IETF Logo Mail Archive

Re: [vwrap] authentication : remove reference to MD5

Meadhbh Hamrick <ohmeadhbh@gmail.com> Tue, 06 April 2010 22:11 UTC

Return-Path: <ohmeadhbh@gmail.com>
X-Original-To: vwrap@core3.amsl.com
Delivered-To: vwrap@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 395933A69AA for <vwrap@core3.amsl.com>; Tue, 6 Apr 2010 15:11:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.499
X-Spam-Level:
X-Spam-Status: No, score=-2.499 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c95FKGpOud1K for <vwrap@core3.amsl.com>; Tue, 6 Apr 2010 15:11:30 -0700 (PDT)
Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.24]) by core3.amsl.com (Postfix) with ESMTP id 764043A6933 for <vwrap@ietf.org>; Tue, 6 Apr 2010 15:11:30 -0700 (PDT)
Received: by qw-out-2122.google.com with SMTP id 9so136774qwb.31 for <vwrap@ietf.org>; Tue, 06 Apr 2010 15:11:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:received:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=3bJVDGP5D705YORCwCFN3ur5NQA/UwVnH46r7G7U2rA=; b=mUIg/a/JaMvg4hEiu6YsjQrbHmcF+omwxxsCjU8xZI10g2kgLXgxaaeBFn8xTU2Z0Z fhQHGXBbkYQt6jeDBJZWduiaE+JEQt2KtCOL+CZWLyYgPMCsNzt3Rbqy3pXUSt1b8ilw eeomHSlwiwQdhxDHV2BdwcdtpiG+M4swgS2YI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; b=vKy5uShc5UvZ1z1MP3MoIT0PsT+v4rCzdBUkQnlB6jhJ1sPQlnjJ+zmHYN4apXq/6V wCUkG4QGsXAoWBDICXKIdzqg2n+XXbUb0qyZy1xqyXVimY3aiTwihMkNCMQQoqDfyclD uoD5bLAGECJ2lXbFamG2FB6/zGzQ59xWGUiSw=
MIME-Version: 1.0
Received: by 10.229.247.72 with HTTP; Tue, 6 Apr 2010 15:11:04 -0700 (PDT)
In-Reply-To: <r2j6c9fcc2a1004061425w7efff62fu7d6647048a6d92d3@mail.gmail.com>
References: <v2zb325928b1004060719nadbc4f76h1be1c4463578fc4a@mail.gmail.com> <4BBB7705.4060206@stpeter.im> <u2vb325928b1004061122u36b2d85cs2a243f2de9231505@mail.gmail.com> <r2j6c9fcc2a1004061425w7efff62fu7d6647048a6d92d3@mail.gmail.com>
From: Meadhbh Hamrick <ohmeadhbh@gmail.com>
Date: Tue, 6 Apr 2010 15:11:04 -0700
Received: by 10.229.88.193 with SMTP id b1mr4821455qcm.27.1270591885228; Tue, 06 Apr 2010 15:11:25 -0700 (PDT)
Message-ID: <z2zb325928b1004061511n84055f0dlf0a02ca077e703fe@mail.gmail.com>
To: barryleiba@computer.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: vwrap@ietf.org
Subject: Re: [vwrap] authentication : remove reference to MD5
X-BeenThere: vwrap@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual World Region Agent Protocol - IETF working group <vwrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/vwrap>, <mailto:vwrap-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vwrap>
List-Post: <mailto:vwrap@ietf.org>
List-Help: <mailto:vwrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vwrap>, <mailto:vwrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Apr 2010 22:11:32 -0000

but ultimately, the question is, "how much legacy are we willing to
support?" i don't think it was answered here, and i think we really
should make some attempt to address it.

the OpenSim grids and SL use radically similar protocols to do auth
now. if we decided we didn't want to define a protocol with enough
legacy to handle the MD5 based auth, then LL would likely use a
technique that was proprietary. sure, the OpenSim people would reverse
engineer it (i mean, after all, the viewer source is GPL licensed and
pushed out the door with sufficient regularity.)

or we could simply define reverse compatibility as part of the
standard and allow deployers to start the migration on their time
frame.

removing MD5 auth from the spec is a bad idea because it forces people
to deploy proprietary mechanisms to bring their systems in line with
VWRAP when they COULD just as easily do the same thing with an open
spec.

what is definitely a good idea is to add the text "MD5 is provided for
reverse compatibility and should not be used for new implementations"
if it's not there already.

-cheers
-meadhbh
--
meadhbh hamrick * it's pronounced "maeve"
@OhMeadhbh * http://meadhbh.org/ * OhMeadhbh@gmail.com



On Tue, Apr 6, 2010 at 2:25 PM, Barry Leiba
<barryleiba.mailing.lists@gmail.com> wrote:
>> so if we simply said "we're going to ditch MD5 in favor of SHA256"
>> there would be a problem with reverse compatibility of the
>> authentication data. this is because you can't generate the pre-image
>> from an MD5 MIC and then use it to generate a SHA256 MIC. (or you
>> can't do that in a way that insures that your MD5 pre image is the
>> same as the password.)
>
> The usual way to handle this is with a migration process.  Credentials
> are re-hashed with the new algorithm when they're changed, over time.
> After a time, there's a cutoff and users are forced to change their
> credentials the next time they log in.  The old login has to be
> supported as long as there are users who have not yet changed... or
> until someone decides to toss those users.
>
> Barry
>

v2.8.7 | Report a Bug | By Email