cases out there, I think the choice would be CRAM-MD5, plain text over
an unencrypted session, or plain text over a dubiously encrypted session
- which is better?

CRAM-MD5 has a large deployed server base out there. I don't think PLAIN
over TLS is a secure alternative, and SCRAM is still 'work in progress'
(and I remember the issues that we STILL have because we deployed SMTP
'AUTH' support before that was finalised ('AUTH=CRAM-MD5' vs 'AUTH
CRAM-MD5' anyone?)).

-- 
Paul Smith

VPOP3 - POP3/SMTP/IMAP4/Webmail Email server for Windows

v2.23.0 | Report a Bug | By Email