RE: [TLS] password-based authentication (was: Some comments about draft-badra-ecdhe-tls-psk-01)
Chris Newman <Chris.Newman@Sun.COM> Wed, 30 January 2008 23:12 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JKM6s-0006BU-Hi; Wed, 30 Jan 2008 18:12:50 -0500
Received: from tls by megatron.ietf.org with local (Exim 4.43) id 1JKM6r-0006BP-Qf for tls-confirm+ok@megatron.ietf.org; Wed, 30 Jan 2008 18:12:49 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JKM6r-0006BH-EM for tls@ietf.org; Wed, 30 Jan 2008 18:12:49 -0500
Received: from brmea-mail-2.sun.com ([192.18.98.43]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1JKM6q-0005A2-OR for tls@ietf.org; Wed, 30 Jan 2008 18:12:49 -0500
Received: from fe-amer-10.sun.com ([192.18.109.80]) by brmea-mail-2.sun.com (8.13.6+Sun/8.12.9) with ESMTP id m0UNCmMx008102 for <tls@ietf.org>; Wed, 30 Jan 2008 23:12:48 GMT
Received: from conversion-daemon.mail-amer.sun.com by mail-amer.sun.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) id <0JVH00K01CBSSE00@mail-amer.sun.com> (original mail from Chris.Newman@Sun.COM) for tls@ietf.org; Wed, 30 Jan 2008 16:12:48 -0700 (MST)
Received: from [10.0.191.236] ([10.1.110.5]) by mail-amer.sun.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) with ESMTPSA id <0JVH007GGCH6ZZ90@mail-amer.sun.com>; Wed, 30 Jan 2008 16:12:46 -0700 (MST)
Date: Wed, 30 Jan 2008 15:12:42 -0800
From: Chris Newman <Chris.Newman@Sun.COM>
Subject: RE: [TLS] password-based authentication (was: Some comments about draft-badra-ecdhe-tls-psk-01)
In-reply-to: <B356D8F434D20B40A8CEDAEC305A1F24052E8B6C@esebe105.NOE.Nokia.com>
To: Pasi.Eronen@nokia.com, dharkins@lounge.org
Message-id: <BB08005FCE7305534C205D83@446E7922C82D299DB29D899F>
MIME-version: 1.0
X-Mailer: Mulberry/4.0.8 (Mac OS X)
Content-type: text/plain; format="flowed"; charset="us-ascii"
Content-transfer-encoding: 7bit
Content-disposition: inline
References: <B356D8F434D20B40A8CEDAEC305A1F240511959C@esebe105.NOE.Nokia.com> <87sl15pxnx.fsf@mocca.josefsson.org> <B356D8F434D20B40A8CEDAEC305A1F24052E8740@esebe105.NOE.Nokia.com> <28109.216.31.249.246.1201632747.squirrel@www.trepanning.net> <B356D8F434D20B40A8CEDAEC305A1F24052E8B6C@esebe105.NOE.Nokia.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c1c65599517f9ac32519d043c37c5336
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Pasi.Eronen@nokia.com wrote on 1/30/08 9:58 +0200: > Dan Harkins wrote: > >> Personally I would view a password-based authentication scheme >> that assumes the shared key is a low-entropy one or is selected >> from a limited set of keys, like a dictionary, as more useful to >> the real world. I believe that is the predominant access method >> used in the Internet today. > > Just being curious, what would be the main differences between > the authentication scheme you're thinking about, and RFC 5054? On the protocol side, not much. On the implementation side, it would roughly double the complexity of a typical TLS API in order to actually be useful to applications. The password verifier could be stored in any one of a number of external repositories (LDAP, RADIUS, DIAMETER, SQL, Liberty, some other SOAP/HTTP mechanism, /etc/passwd, NIS, etc) and the application would have to provide the TLS stack with sophisticated configuration knobs related to these protocols. As a matter of efficiency, some of these protocols are not cheap so high performance servers will have to keep a pool of connections, then fetch and cache the information locally. Attributes that are peripherally related to authentication or unrelated to authentication may also be accessed via these protocols and need to be cached as well to avoid the need for double-fetching of the same entry. So the API needs a way to put all sorts of controls on the protocols used to fetch this data, timeouts, what attributes are of interest, caching parameters, etc. Then there's need for back-channels to the cache (flushing specific entries on provisioning changes) which means hooking up to a notification mechanism to the caching logic under the TLS stack. Personally, I think TLS stacks are plenty complex enough without all this machinery. As a matter of architecture, I'd rather keep this machinery completely separate from the TLS stack and use TLS channel bindings when mutual authentication at the application layer is needed. Although I'm dubious of the utility of PSK, it seems mostly harmless to the TLS stack as long as it's not a password. The primary utility I see for PSK would be for server->server connections if it's coupled with an SSH-style zero-configuration key setup mechanism (I don't see it as having much real-world utility without the latter piece). If PSK proves to be useful than ECC-PSK is also likely to be useful simply because of the improved key scalability. - Chris _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] ECDHE_PSK as WG item? Pasi.Eronen
- Re: [TLS] ECDHE_PSK as WG item? Blumenthal, Uri
- [TLS] Re: ECDHE_PSK as WG item? Simon Josefsson
- Re: [TLS] Re: ECDHE_PSK as WG item? badra
- [TLS] Some comments about draft-badra-ecdhe-tls-p… Pasi.Eronen
- Re: [TLS] Some comments about draft-badra-ecdhe-t… Mohamad Badra
- Re: [TLS] Some comments about draft-badra-ecdhe-t… Blumenthal, Uri
- Re: [TLS] Some comments about draft-badra-ecdhe-t… Dan Harkins
- RE: [TLS] password-based authentication (was: Som… Pasi.Eronen
- RE: [TLS] password-based authentication (was: Som… Dan Harkins
- RE: [TLS] password-based authentication (was: Som… Chris Newman
- RE: [TLS] password-based authentication (was: Som… Dan Harkins
- [TLS] Updated version of draft-badra-ecdhe-tls-psk Mohamad Badra
- Re: [TLS] ECDHE_PSK as WG item? Eric Rescorla
- Re: [TLS] ECDHE_PSK as WG item? Pasi.Eronen
- Re: [TLS] password-based authentication (was: Som… Chris Newman
- Re: [TLS] password-based authentication (was: Som… Dan Harkins