Re: WG Action: RECHARTER: Simple Authentication and Security Layer (sasl)
Peter Saint-Andre <stpeter@stpeter.im> Tue, 28 October 2008 21:23 UTC
Return-Path: <owner-ietf-sasl@mail.imc.org>
X-Original-To: ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com
Delivered-To: ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DF00B3A6CBE for <ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com>; Tue, 28 Oct 2008 14:23:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MaVfr5KVRRVI for <ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com>; Tue, 28 Oct 2008 14:23:02 -0700 (PDT)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id AAFC03A6C86 for <sasl-archive-Zoh8yoh9@ietf.org>; Tue, 28 Oct 2008 14:23:01 -0700 (PDT)
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9SLHr2J062474 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 28 Oct 2008 14:17:53 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m9SLHraZ062473; Tue, 28 Oct 2008 14:17:53 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from dizzyd.com (dizzyd.com [207.210.219.225]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9SLHgI0062408 for <ietf-sasl@imc.org>; Tue, 28 Oct 2008 14:17:52 -0700 (MST) (envelope-from stpeter@stpeter.im)
Received: from wrk225.corp.jabber.com (dencfw1.jabber.com [207.182.164.5]) (Authenticated sender: stpeter) by dizzyd.com (Postfix) with ESMTPSA id 1EB24400F0; Tue, 28 Oct 2008 15:13:29 -0600 (MDT)
Message-ID: <49078173.6080105@stpeter.im>
Date: Tue, 28 Oct 2008 15:17:39 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.17) Gecko/20080914 Thunderbird/2.0.0.17 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: IESG Secretary <iesg-secretary@ietf.org>
CC: IETF Announcement list <ietf-announce@ietf.org>, ietf-sasl@imc.org, kurt.zeilenga@isode.com, tlyu@mit.edu
Subject: Re: WG Action: RECHARTER: Simple Authentication and Security Layer (sasl)
References: <20081028205832.B05DA3A6CAB@core3.amsl.com>
In-Reply-To: <20081028205832.B05DA3A6CAB@core3.amsl.com>
X-Enigmail-Version: 0.95.7
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
IESG Secretary wrote: > draft-newman-auth-scam I hope that's not a Freudian slip. :) /psa Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9SLHr2J062474 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 28 Oct 2008 14:17:53 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m9SLHraZ062473; Tue, 28 Oct 2008 14:17:53 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from dizzyd.com (dizzyd.com [207.210.219.225]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9SLHgI0062408 for <ietf-sasl@imc.org>; Tue, 28 Oct 2008 14:17:52 -0700 (MST) (envelope-from stpeter@stpeter.im) Received: from wrk225.corp.jabber.com (dencfw1.jabber.com [207.182.164.5]) (Authenticated sender: stpeter) by dizzyd.com (Postfix) with ESMTPSA id 1EB24400F0; Tue, 28 Oct 2008 15:13:29 -0600 (MDT) Message-ID: <49078173.6080105@stpeter.im> Date: Tue, 28 Oct 2008 15:17:39 -0600 From: Peter Saint-Andre <stpeter@stpeter.im> User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.17) Gecko/20080914 Thunderbird/2.0.0.17 Mnenhy/0.7.5.666 MIME-Version: 1.0 To: IESG Secretary <iesg-secretary@ietf.org> CC: IETF Announcement list <ietf-announce@ietf.org>, ietf-sasl@imc.org, kurt.zeilenga@isode.com, tlyu@mit.edu Subject: Re: WG Action: RECHARTER: Simple Authentication and Security Layer (sasl) References: <20081028205832.B05DA3A6CAB@core3.amsl.com> In-Reply-To: <20081028205832.B05DA3A6CAB@core3.amsl.com> X-Enigmail-Version: 0.95.7 OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> IESG Secretary wrote: > draft-newman-auth-scam I hope that's not a Freudian slip. :) /psa Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9SKwXpG058282 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 28 Oct 2008 13:58:33 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m9SKwXZS058279; Tue, 28 Oct 2008 13:58:33 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9SKwWna058271 for <ietf-sasl@imc.org>; Tue, 28 Oct 2008 13:58:32 -0700 (MST) (envelope-from wwwrun@core3.amsl.com) Received: by core3.amsl.com (Postfix, from userid 30) id B05DA3A6CAB; Tue, 28 Oct 2008 13:58:32 -0700 (PDT) From: IESG Secretary <iesg-secretary@ietf.org> To: IETF Announcement list <ietf-announce@ietf.org> Cc: tlyu@mit.edu, kurt.zeilenga@isode.com, ietf-sasl@imc.org Subject: WG Action: RECHARTER: Simple Authentication and Security Layer (sasl) Content-Type: text/plain; charset="utf-8" Mime-Version: 1.0 Message-Id: <20081028205832.B05DA3A6CAB@core3.amsl.com> Date: Tue, 28 Oct 2008 13:58:32 -0700 (PDT) Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> The Simple Authentication and Security Layer (sasl) working group in the Security Area of the IETF has been rechartered. For additional information, please contact the Area Directors or the working group Chairs. Simple Authentication and Security Layer (sasl) ================================================ Last Revision 10/3/2008 Current Status: Active Working Group Additional information is available at tools.ietf.org/wg/sasl Chair(s): Kurt Zeilenga [kurt.zeilenga@isode.com] Tom Yu [tlyu@mit.edu] Security Area Director(s): Tim Polk [tim.polk@nist.gov] Pasi Eronen [pasi.eronen@nokia.com] Security Area Advisor: Pasi Eronen [pasi.eronen@nokia.com] Mailing Lists: General Discussion: ietf-sasl@imc.org To Subscribe: ietf-sasl-request@imc.org In Body: subscribe Archive: http://www.imc.org/ietf-sasl/mail-archive/ Description of Working Group: The Simple Authentication and Security Layer [RFC4422] provides key security services to a number of application protocols including BEEP, IMAP, LDAP, POP, and SMTP. The purpose of this working group is to shepherd SASL, including select SASL mechanisms, through the Internet Standards process. This group will work to progress the SASL Technical Specification toward Draft Standard. The group has determined that DIGEST-MD5 [RFC2831] is not suitable for progression on the Standards Track due to interoperability, internationalization, and security concerns. The group will deliver a technical specification for a suitable password-based challenge/ response replacement mechanism for Standard Track consideration. The replacement mechanism is expected to be "better than" DIGEST-MD5 from a number of perspectives including interoperability, internationalization, and security. The replacement mechanism is not expected to (but may) provide a security layer itself, instead relying on security services provided at a lower layer (e.g., TLS) and channel bindings. The WG is expected to strike a consensus-supported balance between the many qualities desired in the replacement. Desired qualities include (but are not limited to) negotiated key hardening iteration count, downgrade attack protection, and mutual authentication. The group intends to consider a number of approaches, including draft-newman-auth-scam and draft-josefsson-password-auth, as input. Additionally, the WG will deliver a document summarizing its DIGEST-MD5 concerns and requesting RFC 2831 be moved to Historic status. This document will be based upon draft-ietf-sasl-digest-to- historic. This group will deliver a revised Technical Specification suitable for publication as Proposed Standard for the GSS-API family of SASL mechanisms. This work will be based upon draft-ietf-sasl-gs2. The group will produce a successor document for the CRAM-MD5 specification, RFC 2195. The outcome can be a Standards Track specification replacing RFC 2195, an Informational document moving RFC 2195 to Historic, or an Informational document that documents existing implementation practice. The following areas are not within the scope of work of this WG: - new features, - SASL Mechanisms not specifically mentioned above, and - SASL "profiles". However, the SASL WG is an acceptable forum for review of SASL-related submissions produced by others as long as such review does not impede progress on the WG objectives listed above. Milestones: Done Initial I-D for RFC4422bis Done Initial I-D for DIGEST-MD5 to Historic Done WGLC I-D for DIGEST-MD5 to Historic Done Initial DIGEST-MD5 replacement I-D Done Initial GS2 I-D Nov 08 initial RFC4422bis implementation report Nov 08 Reach consensus on CRAM-MD5 successor approach (and update milestones accordingly) Dec 08 WGLC RFC4422bis and implementation report I-D Jan 09 WGLC DIGEST-MD5 replacement I-D Jan 09 WGLC GS2 I-D Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9FM9YX4055385 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 15 Oct 2008 15:09:34 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m9FM9Y0x055384; Wed, 15 Oct 2008 15:09:34 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from sca-ea-mail-3.sun.com (sca-ea-mail-3.Sun.COM [192.18.43.21]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9FM9Nxr055371 for <ietf-sasl@imc.org>; Wed, 15 Oct 2008 15:09:33 -0700 (MST) (envelope-from Nicolas.Williams@sun.com) Received: from dm-central-01.central.sun.com ([129.147.62.4]) by sca-ea-mail-3.sun.com (8.13.6+Sun/8.12.9) with ESMTP id m9FM9MAa017244 for <ietf-sasl@imc.org>; Wed, 15 Oct 2008 22:09:22 GMT Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-01.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL,v2.2) with ESMTP id m9FM9MU8027616 for <ietf-sasl@imc.org>; Wed, 15 Oct 2008 16:09:22 -0600 (MDT) Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id m9FM1UX4012126; Wed, 15 Oct 2008 17:01:30 -0500 (CDT) Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id m9FM1TKv012125; Wed, 15 Oct 2008 17:01:29 -0500 (CDT) X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f Date: Wed, 15 Oct 2008 17:01:29 -0500 From: Nicolas Williams <Nicolas.Williams@sun.com> To: Alexey Melnikov <alexey.melnikov@isode.com> Cc: ietf-sasl@imc.org Subject: Re: SASL WG status, 10/15 Message-ID: <20081015220129.GU8906@Sun.COM> References: <ldviqrtdfj9.fsf@cathode-dark-space.mit.edu> <48F613F0.3070107@isode.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <48F613F0.3070107@isode.com> User-Agent: Mutt/1.5.7i Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> On Wed, Oct 15, 2008 at 05:01:52PM +0100, Alexey Melnikov wrote: > Tom Yu wrote: > > * channel binding - Nico? > > Nico, can you please review draft-newman-auth-scram-06.txt and tell us > if the text on channel binding use is correct/complete? I think it's correct, but there's a slight disconnect between the BNF and the text (e.g., "verifier" is defined but never referenced in the text). > > * LDAP storage of auth info > > text needed for WG consideration - Chris? - 9/30 > > > > > I will post a separate draft on this. > > > * make equivalent to a GS2 mech > > text needed for WG consideration - Sam/Nico?- 9/30 IIRC there was one undecided issue left. Can we please decide it? Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9FJ1L24040431 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 15 Oct 2008 12:01:21 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m9FJ1Ltq040430; Wed, 15 Oct 2008 12:01:21 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from sca-ea-mail-2.sun.com (sca-ea-mail-2.Sun.COM [192.18.43.25]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9FJ15TH040421 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for <ietf-sasl@imc.org>; Wed, 15 Oct 2008 12:01:16 -0700 (MST) (envelope-from Nicolas.Williams@sun.com) Received: from dm-central-01.central.sun.com ([129.147.62.4]) by sca-ea-mail-2.sun.com (8.13.7+Sun/8.12.9) with ESMTP id m9FJ13PL018198 for <ietf-sasl@imc.org>; Wed, 15 Oct 2008 19:01:05 GMT Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-01.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL,v2.2) with ESMTP id m9FJ12UV039728 for <ietf-sasl@imc.org>; Wed, 15 Oct 2008 13:01:02 -0600 (MDT) Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id m9FIr9nY011919; Wed, 15 Oct 2008 13:53:09 -0500 (CDT) Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id m9FIr9dc011918; Wed, 15 Oct 2008 13:53:09 -0500 (CDT) X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f Date: Wed, 15 Oct 2008 13:53:09 -0500 From: Nicolas Williams <Nicolas.Williams@sun.com> To: Alexey Melnikov <alexey.melnikov@isode.com> Cc: ietf-sasl@imc.org Subject: Re: SASL WG status, 10/15 Message-ID: <20081015185309.GA8906@Sun.COM> References: <ldviqrtdfj9.fsf@cathode-dark-space.mit.edu> <48F613F0.3070107@isode.com> <20081015174103.GY8906@Sun.COM> <48F62F14.3040601@isode.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <48F62F14.3040601@isode.com> User-Agent: Mutt/1.5.7i Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> On Wed, Oct 15, 2008 at 06:57:40PM +0100, Alexey Melnikov wrote: > Nicolas Williams wrote: > >Is this I-D supposed to take into account the SCRAM-as-GS2-mech > >discussion? > > > No, the draft predates GS2 discussion. Hmm. Perhaps then it would be better to suggest changes to make it match the discussion. IIRC we never selected one particular choice w.r.t. what to base64-encode, ... However, the natural choice would be to base64-encode the first binary token and leave the second one unencoded. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9FHw25l034555 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 15 Oct 2008 10:58:02 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m9FHw2VC034554; Wed, 15 Oct 2008 10:58:02 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9FHw1AV034548 for <ietf-sasl@imc.org>; Wed, 15 Oct 2008 10:58:01 -0700 (MST) (envelope-from alexey.melnikov@isode.com) Received: from [172.16.2.103] (shiny.isode.com [62.3.217.250]) by rufus.isode.com (submission channel) via TCP with ESMTPA id <SPYvKAAq91lM@rufus.isode.com>; Wed, 15 Oct 2008 18:58:00 +0100 Message-ID: <48F62F14.3040601@isode.com> Date: Wed, 15 Oct 2008 18:57:40 +0100 From: Alexey Melnikov <alexey.melnikov@isode.com> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: en-us, en To: Nicolas Williams <Nicolas.Williams@sun.com> CC: ietf-sasl@imc.org Subject: Re: SASL WG status, 10/15 References: <ldviqrtdfj9.fsf@cathode-dark-space.mit.edu> <48F613F0.3070107@isode.com> <20081015174103.GY8906@Sun.COM> In-Reply-To: <20081015174103.GY8906@Sun.COM> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> Nicolas Williams wrote: >On Wed, Oct 15, 2008 at 05:01:52PM +0100, Alexey Melnikov wrote: > > >>>* channel binding - Nico? >>> >>> >>Nico, can you please review draft-newman-auth-scram-06.txt and tell us >>if the text on channel binding use is correct/complete? >> >> >Will do. > >Is this I-D supposed to take into account the SCRAM-as-GS2-mech >discussion? > > No, the draft predates GS2 discussion. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9FHnTS0033823 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 15 Oct 2008 10:49:29 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m9FHnTDm033822; Wed, 15 Oct 2008 10:49:29 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from sca-ea-mail-4.sun.com (sca-ea-mail-4.Sun.COM [192.18.43.22]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9FHnIaV033800 for <ietf-sasl@imc.org>; Wed, 15 Oct 2008 10:49:29 -0700 (MST) (envelope-from Nicolas.Williams@sun.com) Received: from dm-central-02.central.sun.com ([129.147.62.5]) by sca-ea-mail-4.sun.com (8.13.6+Sun/8.12.9) with ESMTP id m9FHnIIr000458 for <ietf-sasl@imc.org>; Wed, 15 Oct 2008 17:49:18 GMT Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL,v2.2) with ESMTP id m9FHnI5L055296 for <ietf-sasl@imc.org>; Wed, 15 Oct 2008 11:49:18 -0600 (MDT) Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id m9FHfNrQ011872; Wed, 15 Oct 2008 12:41:23 -0500 (CDT) Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id m9FHf4KI011866; Wed, 15 Oct 2008 12:41:04 -0500 (CDT) X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f Date: Wed, 15 Oct 2008 12:41:04 -0500 From: Nicolas Williams <Nicolas.Williams@sun.com> To: Alexey Melnikov <alexey.melnikov@isode.com> Cc: ietf-sasl@imc.org Subject: Re: SASL WG status, 10/15 Message-ID: <20081015174103.GY8906@Sun.COM> References: <ldviqrtdfj9.fsf@cathode-dark-space.mit.edu> <48F613F0.3070107@isode.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <48F613F0.3070107@isode.com> User-Agent: Mutt/1.5.7i Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> On Wed, Oct 15, 2008 at 05:01:52PM +0100, Alexey Melnikov wrote: > Tom Yu wrote: > > >SCRAM: > > * PBKDF2 iteration counts - Nico? > > > > > I took care of this, Nico doesn't need to do anything. Thanks :) > > * channel binding - Nico? > > > > > Nico, can you please review draft-newman-auth-scram-06.txt and tell us > if the text on channel binding use is correct/complete? Will do. Is this I-D supposed to take into account the SCRAM-as-GS2-mech discussion? Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9FGXIZc025626 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 15 Oct 2008 09:33:18 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m9FGXIjK025625; Wed, 15 Oct 2008 09:33:18 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from boole.openldap.org (boole.openldap.org [204.152.186.50]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9FGX7qt025609 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-sasl@imc.org>; Wed, 15 Oct 2008 09:33:17 -0700 (MST) (envelope-from Kurt.Zeilenga@Isode.com) Received: from [192.168.1.102] (75-141-233-128.dhcp.nv.charter.com [75.141.233.128] (may be forged)) (authenticated bits=0) by boole.openldap.org (8.13.8/8.13.8) with ESMTP id m9FGX46R018570 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 15 Oct 2008 16:33:05 GMT (envelope-from Kurt.Zeilenga@Isode.com) Cc: ietf-sasl@imc.org Message-Id: <3A3578BA-ECFC-4094-B771-200C0B3D9825@Isode.com> From: Kurt Zeilenga <Kurt.Zeilenga@isode.com> To: Tom Yu <tlyu@mit.edu> In-Reply-To: <ldviqrtdfj9.fsf@cathode-dark-space.mit.edu> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v929.2) Subject: Re: SASL WG status, 10/15 Date: Wed, 15 Oct 2008 09:33:04 -0700 References: <ldviqrtdfj9.fsf@cathode-dark-space.mit.edu> X-Mailer: Apple Mail (2.929.2) Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> On Oct 15, 2008, at 8:49 AM, Tom Yu wrote: > RFC 4422 implementation reports - need response summary - Kurt > - Due 9/30 Now that I have Alexey's response, I'll put this together. I likely will be able to consider any additional responses submitted to the list (or directly to me) by week's end... -- Kurt Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9FG2Iow022747 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 15 Oct 2008 09:02:18 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m9FG2IPf022746; Wed, 15 Oct 2008 09:02:18 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9FG27k7022726 for <ietf-sasl@imc.org>; Wed, 15 Oct 2008 09:02:18 -0700 (MST) (envelope-from alexey.melnikov@isode.com) Received: from [172.16.2.103] (shiny.isode.com [62.3.217.250]) by rufus.isode.com (submission channel) via TCP with ESMTPA id <SPYT=gAq9yuN@rufus.isode.com>; Wed, 15 Oct 2008 17:02:06 +0100 Message-ID: <48F613F0.3070107@isode.com> Date: Wed, 15 Oct 2008 17:01:52 +0100 From: Alexey Melnikov <alexey.melnikov@isode.com> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: en-us, en To: Nicolas Williams <Nicolas.Williams@sun.com> CC: ietf-sasl@imc.org Subject: Re: SASL WG status, 10/15 References: <ldviqrtdfj9.fsf@cathode-dark-space.mit.edu> In-Reply-To: <ldviqrtdfj9.fsf@cathode-dark-space.mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> Tom Yu wrote: >SCRAM: > * PBKDF2 iteration counts - Nico? > > I took care of this, Nico doesn't need to do anything. > * channel binding - Nico? > > Nico, can you please review draft-newman-auth-scram-06.txt and tell us if the text on channel binding use is correct/complete? > * LDAP storage of auth info > text needed for WG consideration - Chris? - 9/30 > > I will post a separate draft on this. > * make equivalent to a GS2 mech > text needed for WG consideration - Sam/Nico?- 9/30 > > Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9FFo2pL021859 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 15 Oct 2008 08:50:02 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m9FFo2Tt021858; Wed, 15 Oct 2008 08:50:02 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9FFnnB3021829 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-sasl@imc.org>; Wed, 15 Oct 2008 08:50:01 -0700 (MST) (envelope-from tlyu@MIT.EDU) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id m9FFnl3L021727 for <ietf-sasl@imc.org>; Wed, 15 Oct 2008 11:49:48 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id m9FFnklq027097 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <ietf-sasl@imc.org>; Wed, 15 Oct 2008 11:49:47 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id m9FFnk8t029189; Wed, 15 Oct 2008 11:49:46 -0400 (EDT) To: ietf-sasl@imc.org Subject: SASL WG status, 10/15 From: Tom Yu <tlyu@MIT.EDU> Date: Wed, 15 Oct 2008 11:49:46 -0400 Message-ID: <ldviqrtdfj9.fsf@cathode-dark-space.mit.edu> Lines: 28 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> I think we need new due dates on some of these items. Nico, Chris, and Sam, has there been any progress on the items with your names on them? Can you estimate when they will be done? Thanks. WG Charter - milestones needed - DONE (in IETF review) RFC 4422bis - review needed - WG RFC 4422 implementation reports - need response summary - Kurt - Due 9/30 RFC 4013bis - I-D needed - Kurt - 9/30 - dropped from WG CRAM-MD5 - resolve pending items from Frank: adding Simon's PLAIN/CRAM comparison and tying to saslprep revision; track resolution - WG digest-to-historic - mostly done, awaiting SCRAM GS2 - Awaiting SCRAM issue resolution SCRAM: * PBKDF2 iteration counts - Nico? * channel binding - Nico? * LDAP storage of auth info text needed for WG consideration - Chris? - 9/30 * make equivalent to a GS2 mech text needed for WG consideration - Sam/Nico?- 9/30 Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9FDalgQ007535 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 15 Oct 2008 06:36:47 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m9FDalID007534; Wed, 15 Oct 2008 06:36:47 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from yxa-v.extundo.com (yxa-v.extundo.com [83.241.177.39]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9FDaY9C007512 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for <ietf-sasl@imc.org>; Wed, 15 Oct 2008 06:36:46 -0700 (MST) (envelope-from simon@josefsson.org) Received: from c80-216-18-41.bredband.comhem.se ([80.216.18.41] helo=mocca.josefsson.org) by yxa-v.extundo.com with esmtpsa (TLS-1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.63) (envelope-from <simon@josefsson.org>) id 1Kq6Y9-00050Z-QX; Wed, 15 Oct 2008 15:36:30 +0200 From: Simon Josefsson <simon@josefsson.org> To: Jeffrey Hutzelman <jhutz@cmu.edu> Cc: iesg@ietf.org, ietf-sasl@imc.org Subject: Re: WG Review: Recharter of Simple Authentication and Security Layer (sasl) References: <20081015000001.7D17B3A67D1@core3.amsl.com> <87zll6z48z.fsf@mocca.josefsson.org> <4F54A366D66C6535A3B55B51@atlantis.pc.cs.cmu.edu> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:081015:ietf-sasl@imc.org::uIF7Zavwym2ATNXL:2pVP X-Hashcash: 1:22:081015:jhutz@cmu.edu::LT9N+8Kd112lBAUm:5nKQ X-Hashcash: 1:22:081015:iesg@ietf.org::7R7nS/wc2XHfC+rR:OCuo Date: Wed, 15 Oct 2008 15:36:28 +0200 In-Reply-To: <4F54A366D66C6535A3B55B51@atlantis.pc.cs.cmu.edu> (Jeffrey Hutzelman's message of "Wed, 15 Oct 2008 09:14:54 -0400") Message-ID: <8763nuyo83.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED,AWL autolearn=ham version=3.2.3 (2007-08-08) host=yxa-v.extundo.com Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> Jeffrey Hutzelman <jhutz@cmu.edu> writes: > --On Wednesday, October 15, 2008 09:50:20 AM +0200 Simon Josefsson > <simon@josefsson.org> wrote: > >> >> IESG Secretary <iesg-secretary@ietf.org> writes: >> >>> Done initial I-D for RFC4422bis >>> Nov 08 initial RFC4422bis implementation report >>> Dec 08 WGLC RFC4422bis and implementation report I-D >>> Done initial I-D for DIGEST-MD5 to Historic >>> Done WGLC I-D for DIGEST-MD5 to Historic >>> Done initial DIGEST-MD5 replacement I-D >>> Jan 09 WGLC DIGEST-MD5 replacement I-D >>> Done initial GS2 I-D >>> Jan 09 WGLC GS2 I-D >>> Nov 08 Reach consensus on CRAM-MD5 successor approach (and update >>> milestones accordingly) >> >> Given that GS2 is apparently stalled pending decisions on the CRAM-MD5 >> successor, either that decisions needs to be revisited, or these >> milestones appears backwards. > > No, the milestones look right, if a bit agressive. > They are just not sorted. Ah. Then let me alter my comment into a request to sort the entries. ;) /Simon Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9FDFcd6005675 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 15 Oct 2008 06:15:38 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m9FDFcmL005674; Wed, 15 Oct 2008 06:15:38 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from jackfruit.srv.cs.cmu.edu (JACKFRUIT.SRV.CS.CMU.EDU [128.2.201.16]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9FDFQjq005648 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ietf-sasl@imc.org>; Wed, 15 Oct 2008 06:15:37 -0700 (MST) (envelope-from jhutz@cmu.edu) Received: from rrcs-74-219-159-57.central.biz.rr.com (pool-96-236-214-142.pitbpa.fios.verizon.net [96.236.214.142]) (authenticated bits=0) by jackfruit.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id m9FDEssS029125 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 15 Oct 2008 09:14:55 -0400 (EDT) Date: Wed, 15 Oct 2008 09:14:54 -0400 From: Jeffrey Hutzelman <jhutz@cmu.edu> To: Simon Josefsson <simon@josefsson.org>, iesg@ietf.org, ietf-sasl@imc.org cc: jhutz@cmu.edu Subject: Re: WG Review: Recharter of Simple Authentication and Security Layer (sasl) Message-ID: <4F54A366D66C6535A3B55B51@atlantis.pc.cs.cmu.edu> In-Reply-To: <87zll6z48z.fsf@mocca.josefsson.org> References: <20081015000001.7D17B3A67D1@core3.amsl.com> <87zll6z48z.fsf@mocca.josefsson.org> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.201.16 Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> --On Wednesday, October 15, 2008 09:50:20 AM +0200 Simon Josefsson <simon@josefsson.org> wrote: > > IESG Secretary <iesg-secretary@ietf.org> writes: > >> Done initial I-D for RFC4422bis >> Nov 08 initial RFC4422bis implementation report >> Dec 08 WGLC RFC4422bis and implementation report I-D >> Done initial I-D for DIGEST-MD5 to Historic >> Done WGLC I-D for DIGEST-MD5 to Historic >> Done initial DIGEST-MD5 replacement I-D >> Jan 09 WGLC DIGEST-MD5 replacement I-D >> Done initial GS2 I-D >> Jan 09 WGLC GS2 I-D >> Nov 08 Reach consensus on CRAM-MD5 successor approach (and update >> milestones accordingly) > > Given that GS2 is apparently stalled pending decisions on the CRAM-MD5 > successor, either that decisions needs to be revisited, or these > milestones appears backwards. No, the milestones look right, if a bit agressive. They are just not sorted. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9F7occg078530 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 15 Oct 2008 00:50:39 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m9F7ocnr078529; Wed, 15 Oct 2008 00:50:38 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from yxa-v.extundo.com (yxa-v.extundo.com [83.241.177.39]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9F7oQWn078513 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for <ietf-sasl@imc.org>; Wed, 15 Oct 2008 00:50:38 -0700 (MST) (envelope-from simon@josefsson.org) Received: from c80-216-18-41.bredband.comhem.se ([80.216.18.41] helo=mocca.josefsson.org) by yxa-v.extundo.com with esmtpsa (TLS-1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.63) (envelope-from <simon@josefsson.org>) id 1Kq19B-0004xw-Hj; Wed, 15 Oct 2008 09:50:22 +0200 From: Simon Josefsson <simon@josefsson.org> To: iesg@ietf.org, ietf-sasl@imc.org Subject: Re: WG Review: Recharter of Simple Authentication and Security Layer (sasl) References: <20081015000001.7D17B3A67D1@core3.amsl.com> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:081015:iesg@ietf.org::rYED9/SI7SeRoH3H:4c+l X-Hashcash: 1:22:081015:ietf-sasl@imc.org::f13cdJG4gyWAI1I1:9XXg X-Hashcash: 1:22:081015:ietf-announce@ietf.org::dOMZPWeNOC5FnXs/:BPdA X-Hashcash: 1:22:081015:kurt.zeilenga@isode.com::VBcY6HlUjbzN2vve:QIqt X-Hashcash: 1:22:081015:tlyu@mit.edu::YT8omrda/K4B9JyS:029Q3 Date: Wed, 15 Oct 2008 09:50:20 +0200 In-Reply-To: <20081015000001.7D17B3A67D1@core3.amsl.com> (IESG Secretary's message of "Tue, 14 Oct 2008 17:00:01 -0700 (PDT)") Message-ID: <87zll6z48z.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED,AWL autolearn=ham version=3.2.3 (2007-08-08) host=yxa-v.extundo.com Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> IESG Secretary <iesg-secretary@ietf.org> writes: > Done initial I-D for RFC4422bis > Nov 08 initial RFC4422bis implementation report > Dec 08 WGLC RFC4422bis and implementation report I-D > Done initial I-D for DIGEST-MD5 to Historic > Done WGLC I-D for DIGEST-MD5 to Historic > Done initial DIGEST-MD5 replacement I-D > Jan 09 WGLC DIGEST-MD5 replacement I-D > Done initial GS2 I-D > Jan 09 WGLC GS2 I-D > Nov 08 Reach consensus on CRAM-MD5 successor approach (and update > milestones accordingly) Given that GS2 is apparently stalled pending decisions on the CRAM-MD5 successor, either that decisions needs to be revisited, or these milestones appears backwards. /Simon Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9F010I1047625 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 14 Oct 2008 17:01:00 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m9F010On047624; Tue, 14 Oct 2008 17:01:00 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9F00x6H047604 for <ietf-sasl@imc.org>; Tue, 14 Oct 2008 17:00:59 -0700 (MST) (envelope-from root@core3.amsl.com) Received: by core3.amsl.com (Postfix, from userid 0) id 7D17B3A67D1; Tue, 14 Oct 2008 17:00:01 -0700 (PDT) From: IESG Secretary <iesg-secretary@ietf.org> To: ietf-announce@ietf.org Cc: kurt.zeilenga@isode.com, tlyu@mit.edu, ietf-sasl@imc.org Subject: WG Review: Recharter of Simple Authentication and Security Layer (sasl) reply-to: iesg@ietf.org Content-Type: text/plain; charset="utf-8" Mime-Version: 1.0 Message-Id: <20081015000001.7D17B3A67D1@core3.amsl.com> Date: Tue, 14 Oct 2008 17:00:01 -0700 (PDT) Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> A modified charter has been submitted for the Simple Authentication and Security Layer (sasl) working group in the Security Area of the IETF. The IESG has not made any determination as yet. The modified charter is provided below for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by Tuesday, October 21, 2008. Simple Authentication and Security Layer (sasl) =============================================== Last Revision 10/3/2008 Current Status: Active Working Group Additional information is available at tools.ietf.org/wg/sasl Chair(s): Kurt Zeilenga [kurt.zeilenga@isode.com] Tom Yu [tlyu@mit.edu] Security Area Director(s): Tim Polk [tim.polk@nist.gov] Pasi Eronen [pasi.eronen@nokia.com] Security Area Advisor: Pasi Eronen [pasi.eronen@nokia.com] Mailing Lists: General Discussion: ietf-sasl@imc.org To Subscribe: ietf-sasl-request@imc.org In Body: subscribe Archive: http://www.imc.org/ietf-sasl/mail-archive/ Description of Working Group: The Simple Authentication and Security Layer [RFC4422] provides key security services to a number of application protocols including BEEP, IMAP, LDAP, POP, and SMTP. The purpose of this working group is to shepherd SASL, including select SASL mechanisms, through the Internet Standards process. This group will work to progress the SASL Technical Specification toward Draft Standard. The group has determined that DIGEST-MD5 [RFC2831] is not suitable for progression on the Standards Track due to interoperability, internationalization, and security concerns. The group will deliver a technical specification for a suitable password-based challenge/ response replacement mechanism for Standard Track consideration. The replacement mechanism is expected to be "better than" DIGEST-MD5 from a number of perspectives including interoperability, internationalization, and security. The replacement mechanism is not expected to (but may) provide a security layer itself, instead relying on security services provided at a lower layer (e.g., TLS) and channel bindings. The WG is expected to strike a consensus-supported balance between the many qualities desired in the replacement. Desired qualities include (but are not limited to) negotiated key hardening iteration count, downgrade attack protection, and mutual authentication. The group intends to consider a number of approaches, including draft-newman-auth-scam and draft-josefsson-password-auth, as input. Additionally, the WG will deliver a document summarizing its DIGEST-MD5 concerns and requesting RFC 2831 be moved to Historic status. This document will be based upon draft-ietf-sasl-digest-to- historic. This group will deliver a revised Technical Specification suitable for publication as Proposed Standard for the GSS-API family of SASL mechanisms. This work will be based upon draft-ietf-sasl-gs2. The group will produce a successor document for the CRAM-MD5 specification, RFC 2195. The outcome can be a Standards Track specification replacing RFC 2195, an Informational document moving RFC 2195 to Historic, or an Informational document that documents existing implementation practice. The following areas are not within the scope of work of this WG: - new features, - SASL Mechanisms not specifically mentioned above, and - SASL "profiles". However, the SASL WG is an acceptable forum for review of SASL-related submissions produced by others as long as such review does not impede progress on the WG objectives listed above. Milestones: Done initial I-D for RFC4422bis Nov 08 initial RFC4422bis implementation report Dec 08 WGLC RFC4422bis and implementation report I-D Done initial I-D for DIGEST-MD5 to Historic Done WGLC I-D for DIGEST-MD5 to Historic Done initial DIGEST-MD5 replacement I-D Jan 09 WGLC DIGEST-MD5 replacement I-D Done initial GS2 I-D Jan 09 WGLC GS2 I-D Nov 08 Reach consensus on CRAM-MD5 successor approach (and update milestones accordingly) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9BMLeLe010546 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 11 Oct 2008 15:21:40 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m9BMLeZH010545; Sat, 11 Oct 2008 15:21:40 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from dizzyd.com (dizzyd.com [207.210.219.225]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9BMLTer010537 for <ietf-sasl@imc.org>; Sat, 11 Oct 2008 15:21:39 -0700 (MST) (envelope-from stpeter@stpeter.im) Received: from dialup-4.227.197.135.Dial1.Denver1.Level3.net (dialup-4.227.197.135.Dial1.Denver1.Level3.net [4.227.197.135]) (Authenticated sender: stpeter) by dizzyd.com (Postfix) with ESMTPSA id 49D66400F0; Sat, 11 Oct 2008 16:17:26 -0600 (MDT) Message-ID: <48F0F469.9090108@stpeter.im> Date: Sat, 11 Oct 2008 12:46:01 -0600 From: Peter Saint-Andre <stpeter@stpeter.im> User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.17) Gecko/20080914 Thunderbird/2.0.0.17 Mnenhy/0.7.5.666 MIME-Version: 1.0 To: Alexey Melnikov <alexey.melnikov@isode.com> CC: ietf-sasl@imc.org Subject: Re: SASL (RFC 4422) to draft questionnaire References: <66C88F54C36CF96F0A156AC4@446E7922C82D299DB29D899F> <48F0818B.5000803@isode.com> In-Reply-To: <48F0818B.5000803@isode.com> X-Enigmail-Version: 0.95.7 OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 7bit Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> Alexey Melnikov wrote: > SASL EXTERNAL is implemented in server-to-server XMPP, but it is not > clear if other XMPP servers are actually using it. SASL EXTERNAL is implemented in other XMPP servers but AFAIK has not yet been widely tested. The XMPP Standards Foundation plans to organize some testing of this feature in the next few months as we work to improve the security of the XMPP network. Peter -- Peter Saint-Andre https://stpeter.im/ Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9BAaLr6062650 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 11 Oct 2008 03:36:21 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m9BAaLON062649; Sat, 11 Oct 2008 03:36:21 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9BAa9PM062630 for <ietf-sasl@imc.org>; Sat, 11 Oct 2008 03:36:20 -0700 (MST) (envelope-from alexey.melnikov@isode.com) Received: from [92.40.49.53] (92.40.49.53.sub.mbb.three.co.uk [92.40.49.53]) by rufus.isode.com (submission channel) via TCP with ESMTPA id <SPCBlgAq93-I@rufus.isode.com>; Sat, 11 Oct 2008 11:36:07 +0100 Message-ID: <48F0818B.5000803@isode.com> Date: Sat, 11 Oct 2008 11:35:55 +0100 From: Alexey Melnikov <alexey.melnikov@isode.com> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: en-us, en To: ietf-sasl@imc.org Subject: Re: SASL (RFC 4422) to draft questionnaire References: <66C88F54C36CF96F0A156AC4@446E7922C82D299DB29D899F> In-Reply-To: <66C88F54C36CF96F0A156AC4@446E7922C82D299DB29D899F> MIME-Version: 1.0 Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> Chris Newman wrote: > Here's a proposed questionnaire for an implementation report. > > I am not volunteering to compile responses to the questions, but I am > willing to answer these questions for my implementations. > > - Chris Ok, here are my responses (shamelessly copied from Chris' response and modified accordingly). > --- > RFC 4422 Implementation Questionnaire > =============================================== > 0. Contact and Description > Organization Name: Isode Limited (implementation A - plugin based generic SASL implementation) MessagingDirect (implementation B - plugin based generic SASL implementation) Epsylon Technologies (implementation C) > Implementation (Software or Service) Name: CMU SASL (implementation A) > 1. Have you implemented SASL and/or SASL mechanism? Yes. I've implemented CRAM-MD5 in Epsylon Technologies' SMTP servers (implementation C) and IDK mail client library (both written in Delphi). I've implemented/maintained client and server DIGEST-MD5 plugin in CMU SASL (implementations A) and implementation B [variants of the same implementation]. I've updated/maintained GSSAPI client and server side plugin in implementation B and maintained implementation B in general. I've integrated CMU SASL into SMTP, IMAP, POP, ManageSieve and LDAP servers (with some help from my Isode co-workers). I've integrated CMU SASL into an IMAP client. My co-worker Dave Cridland implemented hardcoded SASL EXTERNAL client and server implementation in Isode's XMPP server (for server-to-server traffic). I am also a co-editor of the latest SMTP AUTH document revision and reviewed use of SASL in XMPP. > 1.5. Is your implementation of SASL derived from, or dependent upon, > any other implementation (such as a SASL library)? If so, explain. Isode is using a fork (around 2004) of CMU SASL with some changes. > 2. Which SASL mechanisms have you implemented? The following SASL mechanism included in CMU SASL (implementation A) are used by Isode: PLAIN, LOGIN, CRAM-MD5, DIGEST-MD5, NTLM, GSSAPI, EXTERNAL. Isode also has a standalone SASL EXTERNAL implementation. Implementation B had: PLAIN, CRAM-MD5, DIGEST-MD5, GSSAPI Implementation C: CRAM-MD5 All implementations included both client side and server side implementations of various SASL mechanisms. > 3. For how long has it been deployed? CMU SASL is older than 10 years. MessagingDirect SASL library is also older than 10 years. For Isode products: SMTP AUTH is available since early 2003. LDAP authentication is available since late 2003. IMAP/POP/ManageSieve authentication is available since around 2005. > 4. What features have NOT been implemented from SASL? SASLPrep - this requires quire a bit of effort to build various tables, etc. SASL security layers *are* implemented in Isode's IMAP/POP server. Some mail clients (in particular Apple Mail) can use GSSAPI security layer. Also note that Isode's IMAP/POP servers implement stacking of SASL security layers with TLS, even though it doesn't look like this is used by any clients. The IMAP client doesn't check for a mechanism list modified by an attacker, so it doesn't close the connection (a SHOULD in RFC 4422). Isode's ManageSieve server never emits "additional data with success". But Isode's LDAP server uses this feature. > 5. What features of SASL or SASL mechanisms are problematic for your > implementation? See answers to question 4. > **6. Please add any other comments you wish to share: Isode's IMAP server also implements SASL-IR (SASL initial response extension). We have not implemented SASLprep because we have no customer demand for it. SASL EXTERNAL is implemented in server-to-server XMPP, but it is not clear if other XMPP servers are actually using it. We continue to advertise the non-standard LOGIN mechanism in SMTP as it is used by Outlook Express (and probably Outlook). This mechanism is also advertised in all other Isode servers, whenever PLAIN is also advertised. SASL proxy authentication feature is used for management of user's mail over IMAP. We had some minor problems with DIGEST-MD5 interoperability. We disable DIGEST-MD5 reauthentication due to code thread safety concerns. It is not clear if any clients are using this feature. DIGEST-MD5 security layer doesn't seem to be interoperable/used. "Additional data with success" used to cause problems in LDAP: an older version of OpenLDAP (client side) was unable to cope with this (fixed in a later version), while LDAP Administrator were unable to work without this feature. (LDAP Administrator we've tested in Isode was using Microsoft LDAP API, so it might have been a problem with the Microsoft LDAP library.) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m99JhXOS002432 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 9 Oct 2008 12:43:33 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m99JhXTc002431; Thu, 9 Oct 2008 12:43:33 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from yxa-v.extundo.com (yxa-v.extundo.com [83.241.177.39]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m99JhJNK002388 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for <ietf-sasl@imc.org>; Thu, 9 Oct 2008 12:43:32 -0700 (MST) (envelope-from simon@josefsson.org) Received: from c80-216-18-41.bredband.comhem.se ([80.216.18.41] helo=mocca.josefsson.org) by yxa-v.extundo.com with esmtpsa (TLS-1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.63) (envelope-from <simon@josefsson.org>) id 1Ko1Pk-00025T-Q2 for ietf-sasl@imc.org; Thu, 09 Oct 2008 21:43:18 +0200 X-Hashcash: 1:22:081009:ietf-sasl@imc.org::PJQv/1O8iau4Dz+d:1GCT From: Simon Josefsson <simon@josefsson.org> To: ietf-sasl@imc.org Subject: draft-brusilovsky-pak-07 References: <20081009191502.217F93A6AC0@core3.amsl.com> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:081009:i-d-announce@ietf.org::bWd+cWqciI+NVo2R:Fzox X-Hashcash: 1:22:081009:internet-drafts@ietf.org::3wAv00rtTlMgZ6FY:I5tq Date: Thu, 09 Oct 2008 21:43:12 +0200 In-Reply-To: <20081009191502.217F93A6AC0@core3.amsl.com> (Internet-Drafts@ietf.org's message of "Thu, 9 Oct 2008 12:15:02 -0700 (PDT)") Message-ID: <87ej2p1rn3.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED,AWL autolearn=ham version=3.2.3 (2007-08-08) host=yxa-v.extundo.com Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> This draft looks like interesting input for the design of a password-based SASL mechanism. Personally, I prefer the simplicity of a HMAC-SHA256 design over PAK though. /Simon Internet-Drafts@ietf.org writes: > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > > Title : Password-Authenticated Diffie-Hellman Exchange (PAK) > Author(s) : I. Faynberg, Z. Zeltsan, A. Brusilovsky > Filename : draft-brusilovsky-pak-07.txt > Pages : 8 > Date : 2008-10-9 > > This document proposes to add mutual authentication, based on > human-memorizable password, to the basic unauthenticated Diffie-Hellman > key exchange. The proposed algorithm is called Password-authenticated > Key exchange (PAK). PAK allows two parties to authenticate themselves > while performing the Diffie-Hellman exchange. > The protocol is secure against all passive and active attacks. > In particular, it does not allow either type of attackers to obtain any > information that would enable an off-line dictionary attack on the > password. The use of Diffie-Hellman exchange ensures Forward Secrecy. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-brusilovsky-pak-07.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft. > > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m92NkYE7091627 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 2 Oct 2008 16:46:34 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m92NkYqa091626; Thu, 2 Oct 2008 16:46:34 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from boole.openldap.org (boole.openldap.org [204.152.186.50]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m92NkN2p091609 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-sasl@imc.org>; Thu, 2 Oct 2008 16:46:33 -0700 (MST) (envelope-from Kurt.Zeilenga@Isode.com) Received: from [192.168.1.102] (75-141-233-128.dhcp.nv.charter.com [75.141.233.128] (may be forged)) (authenticated bits=0) by boole.openldap.org (8.13.8/8.13.8) with ESMTP id m92NkLYF044312 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <ietf-sasl@imc.org>; Thu, 2 Oct 2008 23:46:22 GMT (envelope-from Kurt.Zeilenga@Isode.com) Message-Id: <A795FFB2-8A36-41FB-9BB9-671DBEA1FC92@Isode.com> From: Kurt Zeilenga <Kurt.Zeilenga@isode.com> To: ietf-sasl@imc.org In-Reply-To: <1B40CD47-425B-44E7-9960-E7D94EAA8B45@Isode.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v929.2) Subject: Re: Proposed SASL WG charter description Date: Thu, 2 Oct 2008 16:46:20 -0700 References: <1B40CD47-425B-44E7-9960-E7D94EAA8B45@Isode.com> X-Mailer: Apple Mail (2.929.2) Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> Below is the revised SASL WG charter, with milestones. While it likely that the milestones might need some minor adjustment, such adjustment can be done post rechartering. I have sent this proposal to our AD to bring to the IESG as soon as possible. -- Kurt Simple Authentication and Security Layer (sasl) Description of Working Group: The Simple Authentication and Security Layer [RFC4422] provides key security services to a number of application protocols including BEEP, IMAP, LDAP, POP, and SMTP. The purpose of this working group is to shepherd SASL, including select SASL mechanisms, through the Internet Standards process. This group will work to progress the SASL Technical Specification toward Draft Standard. The group has determined that DIGEST-MD5 [RFC2831] is not suitable for progression on the Standards Track due to interoperability, internationalization, and security concerns. The group will deliver a technical specification for a suitable password-based challenge/ response replacement mechanism for Standard Track consideration. The replacement mechanism is expected to be "better than" DIGEST-MD5 from a number of perspectives including interoperability, internationalization, and security. The replacement mechanism is not expected to (but may) provide a security layer itself, instead rely on security services provided at a lower layer (e.g., TLS) and channel bindings. The WG is expected to strike a consensus-supported balance between the many qualities desired in the replacement. Desired qualities include (but is not limited to) negotiated key hardening iteration count, downgrade attack protection, and mutual authentication. The group intends to consider a number of approaches, including draft-newman-auth-scam and draft-josefsson-password-auth, as input. Additionally, the WG will deliver a document summarizing its DIGEST-MD5 concerns and requesting RFC 2831 be moved to Historic status. This document will be based upon draft-ietf-sasl-digest-to- historic. This group will deliver a revised Technical Specification suitable for publication as Proposed Standard for the GSS-API family of SASL mechanisms. This work will be based upon draft-ietf-sasl-gs2. The group will produce a successor document for the CRAM-MD5 specification, RFC 2195. The outcome can be a Standards Track specification replacing RFC 2195, an Informational document moving RFC 2195 to Historic, or an Informational document that documents existing implementation practice. The following areas are not within the scope of work of this WG: - new features, - SASL Mechanisms not specifically mentioned above, and - SASL "profiles". However, the SASL WG is an acceptable forum for review of SASL-related submissions produced by others as long as such review does not impede progress on the WG objectives listed above. Milestones: Done initial I-D for RFC4422bis Nov 08 initial RFC4422bis implementation report Dec 08 WGLC RFC4422bis and implementation report I-D Done initial I-D for DIGEST-MD5 to Historic Done WGLC I-D for DIGEST-MD5 to Historic Done initial DIGEST-MD5 replacement I-D Jan 09 WGLC DIGEST-MD5 replacement I-D Done initial GS2 I-D Jan 09 WGLC GS2 I-D Nov 08 Reach consensus on CRAM-MD5 successor approach (and update milestones accordingly) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m92BaihM021648 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 2 Oct 2008 04:36:44 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m92BaixO021647; Thu, 2 Oct 2008 04:36:44 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m92BaWbJ021627 for <ietf-sasl@imc.org>; Thu, 2 Oct 2008 04:36:43 -0700 (MST) (envelope-from alexey.melnikov@isode.com) Received: from [172.16.2.129] (shiny.isode.com [62.3.217.250]) by rufus.isode.com (submission channel) via TCP with ESMTPA id <SOSyPgAxOYmK@rufus.isode.com>; Thu, 2 Oct 2008 12:36:31 +0100 Message-ID: <48E4B221.5010105@isode.com> Date: Thu, 02 Oct 2008 12:36:01 +0100 From: Alexey Melnikov <alexey.melnikov@isode.com> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: en-us, en To: Kurt Zeilenga <Kurt.Zeilenga@isode.com> CC: Tom Yu <tlyu@mit.edu>, ietf-sasl@imc.org Subject: Re: SASL WG status, 10/1 References: <ldvhc7vakpw.fsf@cathode-dark-space.mit.edu> <6BCA0DF5-0766-4545-B118-8C931E4EF1B7@Isode.com> In-Reply-To: <6BCA0DF5-0766-4545-B118-8C931E4EF1B7@Isode.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> Kurt Zeilenga wrote: > On Oct 1, 2008, at 5:45 PM, Tom Yu wrote: > >> RFC 4422 implementation reports - need response summary - Kurt >> - Due 9/30 > > I should have something here in the next few days. I've started writing my response, but got distracted by work related things. I should finish that, but I can't promise I will do this this week. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m921qWNU079108 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 1 Oct 2008 18:52:32 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m921qWdG079107; Wed, 1 Oct 2008 18:52:32 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from boole.openldap.org (boole.openldap.org [204.152.186.50]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m921qVcN079101 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-sasl@imc.org>; Wed, 1 Oct 2008 18:52:32 -0700 (MST) (envelope-from Kurt.Zeilenga@Isode.com) Received: from [192.168.1.102] (75-141-233-128.dhcp.nv.charter.com [75.141.233.128] (may be forged)) (authenticated bits=0) by boole.openldap.org (8.13.8/8.13.8) with ESMTP id m921qUI7054892 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 2 Oct 2008 01:52:31 GMT (envelope-from Kurt.Zeilenga@Isode.com) Cc: ietf-sasl@imc.org Message-Id: <6BCA0DF5-0766-4545-B118-8C931E4EF1B7@Isode.com> From: Kurt Zeilenga <Kurt.Zeilenga@isode.com> To: Tom Yu <tlyu@mit.edu> In-Reply-To: <ldvhc7vakpw.fsf@cathode-dark-space.mit.edu> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v929.2) Subject: Re: SASL WG status, 10/1 Date: Wed, 1 Oct 2008 18:52:30 -0700 References: <ldvhc7vakpw.fsf@cathode-dark-space.mit.edu> X-Mailer: Apple Mail (2.929.2) Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> On Oct 1, 2008, at 5:45 PM, Tom Yu wrote: > > WG Charter - milestones needed - Chairs - 10/3 > > RFC 4422bis - review needed - WG > > RFC 4422 implementation reports - need response summary - Kurt > - Due 9/30 I should have something here in the next few days. > > > RFC 4013bis - I-D needed - Kurt - 9/30 (assuming we choose to do this) Per my recent post, this will not be a WG item. > CRAM-MD5 - resolve pending items from Frank: adding Simon's PLAIN/CRAM > comparison and tying to saslprep revision - WG This is also pending determination of consensus regarding track and approach to be taken. > digest-to-historic - mostly done, awaiting SCRAM > > GS2 - Awaiting SCRAM issue resolution > > SCRAM: > * PBKDF2 iteration counts - Nico? > * channel binding - Nico? > * LDAP storage of auth info > text needed for WG consideration - Chris? - 9/30 > * make equivalent to a GS2 mech > text needed for WG consideration - Sam/Nico?- 9/30 > Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m921mpla078956 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 1 Oct 2008 18:48:51 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m921mpMq078955; Wed, 1 Oct 2008 18:48:51 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from boole.openldap.org (boole.openldap.org [204.152.186.50]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m921meOh078947 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-sasl@imc.org>; Wed, 1 Oct 2008 18:48:51 -0700 (MST) (envelope-from Kurt.Zeilenga@Isode.com) Received: from [192.168.1.102] (75-141-233-128.dhcp.nv.charter.com [75.141.233.128] (may be forged)) (authenticated bits=0) by boole.openldap.org (8.13.8/8.13.8) with ESMTP id m921mcp4054700 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 2 Oct 2008 01:48:39 GMT (envelope-from Kurt.Zeilenga@Isode.com) Cc: ietf-sasl@imc.org Message-Id: <F1D39364-CD9E-42F0-971B-24396736CB7F@Isode.com> From: Kurt Zeilenga <Kurt.Zeilenga@isode.com> To: Kurt Zeilenga <Kurt.Zeilenga@isode.com> In-Reply-To: <1B40CD47-425B-44E7-9960-E7D94EAA8B45@Isode.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v929.2) Subject: Re: Proposed SASL WG charter description Date: Wed, 1 Oct 2008 18:48:38 -0700 References: <1B40CD47-425B-44E7-9960-E7D94EAA8B45@Isode.com> X-Mailer: Apple Mail (2.929.2) Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> On Sep 4, 2008, at 8:36 AM, Kurt Zeilenga wrote: > This group will produce a document revising SASLprep [RFC4013] to > improve Unicode version agility while maintaining RFC 4013 behavior > when used with RFC 4013 mandated version of Unicode. The outcome of > this work will be a Standards Track RFC replacing RFC 4013. It appears that there is insufficient support to take on this work item. Hence, the chairs intend to drop this text from the charter proposal. -- Kurt Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m920jUrY075953 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 1 Oct 2008 17:45:30 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m920jUnZ075952; Wed, 1 Oct 2008 17:45:30 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m920jIOh075941 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-sasl@imc.org>; Wed, 1 Oct 2008 17:45:29 -0700 (MST) (envelope-from tlyu@MIT.EDU) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id m920jGZP023066 for <ietf-sasl@imc.org>; Wed, 1 Oct 2008 20:45:17 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id m920jFTZ010885 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <ietf-sasl@imc.org>; Wed, 1 Oct 2008 20:45:16 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id m920jFEL026825; Wed, 1 Oct 2008 20:45:15 -0400 (EDT) To: ietf-sasl@imc.org Subject: SASL WG status, 10/1 From: Tom Yu <tlyu@MIT.EDU> Date: Wed, 01 Oct 2008 20:45:15 -0400 Message-ID: <ldvhc7vakpw.fsf@cathode-dark-space.mit.edu> Lines: 23 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 Sender: owner-ietf-sasl@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/> List-ID: <ietf-sasl.imc.org> List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe> WG Charter - milestones needed - Chairs - 10/3 RFC 4422bis - review needed - WG RFC 4422 implementation reports - need response summary - Kurt - Due 9/30 RFC 4013bis - I-D needed - Kurt - 9/30 (assuming we choose to do this) CRAM-MD5 - resolve pending items from Frank: adding Simon's PLAIN/CRAM comparison and tying to saslprep revision - WG digest-to-historic - mostly done, awaiting SCRAM GS2 - Awaiting SCRAM issue resolution SCRAM: * PBKDF2 iteration counts - Nico? * channel binding - Nico? * LDAP storage of auth info text needed for WG consideration - Chris? - 9/30 * make equivalent to a GS2 mech text needed for WG consideration - Sam/Nico?- 9/30
- WG Action: RECHARTER: Simple Authentication and S… IESG Secretary
- Re: WG Action: RECHARTER: Simple Authentication a… Peter Saint-Andre