Re: [secdir] [xmpp] SecDir review of draft-ietf-xmpp-3920bis-17

Peter Saint-Andre <stpeter@stpeter.im> Tue, 02 November 2010 22:19 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 411FA3A69F0; Tue, 2 Nov 2010 15:19:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.123
X-Spam-Level:
X-Spam-Status: No, score=-102.123 tagged_above=-999 required=5 tests=[AWL=0.476, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I0znJhrQ+gFq; Tue, 2 Nov 2010 15:19:12 -0700 (PDT)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id 91A003A68C2; Tue, 2 Nov 2010 15:19:12 -0700 (PDT)
Received: from dhcp-64-101-72-188.cisco.com (dhcp-64-101-72-188.cisco.com [64.101.72.188]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 89B5940D1E; Tue, 2 Nov 2010 16:27:54 -0600 (MDT)
Message-ID: <4CD08E62.3060202@stpeter.im>
Date: Tue, 02 Nov 2010 16:19:14 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: Kurt Zeilenga <Kurt.Zeilenga@Isode.COM>
References: <4CC9503D.2000809@gmail.com> <4CCBA7A9.7030506@stpeter.im> <4CCE87A5.80701@gmail.com> <4CCF04D3.6020504@babelmonkeys.de> <2761.1288645043.347835@puncture> <4CCF7E7A.5050303@stpeter.im> <4CCF9776.5060207@stpeter.im> <4CCFF3E6.7040800@gmail.com> <4CD00025.8030804@stpeter.im> <706C109C-A2D2-4E17-B5AA-6B881F7E0334@Isode.COM> <4CD03E36.3020304@stpeter.im> <60F15D22-C2F2-47F7-8BC1-4442B764EDFA@Isode.COM> <4CD071D5.3080808@stpeter.im> <44FB1E43-1F0F-4652-B6FF-D437B6C53DE7@Isode.COM>
In-Reply-To: <44FB1E43-1F0F-4652-B6FF-D437B6C53DE7@Isode.COM>
X-Enigmail-Version: 1.1.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms070604050705080907000006"
X-Mailman-Approved-At: Thu, 04 Nov 2010 10:23:15 -0700
Cc: Security Area Directorate <secdir@ietf.org>, The IESG <iesg@ietf.org>, XMPP Working Group <xmpp@ietf.org>, "draft-ietf-xmpp-3920bis.all@tools.ietf.org" <draft-ietf-xmpp-3920bis.all@tools.ietf.org>
Subject: Re: [secdir] [xmpp] SecDir review of draft-ietf-xmpp-3920bis-17
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Nov 2010 22:19:14 -0000

On 11/2/10 3:11 PM, Kurt Zeilenga wrote:

> I think the question can simple as simple as "Should
> <transition-needed/> be removed?".  I am fine with the question being
> viewed as "too late" to ask.

I don't think that folks in the WG would cry if the feature were
removed, given that:

1. It would be used rarely.

2. No one has implemented it (AFAIK).

3. The text provides many warnings about it.

4. It supposedly opens up the possibility of downgrade attacks.

However, I still fail to see how <transition-needed/> is more evil than
using SASL, at least if TLS is negotiated first (an attacker could just
advertise the PLAIN mechanism over the TLS-protected stream, and if an
attacker has so much control over the server that it can launch attacks
after TLS has been negotiated then the client is in deep trouble anyway!).

Furthermore, I think that any client sophisticated enough to support
<transition-needed/> is going to be sophisticated enough to support
SCRAM-based mechanisms, which means it can perform a further check to
make sure that the server really is offering upgraded security
mechanisms (likely, upgrading from DIGEST-MD5 to SCRAM-SHA-1) before
sending the password in plaintext over the TLS-encrypted stream. Another
check: don't use <transition-needed/> more than once with any given XMPP
service (once is enough!). And never send the plaintext password over an
unprotected stream. So IMHO we have a number of protections in place and
that we can safely use the <transition-needed/> feature if we feel that
we really need it. The question is: do we really need it? We do want to
encourage folks to migrate from DIGEST-MD5 (lots of interoperability
issues) to SCRAM, and as part of that upgrade process XMPP services
might need to collect the plaintext password just once. I'd rather have
it done over the XMPP channel than, say, via an HTTPS web page (more
phishing possibilities), but opinions might differ. Feedback from our
security reviewer and the Security ADs would be especially helpful.

All that having been said, if we're going to remove the feature then I
think we need to make sure that the WG has consensus to do so. I leave
that up to the chairs.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/