Re: I-D ACTION:draft-ietf-sasl-crammd5-to-historic-00.txt
Paul Smith <paul@pscs.co.uk> Wed, 26 November 2008 16:42 UTC
Return-Path: <owner-ietf-sasl@mail.imc.org>
X-Original-To: ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com
Delivered-To: ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 60B1F3A688A for <ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com>; Wed, 26 Nov 2008 08:42:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yiQcTzLeDQ+o for <ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com>; Wed, 26 Nov 2008 08:42:07 -0800 (PST)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 02C163A6837 for <sasl-archive-Zoh8yoh9@ietf.org>; Wed, 26 Nov 2008 08:42:06 -0800 (PST)
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id mAQGUbhA048858 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 26 Nov 2008 09:30:37 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id mAQGUbfQ048857; Wed, 26 Nov 2008 09:30:37 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from mail.pscs.co.uk (mail.pscs.co.uk [77.240.14.73]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id mAQGUORk048848 for <ietf-sasl@imc.org>; Wed, 26 Nov 2008 09:30:36 -0700 (MST) (envelope-from paul@pscs.co.uk)
Received: from lmail.pscs.co.uk ([62.3.195.6]) by mail.pscs.co.uk ([77.240.14.73] running VPOP3) with ESMTP; Wed, 26 Nov 2008 16:30:16 -0000
Received: from [192.168.66.101] ([192.168.66.101]) by lmail.pscs.co.uk ([192.168.66.70] running VPOP3) with ESMTP; Wed, 26 Nov 2008 16:30:12 -0000
Message-ID: <492D7994.7080202@pscs.co.uk>
Date: Wed, 26 Nov 2008 16:30:12 +0000
From: Paul Smith <paul@pscs.co.uk>
User-Agent: Thunderbird 2.0.0.18 (Windows/20081105)
MIME-Version: 1.0
To: John C Klensin <john-ietf@jck.com>
CC: Kurt.Zeilenga@isode.com, ietf-sasl@imc.org, pasi.eronen@nokia.com
Subject: Re: I-D ACTION:draft-ietf-sasl-crammd5-to-historic-00.txt
References: <20081124223001.B88703A682C@core3.amsl.com> <7928C65B3EEAEB90C35C6853@p3.int.jck.com>
In-Reply-To: <7928C65B3EEAEB90C35C6853@p3.int.jck.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Authenticated-Sender: paul
X-Server: VPOP3 Enterprise V2.6.0e - Registered
X-Organisation: Paul Smith Computer Services
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
John C Klensin wrote: > I would certainly agree with that conclusion about clear-text > over TLS if it were substantiated. However, in a world in which > typical certs for mail servers seem to be either self-signed (or > certified on the basis of email address dialogues or domain name > ownership), in which attacks on the DNS are well-known and the > proper response to "Bind 8 is dead" may be "before or after Bind > 4?", methods based on challenge-response may have one advantage > that the I-D does not discuss, namely being independent of the > certificate and DNS situation and relationships. > I think this is an important issue. So, I agree with John's 'plan of attack' here. CRAM-MD5 makes it a lot harder for MITM attacks than plain text over an unverified TLS link does. While plain text over TLS does stop attacks from 'eavesdroppers' it does nothing for MITM attacks in most cases. I think one thing that some people seem to forget is that most people who use email have no clue what TLS is, or how certificates work. For plain text over TLS to be more secure (IMV) than CRAM-MD5, average users would have to check mail server certificates, which they won't do. - I can see the point in the draft about an a priori agreement about character set, but is that really a big deal? 'sequence of ASCII printable characters encoded in an octet with zero parity, with no normalization' pretty much covers every case of passwords I've ever seen anyone use - even in non-latin character set countries. - No, CRAM-MD5 doesn't protect the user ID from eavesdroppers, but plain text over TLS protects neither the user ID nor the password from a MITM attack if the certificate isn't verified. CRAM-MD5 does protect the password from both eavesdroppers and MITM attacks. Given that a large number of mail providers use easily guessable user IDs (for ease of use by users), I'm not sure how significant this 'weakness' in CRAM-MD5 is *in real life*. Now, in *some cases* I can see that plain text/TLS is better than CRAM-MD5 - where the mail system is managed by competent techies, and where email software is installed for users by those techies (so certificates can be configured properly), but in the vast majority of cases out there, I think the choice would be CRAM-MD5, plain text over an unencrypted session, or plain text over a dubiously encrypted session - which is better? CRAM-MD5 has a large deployed server base out there. I don't think PLAIN over TLS is a secure alternative, and SCRAM is still 'work in progress' (and I remember the issues that we STILL have because we deployed SMTP 'AUTH' support before that was finalised ('AUTH=CRAM-MD5' vs 'AUTH CRAM-MD5' anyone?)). -- Paul Smith VPOP3 - POP3/SMTP/IMAP4/Webmail Email server for Windows
- I-D ACTION:draft-ietf-sasl-crammd5-to-historic-00… Internet-Drafts
- Re: I-D ACTION:draft-ietf-sasl-crammd5-to-histori… John C Klensin
- Re: I-D ACTION:draft-ietf-sasl-crammd5-to-histori… Simon Josefsson
- Re: I-D ACTION:draft-ietf-sasl-crammd5-to-histori… Paul Smith
- Re: I-D ACTION:draft-ietf-sasl-crammd5-to-histori… Simon Josefsson
- Re: I-D ACTION:draft-ietf-sasl-crammd5-to-histori… John C Klensin