Re: [tram] Eric Rescorla's Discuss on draft-ietf-tram-stunbis-16: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Thu, 17 May 2018 20:55 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DCDD1270B4; Thu, 17 May 2018 13:55:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jYdM4OA3JJxK; Thu, 17 May 2018 13:55:29 -0700 (PDT)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 799A91241FC; Thu, 17 May 2018 13:55:29 -0700 (PDT)
X-AuditID: 1209190c-9ebff70000005454-76-5afdec3fc741
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id 8F.1F.21588.04CEDFA5; Thu, 17 May 2018 16:55:28 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id w4HKtL6s031313; Thu, 17 May 2018 16:55:23 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w4HKtFLr015690 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 17 May 2018 16:55:18 -0400
Date: Thu, 17 May 2018 15:55:16 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Brandon Williams <brandon.williams@akamai.com>, Marc Petit-Huguenin <petithug@acm.org>, tram-chairs@ietf.org, tram@ietf.org, Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>, tasveren@rbbn.com, The IESG <iesg@ietf.org>, draft-ietf-tram-stunbis@ietf.org, "Matthew A. Miller" <linuxwolf+ietf@outer-planes.net>
Message-ID: <20180517205516.GO2249@kduck.kaduk.org>
References: <152390863222.19652.10310304989315386136.idtracker@ietfa.amsl.com> <c0a06754-6f8c-97dc-7f7e-26a7df43e842@acm.org> <31a441d2-8843-c8ee-f5ef-5496e5b4b364@acm.org> <CABcZeBO+2LG4-1-dhzTTSJFH6uhJdSEKLjyVfxO+krzHR8ueQw@mail.gmail.com> <29c18858-3694-c48a-54c3-6dcbfa3b6705@acm.org> <20180515182435.GN2249@kduck.kaduk.org> <25e551de-87b7-1612-c869-8336fe3c4b95@akamai.com> <CABcZeBN+sgdH5a56zWTHm-=PD3vJ_DzSyPZYF=S5Bt3i_ATvBw@mail.gmail.com> <20180517203337.GN2249@kduck.kaduk.org> <CABcZeBOM6OybXi84DxDzHcgu_tezhZRETW9Dmh41hYre9w+iXA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CABcZeBOM6OybXi84DxDzHcgu_tezhZRETW9Dmh41hYre9w+iXA@mail.gmail.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrLKsWRmVeSWpSXmKPExsUixG6nouvw5m+UwcxJkhbLHu9ktejccpnN YsXrc+wWm5avZLKY8Wcis8WkLY9YLS6suctksX75N3aL5T9Xsll8WHuBzYHL4/IVb4/JRxYw e/z6epXNY8mSn0weTz7/Y/LYM2cSo8fkx23MAexRXDYpqTmZZalF+nYJXBnHlzxjLfjNUbF2 /wGWBsYJ7F2MnBwSAiYSiy/sYOpi5OIQEljMJLFr8zEWCGcjo0TTpYlQzlUmicYJq5hAWlgE VCUedf1mBbHZBFQkGrovM4PYIgIKEr/+nABrYBZ4xiSx/WgP2A5hgXSJ26+ugzXwChhLdN49 zAgxdR+LxOtNM1kgEoISJ2c+AbOZBbQkbvx7CbSNA8iWllj+jwMkzCkQKLHg8jSwI0QFlCX2 9h1in8AoMAtJ9ywk3bMQuhcwMq9ilE3JrdLNTczMKU5N1i1OTszLSy3SNdTLzSzRS00p3cQI ihVOSZ4djGfeeB1iFOBgVOLhfTHxb5QQa2JZcWXuIUZJDiYlUd6+f7+jhPiS8lMqMxKLM+KL SnNSiw8xSnAwK4nw+lUClfOmJFZWpRblw6SkOViUxHkFNn+IEhJITyxJzU5NLUgtgsnKcHAo SfAKvgZqFCxKTU+tSMvMKUFIM3FwggznARpeBVLDW1yQmFucmQ6RP8WoKCXOKwuSEABJZJTm wfWCUplE9v6aV4ziQK8I87qAVPEA0yBc9yugwUxAgxkP/AYZXJKIkJJqYDyj82TlX1aFN6kB KTIbJtSf6rUMvMM48ZqhyAlW9iVuGpF2650uJzW9/+DxUK1mxuxONqXIg5eUF8b/nz+fM0Fy SpuzqlSQmnvoneMLuU4eTdBTeiLixWbgrSWhuDf7Uvwq5eD9t0/945/D2c0kYJX/SbAnjk9i WfXfYs6NBkr7trnVX570X4mlOCPRUIu5qDgRABqgkE9AAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/YBTGkx8by8x2b14TyVzM1hgQmrw>
X-Mailman-Approved-At: Fri, 18 May 2018 10:29:12 -0700
Subject: Re: [tram] Eric Rescorla's Discuss on draft-ietf-tram-stunbis-16: (with DISCUSS and COMMENT)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 May 2018 20:55:32 -0000

On Thu, May 17, 2018 at 01:50:31PM -0700, Eric Rescorla wrote:
> On Thu, May 17, 2018 at 1:33 PM, Benjamin Kaduk <kaduk@mit.edu> wrote:
> 
> >
> > I think this is a question of "attack over the network" vs.
> > "compromised password database".  You want HKDF-SHA-256 or Argon2 or
> > something like that because it makes it harder for an attacker to
> > brute-force a compromised database of hashed passwords, which is
> > something of a different concern than turning a string into a crypto
> > key and worrying about an attacker in the network that only observes
> > the ciphertext.  That is, the problem of brute-forcing the secret material
> > given the network ciphertext is different from attacking the
> > (hashed) password database directly.
> >
> 
> Right. But the weak password hashing function is a problem if you have
> the data on disk, whether you negotiate it or not, so biddown protection
> doesn't help.

Right.  So maybe we need a way to signal that the MD5-hashed thing
can be removed from the on-disk database.  (Well, "need".)  The
first occurrence of non-md5 might not be enough, though...

-Benjamin