From philip.eardley@bt.com Thu Dec 2 00:31:58 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AF50228B797 for ; Thu, 2 Dec 2010 00:31:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.955 X-Spam-Level: X-Spam-Status: No, score=-101.955 tagged_above=-999 required=5 tests=[AWL=0.090, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DwWXrmkaMQba for ; Thu, 2 Dec 2010 00:31:53 -0800 (PST) Received: from smtpe1.intersmtp.com (smtp61.intersmtp.COM [62.239.224.234]) by core3.amsl.com (Postfix) with ESMTP id 53BC73A68D2 for ; Thu, 2 Dec 2010 00:31:53 -0800 (PST) Received: from EVMHT69-UKRD.domain1.systemhost.net (10.36.3.129) by RDW083A005ED61.smtp-e1.hygiene.service (10.187.98.10) with Microsoft SMTP Server (TLS) id 8.3.106.1; Thu, 2 Dec 2010 08:33:06 +0000 Received: from EMV65-UKRD.domain1.systemhost.net ([169.254.1.86]) by EVMHT69-UKRD.domain1.systemhost.net ([10.36.3.129]) with mapi; Thu, 2 Dec 2010 08:33:07 +0000 From: To: Date: Thu, 2 Dec 2010 08:33:06 +0000 Thread-Topic: Multipath TCP - Security interim Thread-Index: AcuRedipymRtWZE8RpaaxpraY06BZAAgW6AA Message-ID: <9510D26531EF184D9017DF24659BB87F326654C8EA@EMV65-UKRD.domain1.systemhost.net> Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB Content-Type: multipart/alternative; boundary="_000_9510D26531EF184D9017DF24659BB87F326654C8EAEMV65UKRDdoma_" MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 02 Dec 2010 08:40:50 -0800 Subject: [saag] FW: Multipath TCP - Security interim X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Dec 2010 08:31:58 -0000 --_000_9510D26531EF184D9017DF24659BB87F326654C8EAEMV65UKRDdoma_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Late cc. Date is Tuesday 14th Dec 4pm GMT From: multipathtcp-bounces@ietf.org [mailto:multipathtcp-bounces@ietf.org] = On Behalf Of philip.eardley@bt.com Sent: 01 December 2010 17:14 To: multipathtcp@ietf.org Subject: [multipathtcp] Multipath TCP - Security interim Please let us know if you'd like a slot on the agenda. Here's a rough draft= agenda: * Background * What attackers are we protecting against * Outline proposed solution * Open issues Webex details are now on wiki http://trac.tools.ietf.org/wg/mptcp/trac/wiki= /Interim_Dec_2010 thanks --_000_9510D26531EF184D9017DF24659BB87F326654C8EAEMV65UKRDdoma_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Late cc.

 

Date is Tuesday 14th Dec 4pm GMT

 

From: multipathtcp-bounces@ietf.org [mailto:= multipathtcp-bounces@ietf.org] On Behalf Of philip.eardley@bt.comSent: 01 December 2010 17:14
To: multipathtcp@ietf.orgSubject: [multipathtcp] Multipath TCP - Security interim=

 

Please let us know if you’d like a slot on the agenda. H= ere’s a rough draft agenda:

·= ;     = ;    Background

·&= nbsp;        What attackers are we protecting against

·   =       Outline propo= sed solution

·         <= /span>Open issues

 

Webex details are now on wiki <= a href=3D"http://trac.tools.ietf.org/wg/mptcp/trac/wiki/Interim_Dec_2010">h= ttp://trac.tools.ietf.org/wg/mptcp/trac/wiki/Interim_Dec_2010

 

thanks<= o:p>

= --_000_9510D26531EF184D9017DF24659BB87F326654C8EAEMV65UKRDdoma_-- From stpeter@stpeter.im Fri Dec 10 14:52:28 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8E28328C160; Fri, 10 Dec 2010 14:52:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.524 X-Spam-Level: X-Spam-Status: No, score=-102.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pooBEj5tHnYh; Fri, 10 Dec 2010 14:52:27 -0800 (PST) Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id 5CB8428C0F3; Fri, 10 Dec 2010 14:52:24 -0800 (PST) Received: from dhcp-64-101-72-173.cisco.com (dhcp-64-101-72-173.cisco.com [64.101.72.173]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 69D59400F6; Fri, 10 Dec 2010 16:05:59 -0700 (MST) Message-ID: <4D02AF81.6000907@stpeter.im> Date: Fri, 10 Dec 2010 15:53:53 -0700 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: http-auth@ietf.org X-Enigmail-Version: 1.1.1 OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms010603010501000706070400" Cc: "kitten@ietf.org" , websec@ietf.org, saag@ietf.org, "apps-discuss@ietf.org" , "ietf-http-wg@w3.org Group" Subject: [saag] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Dec 2010 22:52:28 -0000 This is a cryptographically signed message in MIME format. --------------ms010603010501000706070400 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Is it time to start thinking about next-generation authentication technologies for HTTP? We all know that BASIC and DIGEST are ancient and crufty and lacking many features and security properties we might want, but there hasn't been much discussion about more modern approaches. Here are a few things I've found: 1. Way back in 2001, Keith Burdis wrote an I-D about upgrading to SASL within HTTP: http://tools.ietf.org/id/draft-burdis-http-sasl-00.txt 2. In 2007, Robert Sayre put together a few slides on the topic: http://people.mozilla.com/~sayrer/2007/auth.html 3. Yutaka Oiwa and his colleagues have been working on a protocol for mutual auth: http://tools.ietf.org/html/draft-oiwa-http-mutualauth-08 Other than that, I'm not aware of much activity. What have I missed? Does it make sense to perhaps hold an exploratory BoF at the next IETF meeting (Prague, March 2011) to get people thinking about this topic? If you're interested, please discuss on the http-auth@ietf.org list: https://www.ietf.org/mailman/listinfo/http-auth Thanks! Peter --=20 Peter Saint-Andre https://stpeter.im/ --------------ms010603010501000706070400 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIITzjCC BjQwggQcoAMCAQICASMwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoT DVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp Z25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3 MTAyNDIxMDMzM1oXDTE3MTAyNDIxMDMzM1owgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1T dGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWdu aW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAzIFByaW1hcnkgSW50ZXJtZWRpYXRlIENs aWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALmjSW4SPiDKlAinvVeL ZOVfItiuP1aRHL530E7QUc9icCwL33+PH+Js1HAh8CgWFl34sOxx1FJyS/C4VLPRsqDfP72j tzCVUAL0DAxZ7wgzQvFz7x61jGxfhYhqYb1+PPOLkYBbkRIrPMg3dLEdKmXIYJYXDH+mB/V/ jLo73/Kb7h/rNoNg/oHHSv5Jolyvp5IY2btfcTBfW/telEFj5rDTX2juTvZ3Qhf3XQX5ca3Q 7A10zrUV/cWJOJ7F5RltbEIaboZmX5JBUb3FhUiAdBotehAX6DbDOuYoJtVxmGof6GuVGcPo 98K4TJf8FHo+UA9EOVDp/W7fCqKT4sXk/XkCAwEAAaOCAa0wggGpMA8GA1UdEwEB/wQFMAMB Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7iZySlyShhEcCy3T8LvSs3DLl8zAfBgNV HSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRaMFgwJwYIKwYBBQUH MAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYhaHR0cDovL3d3 dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6Ly93d3cu c3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20v c2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0 dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQELBQADggIBAGpd SbdLFMhirxK37V4gE00+uW74UdAXtDgQI3AsRZWtaRtKHgAxFBSteqz4kDkeAjH/1b+K8tQR 6cxSI2nho7qOaPW/UpzOfSS/MeKK/9vfM2lfs+uItXH7LWtvS9wD1erfH1a+BXHCrCp4LA1l fADDhRIiGTSS3i0Zu5xV3INNRHrCCCl6patltQ8RZTqzDMri7ombgIxjN51Zo7xV77EZcThV 0GA8iIN+7T53uHhUJpjfLIztHs/69OclRvHux9hCflfOm7GY5Sc4nqjfES+5XPArGGWiQSEk ez37QfXqsxO3oCHK4b3DFZysG4uyOuC/WL80ab3muQ3tgwjBhq0D3JZN5kvu5gSuNZPa1WrV hEgXkd6C7s5stqB6/htVpshG08jRz9DEutGM9oKQ1ncTivbfPNx7pILoHWvvT7N5i/puVoNu bPUmLXh/2wA6wzAzuuoONiIL14Xpw6jLSnqpaLWElo2yTIFZ/CU/nCvvpW1Dj1457P3Ci9bD 0RPkWSR+CuucpgxrEmaw4UOLxflzuYYaq1RJwygOO5K0s2bAWOcXpgteyUOnQ3d/EjJAWRri 2v0ubiq+4H3KUOMlbznlPAY/1T8YyyJPM88+Ueahe/AW1zoUwZayNcTnuM7cq6yBV8Wr3GOI LFXhtT0UVuJLChPMJKVKVsa7qNorlLkMMIIGxzCCBa+gAwIBAgICAIswDQYJKoZIhvcNAQEF BQAwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJT ZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD bGFzcyAzIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0xMDEwMTQwMTM2MzRa Fw0xMjEwMTQxMjAxMDdaMIHAMSAwHgYDVQQNExcyNzQ1ODEtOU5YMDRxeExEYjBvNDY5VDEL MAkGA1UEBhMCVVMxETAPBgNVBAgTCENvbG9yYWRvMQ8wDQYDVQQHEwZEZW52ZXIxLDAqBgNV BAsTI1N0YXJ0Q29tIFRydXN0ZWQgQ2VydGlmaWNhdGUgTWVtYmVyMRowGAYDVQQDExFQZXRl ciBTYWludC1BbmRyZTEhMB8GCSqGSIb3DQEJARYSc3RwZXRlckBzdHBldGVyLmltMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuERvnrkpQTx9wbJfgxbNKEYvt0IilecZRUM6 wrbCzIUPCocuYhaAJcQoqIyHaKybPQ7f+DIGIAolAa3dHnNdlsXP2smTft/ZNpj10PIG5bil NAqLUYwmLJaEaqY7BMW8423U3blW43/luLJk/Pq4OsWcw7AK3LeVh1U/HOgqhin26N3h72X1 nbLEpZFrgcp8egmWtXLCbLBDMqUK3j6wjLldni79muzYEVqU0A5GqSeb8Wc4kIx8VI5yL24J KzinG2iVRP5ZDEbOZETzBXJabUsV56XSxqPG9DK6ke+ybCiL/wKV1HFqdtFB1y25lfvHgOP2 gyEApBKEDNjgLmKyyQIDAQABo4IC+zCCAvcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYD VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBS2EW2iNB+g0EibKJLBdv8I eLovVDAfBgNVHSMEGDAWgBR7iZySlyShhEcCy3T8LvSs3DLl8zAdBgNVHREEFjAUgRJzdHBl dGVyQHN0cGV0ZXIuaW0wggFCBgNVHSAEggE5MIIBNTCCATEGCysGAQQBgbU3AQICMIIBIDAu BggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEF BQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRlLnBkZjCBtwYIKwYB BQUHAgIwgaowFBYNU3RhcnRDb20gTHRkLjADAgEBGoGRTGltaXRlZCBMaWFiaWxpdHksIHNl ZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2YgdGhlIFN0YXJ0Q29tIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFpbGFibGUgYXQgaHR0cDovL3d3dy5zdGFydHNz bC5jb20vcG9saWN5LnBkZjBjBgNVHR8EXDBaMCugKaAnhiVodHRwOi8vd3d3LnN0YXJ0c3Ns LmNvbS9jcnR1My1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnR1 My1jcmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5z dGFydHNzbC5jb20vc3ViL2NsYXNzMy9jbGllbnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczMuY2xpZW50LmNhLmNydDAjBgNVHRIE HDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQEFBQADggEBADVtbXJG tKAr55xc/OUM546gXUybI72Bank0w739Mv+9BBNtq9rMEvCnLmSKhBi76c1mdXh6zXs8RQDo 6nR/aPabE3llF2T4z80smi9jfnl3y9dpu9TcgDoqDLZ7a2lBlW656XAAQzHjvLp2MC7/mxlg PYH2axa+q40mAYM20GbNsAEGbWQT1IqIh0BcLLsgbaMJHbyG/57zd9JLyMX3Vry1L1fJRQr3 GeLxMV5RtxN+mBgxrwFz/cOc09COiFExlsHgekpB5O43gqsAU16MXypyoSt4MrSfKTMHIGx6 2RF/M6vqUlvhi28gk2ZUvQ/+OX5+gjcZyooEzAAn4RuOKNswggbHMIIFr6ADAgECAgIAizAN BgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4x KzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMT L1N0YXJ0Q29tIENsYXNzIDMgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBMB4XDTEw MTAxNDAxMzYzNFoXDTEyMTAxNDEyMDEwN1owgcAxIDAeBgNVBA0TFzI3NDU4MS05TlgwNHF4 TERiMG80NjlUMQswCQYDVQQGEwJVUzERMA8GA1UECBMIQ29sb3JhZG8xDzANBgNVBAcTBkRl bnZlcjEsMCoGA1UECxMjU3RhcnRDb20gVHJ1c3RlZCBDZXJ0aWZpY2F0ZSBNZW1iZXIxGjAY BgNVBAMTEVBldGVyIFNhaW50LUFuZHJlMSEwHwYJKoZIhvcNAQkBFhJzdHBldGVyQHN0cGV0 ZXIuaW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4RG+euSlBPH3Bsl+DFs0o Ri+3QiKV5xlFQzrCtsLMhQ8Khy5iFoAlxCiojIdorJs9Dt/4MgYgCiUBrd0ec12Wxc/ayZN+ 39k2mPXQ8gbluKU0CotRjCYsloRqpjsExbzjbdTduVbjf+W4smT8+rg6xZzDsArct5WHVT8c 6CqGKfbo3eHvZfWdssSlkWuBynx6CZa1csJssEMypQrePrCMuV2eLv2a7NgRWpTQDkapJ5vx ZziQjHxUjnIvbgkrOKcbaJVE/lkMRs5kRPMFclptSxXnpdLGo8b0MrqR77JsKIv/ApXUcWp2 0UHXLbmV+8eA4/aDIQCkEoQM2OAuYrLJAgMBAAGjggL7MIIC9zAJBgNVHRMEAjAAMAsGA1Ud DwQEAwIEsDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYEFLYRbaI0 H6DQSJsoksF2/wh4ui9UMB8GA1UdIwQYMBaAFHuJnJKXJKGERwLLdPwu9KzcMuXzMB0GA1Ud EQQWMBSBEnN0cGV0ZXJAc3RwZXRlci5pbTCCAUIGA1UdIASCATkwggE1MIIBMQYLKwYBBAGB tTcBAgIwggEgMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3ku cGRmMDQGCCsGAQUFBwIBFihodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9pbnRlcm1lZGlhdGUu cGRmMIG3BggrBgEFBQcCAjCBqjAUFg1TdGFydENvbSBMdGQuMAMCAQEagZFMaW1pdGVkIExp YWJpbGl0eSwgc2VlIHNlY3Rpb24gKkxlZ2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRD b20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8v d3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMGMGA1UdHwRcMFowK6ApoCeGJWh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL2NydHUzLWNybC5jcmwwK6ApoCeGJWh0dHA6Ly9jcmwuc3RhcnRz c2wuY29tL2NydHUzLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYBBQUHMAGGLWh0 dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MzL2NsaWVudC9jYTBCBggrBgEFBQcw AoY2aHR0cDovL3d3dy5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMy5jbGllbnQuY2Eu Y3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF AAOCAQEANW1tcka0oCvnnFz85QznjqBdTJsjvYFqeTTDvf0y/70EE22r2swS8KcuZIqEGLvp zWZ1eHrNezxFAOjqdH9o9psTeWUXZPjPzSyaL2N+eXfL12m71NyAOioMtntraUGVbrnpcABD MeO8unYwLv+bGWA9gfZrFr6rjSYBgzbQZs2wAQZtZBPUioiHQFwsuyBtowkdvIb/nvN30kvI xfdWvLUvV8lFCvcZ4vExXlG3E36YGDGvAXP9w5zT0I6IUTGWweB6SkHk7jeCqwBTXoxfKnKh K3gytJ8pMwcgbHrZEX8zq+pSW+GLbyCTZlS9D/45fn6CNxnKigTMACfhG44o2zGCA80wggPJ AgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UE CxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRD b20gQ2xhc3MgMyBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAgCLMAkGBSsOAwIa BQCgggIOMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEwMTIx MDIyNTM1M1owIwYJKoZIhvcNAQkEMRYEFEc4/NVCfSwpT+QNDvCgpHSbEhzeMF8GCSqGSIb3 DQEJDzFSMFAwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggq hkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBpAYJKwYBBAGCNxAEMYGWMIGT MIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2Vj dXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh c3MgMyBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAgCLMIGmBgsqhkiG9w0BCRAC CzGBlqCBkzCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNV BAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0 Q29tIENsYXNzIDMgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgIAizANBgkqhkiG 9w0BAQEFAASCAQArS8iF6UaxjKPP8ZrqY92kvXQSzbAWneUkedNjKuuEe+NjbnMcEyOJKrEL JQ6vyvnJcH8alEuqqtib17GOLwhc9gZ91SrgglZw/tcmCGLop3wCZX1bLxWBgCGwKpV4YOHU UqFh+TiUA4zJ2xZgx97JdozaI93e/4r4fLHUOfQkmh9i6XiFK98MZJtprN7evEQSSz+J31Mg vH9Qk3lOdITQhaXYoPCiJY7UPJopWHIs8jsBsdAUDptcrR6QpEdgx4y8D6UY/xQUfS4ifFHR 6Vaqs4gELB0xUoaB0ICY9s8rRdLdWDM+hCxRETfM7Mh8RECSUmKr4LE80SvA+0ChR5vkAAAA AAAA --------------ms010603010501000706070400-- From paul.hoffman@vpnc.org Fri Dec 10 15:08:11 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E792D28C176; Fri, 10 Dec 2010 15:08:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.456 X-Spam-Level: X-Spam-Status: No, score=-101.456 tagged_above=-999 required=5 tests=[AWL=0.590, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vA2caBcrvZhs; Fri, 10 Dec 2010 15:08:10 -0800 (PST) Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id 2D28428C170; Fri, 10 Dec 2010 15:08:10 -0800 (PST) Received: from [10.20.30.150] (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id oBAN9eKg012365 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 10 Dec 2010 16:09:42 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: <4D02AF81.6000907@stpeter.im> References: <4D02AF81.6000907@stpeter.im> Date: Fri, 10 Dec 2010 15:09:39 -0800 To: Peter Saint-Andre , http-auth@ietf.org From: Paul Hoffman Content-Type: text/plain; charset="us-ascii" Cc: "kitten@ietf.org" , websec@ietf.org, saag@ietf.org, "apps-discuss@ietf.org" , "ietf-http-wg@w3.org Group" Subject: Re: [saag] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Dec 2010 23:08:11 -0000 At 3:53 PM -0700 12/10/10, Peter Saint-Andre wrote: >Other than that, I'm not aware of much activity. What have I missed? TLS client certificates. --Paul Hoffman, Director --VPN Consortium From hotz@jpl.nasa.gov Fri Dec 10 18:58:26 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BAA253A6C0C; Fri, 10 Dec 2010 18:58:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id slildIl8V3MP; Fri, 10 Dec 2010 18:58:25 -0800 (PST) Received: from mail.jpl.nasa.gov (smtp.jpl.nasa.gov [128.149.139.109]) by core3.amsl.com (Postfix) with ESMTP id E18AF3A68B6; Fri, 10 Dec 2010 18:58:25 -0800 (PST) Received: from laphotz.jpl.nasa.gov (laphotz.jpl.nasa.gov [128.149.133.44]) (authenticated (0 bits)) by smtp.jpl.nasa.gov (Switch-3.4.3/Switch-3.4.3) with ESMTP id oBB2xo8u016846 (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits) verified NO); Fri, 10 Dec 2010 18:59:57 -0800 Mime-Version: 1.0 (Apple Message framework v1081) Content-Type: text/plain; charset=us-ascii From: "Henry B. Hotz" In-Reply-To: <4D02AF81.6000907@stpeter.im> Date: Fri, 10 Dec 2010 18:59:49 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4D02AF81.6000907@stpeter.im> To: Peter Saint-Andre X-Mailer: Apple Mail (2.1081) X-Source-IP: laphotz.jpl.nasa.gov [128.149.133.44] X-Source-Sender: hotz@jpl.nasa.gov X-AUTH: Authorized Cc: "apps-discuss@ietf.org" , "websec@ietf.org" , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , "ietf-http-wg@w3.org Group" Subject: Re: [saag] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Dec 2010 02:58:26 -0000 On Dec 10, 2010, at 2:53 PM, Peter Saint-Andre wrote: > Is it time to start thinking about next-generation authentication > technologies for HTTP? > 1. Way back in 2001, Keith Burdis wrote an I-D about upgrading to SASL > within HTTP: http://tools.ietf.org/id/draft-burdis-http-sasl-00.txt I think http://tools.ietf.org/html/draft-williams-tls-app-sasl-opt-04 is = the most recent iteration on the concept. This is at the TLS layer, not = the http layer. As Paul Hoffman said, X.509 client cert's. In fact one could argue = that's the traditional solution and that software support is already = widely available. Some organizations make this more practical by = issuing the client certs with KX509. = http://tools.ietf.org/search/draft-hotz-kx509-01 (-; Comments are still = desired! ;-) http://tools.ietf.org/html/rfc4559 (Microsoft's HTTP-Negotiate) Note = that W7/2K8 add channel binding to that, but it's an incompatible = upgrade, so it may not get the use it should. There is also active work in the abfab wg which is related. Please try = to synergise, not compete with that work. SAML Web-sso ---- IMO there are already enough options which don't do channel binding with = the enclosing TLS session. I believe any solution you propose should = either do that, or should operate as part of TLS itself. ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu From Nicolas.Williams@oracle.com Fri Dec 10 21:20:35 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4ED453A6CD6; Fri, 10 Dec 2010 21:20:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.536 X-Spam-Level: X-Spam-Status: No, score=-6.536 tagged_above=-999 required=5 tests=[AWL=0.062, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IOl0oREfL3jB; Fri, 10 Dec 2010 21:20:34 -0800 (PST) Received: from rcsinet10.oracle.com (rcsinet10.oracle.com [148.87.113.121]) by core3.amsl.com (Postfix) with ESMTP id 342833A6CD4; Fri, 10 Dec 2010 21:20:34 -0800 (PST) Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.2) with ESMTP id oBB5M48l019515 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sat, 11 Dec 2010 05:22:05 GMT Received: from acsmt354.oracle.com (acsmt354.oracle.com [141.146.40.154]) by rcsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id oBB5M31Y020970; Sat, 11 Dec 2010 05:22:03 GMT Received: from abhmt012.oracle.com by acsmt353.oracle.com with ESMTP id 845443701292044884; Fri, 10 Dec 2010 21:21:24 -0800 Received: from oracle.com (/10.135.193.24) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 10 Dec 2010 21:21:23 -0800 Date: Fri, 10 Dec 2010 23:21:18 -0600 From: Nicolas Williams To: Peter Saint-Andre Message-ID: <20101211052117.GA29086@oracle.com> References: <4D02AF81.6000907@stpeter.im> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4D02AF81.6000907@stpeter.im> User-Agent: Mutt/1.5.20 (2010-03-02) Cc: "apps-discuss@ietf.org" , websec@ietf.org, "kitten@ietf.org" , http-auth@ietf.org, saag@ietf.org, "ietf-http-wg@w3.org Group" Subject: Re: [saag] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Dec 2010 05:20:35 -0000 On Fri, Dec 10, 2010 at 03:53:53PM -0700, Peter Saint-Andre wrote: > Is it time to start thinking about next-generation authentication > technologies for HTTP? > > We all know that BASIC and DIGEST are ancient and crufty and lacking > many features and security properties we might want, but there hasn't > been much discussion about more modern approaches. Here are a few things > I've found: > > 1. Way back in 2001, Keith Burdis wrote an I-D about upgrading to SASL > within HTTP: http://tools.ietf.org/id/draft-burdis-http-sasl-00.txt I have this: draft-williams-tls-app-sasl-opt-04.txt which could easily be made usable from HTTP. > If you're interested, please discuss on the http-auth@ietf.org list: > > https://www.ietf.org/mailman/listinfo/http-auth One more list... :) Nico -- From ynir@checkpoint.com Sat Dec 11 15:14:20 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C6BDD3A6CF7; Sat, 11 Dec 2010 15:14:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.364 X-Spam-Level: X-Spam-Status: No, score=-9.364 tagged_above=-999 required=5 tests=[AWL=1.235, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2a-6pFCQ27YO; Sat, 11 Dec 2010 15:14:20 -0800 (PST) Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by core3.amsl.com (Postfix) with ESMTP id 94A583A6D09; Sat, 11 Dec 2010 15:14:19 -0800 (PST) X-CheckPoint: {4D040629-0-1B221DC2-2FFFF} Received: from il-ex01.ad.checkpoint.com (il-ex01.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id oBBNFrmj001961; Sun, 12 Dec 2010 01:15:53 +0200 Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Sun, 12 Dec 2010 01:15:52 +0200 From: Yoav Nir To: websec , Peter Saint-Andre Date: Sun, 12 Dec 2010 01:15:51 +0200 Thread-Topic: [saag] HTTP authentication: the next generation Thread-Index: AcuZiVq4ANG3mfypQUiHj/vOrV2Hpw== Message-ID: <5C0D484C-682B-4B7B-B7EA-DFC78ADA3ED4@checkpoint.com> References: <4D02AF81.6000907@stpeter.im> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "http-auth@ietf.org" , "saag@ietf.org" , "apps-discuss@ietf.org" , "ietf-http-wg@w3.org Group" Subject: Re: [saag] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Dec 2010 23:14:20 -0000 resending with less recipients... On Dec 12, 2010, at 1:10 AM, Yoav Nir wrote: >=20 > On Dec 11, 2010, at 1:09 AM, Paul Hoffman wrote: >=20 >> At 3:53 PM -0700 12/10/10, Peter Saint-Andre wrote: >>> Other than that, I'm not aware of much activity. What have I missed? >>=20 >> TLS client certificates. >=20 > TLS client certificates work, but as we've learned both with the web and = with IPsec clients, people would much rather not use them. A few IETFs ago = (Chicago?), a bunch of us tried to push the idea of TLS with EAP authentica= tion. >=20 > http://tools.ietf.org/html/draft-nir-tls-eap >=20 > At the time, the TLS working group (and an AD) told us that this would co= ntradict the applicability statement of EAP, so no, you cannot use EAP for = anything other than network access.=20 >=20 > Now we have the abfab working group, so I don't think this still holds. >=20 > Also, I agree with Marsh, that authentication is not enough, and you need= the rest of TLS anyway. >=20 > So yes, I think that it is time to resurrect HTTP authentication. >=20 > Yoav >=20 >=20 From ynir@checkpoint.com Sun Dec 12 06:20:48 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CD6F83A6DC3; Sun, 12 Dec 2010 06:20:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.459 X-Spam-Level: X-Spam-Status: No, score=-9.459 tagged_above=-999 required=5 tests=[AWL=1.140, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0nFTpAiwfcwo; Sun, 12 Dec 2010 06:20:47 -0800 (PST) Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by core3.amsl.com (Postfix) with ESMTP id EB9663A6DC0; Sun, 12 Dec 2010 06:20:46 -0800 (PST) X-CheckPoint: {4D04DA9D-0-1B221DC2-2FFFF} Received: from il-ex01.ad.checkpoint.com (il-ex01.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id oBCEMKn0026696; Sun, 12 Dec 2010 16:22:21 +0200 Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Sun, 12 Dec 2010 16:22:20 +0200 From: Yoav Nir To: Alexey Melnikov Date: Sun, 12 Dec 2010 16:22:23 +0200 Thread-Topic: [kitten] [saag] HTTP authentication: the next generation Thread-Index: AcuaB/xyAYCHWnJxTlaeEDShPLa+xg== Message-ID: References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> In-Reply-To: <4D04D7D6.4090105@isode.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "apps-discuss@ietf.org" , websec , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Dec 2010 14:20:49 -0000 EAP has one advantage. It is easy to integrate with existing RADIUS/DIAMETE= R infrastructure.=20 On Dec 12, 2010, at 4:10 PM, Alexey Melnikov wrote: > Yaron Sheffer wrote: >=20 >> Hi Luke, >>=20 >> I am not a big fan of EAP myself (although I am a co-author on Yoav's=20 >> TLS-EAP), but no, for pragmatic reasons SASL is not the moral equivalent= . >>=20 >> There is a number of EAP methods that provide zero-knowledge password=20 >> based mutual authentication (i.e. password based auth that's *not*=20 >> susceptible to dictionary attacks). These include (see=20 >> http://www.iana.org/assignments/eap-numbers/eap-numbers.xml#eap-numbers-= 3):=20 >> EAP-SRP-SHA1, EAP-pwd, EAP-EKE and EAP-SPEKE. >>=20 >> As far as I can see=20 >> (http://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml),= =20 >> SASL does not provide any equivalent method. >=20 > There is an expired SASL SRP draft, which can be revived, if needed. >=20 >> Thanks, >> Yaron >>=20 >> On 12/12/2010 03:38 AM, Luke Howard wrote: >>=20 >>> On 12/12/2010, at 10:10 AM, Yoav Nir wrote: >>>=20 >>>> On Dec 11, 2010, at 1:09 AM, Paul Hoffman wrote: >>>>=20 >>>>> At 3:53 PM -0700 12/10/10, Peter Saint-Andre wrote: >>>>>=20 >>>>>> Other than that, I'm not aware of much activity. What have I missed? >>>>>=20 >>>>>=20 >>>>> TLS client certificates. >>>>=20 >>>>=20 >>>> TLS client certificates work, but as we've learned both with the web=20 >>>> and with IPsec clients, people would much rather not use them. A few=20 >>>> IETFs ago (Chicago?), a bunch of us tried to push the idea of TLS=20 >>>> with EAP authentication. >>>>=20 >>>> http://tools.ietf.org/html/draft-nir-tls-eap >>>=20 >>>=20 >>> Does draft-williams-tls-app-sasl-opt-04.txt + abfab get you the moral=20 >>> equivalent? >>>=20 >>> -- Luke >>=20 >=20 >=20 > Scanned by Check Point Total Security Gateway. From alexey.melnikov@isode.com Sun Dec 12 10:39:27 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D9B343A6DF1; Sun, 12 Dec 2010 10:39:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.953 X-Spam-Level: X-Spam-Status: No, score=-102.953 tagged_above=-999 required=5 tests=[AWL=-0.354, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8fihkoYXOihe; Sun, 12 Dec 2010 10:39:27 -0800 (PST) Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by core3.amsl.com (Postfix) with ESMTP id AFFEB3A6DEE; Sun, 12 Dec 2010 10:39:26 -0800 (PST) Received: from [192.168.0.102] ((unknown) [109.73.6.25]) by rufus.isode.com (submission channel) via TCP with ESMTPA id ; Sun, 12 Dec 2010 18:41:01 +0000 X-SMTP-Protocol-Errors: NORDNS Message-ID: <4D051731.1020400@isode.com> Date: Sun, 12 Dec 2010 21:40:49 +0300 From: Alexey Melnikov User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: en-us, en To: Yoav Nir References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: "apps-discuss@ietf.org" , websec , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Dec 2010 18:39:28 -0000 Yoav Nir wrote: >EAP has one advantage. It is easy to integrate with existing RADIUS/DIAMETER infrastructure. > True. And SASL has an advantage that it is easier to integrate with LDAP infrastructure. I think this just demonstrates that before an HTTP authentication mechanism can be evaluated, people need to agree on a common evaluation criteria for HTTP authentication. From ynir@checkpoint.com Sun Dec 12 14:05:01 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B4ABE28C0D9; Sun, 12 Dec 2010 14:05:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.501 X-Spam-Level: X-Spam-Status: No, score=-9.501 tagged_above=-999 required=5 tests=[AWL=1.098, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z4vmhh7ZUTmo; Sun, 12 Dec 2010 14:05:00 -0800 (PST) Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by core3.amsl.com (Postfix) with ESMTP id 8DA9A28C0D6; Sun, 12 Dec 2010 14:04:59 -0800 (PST) X-CheckPoint: {4D05476B-0-1B221DC2-2FFFF} Received: from il-ex01.ad.checkpoint.com (il-ex01.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id oBCM6VZI007290; Mon, 13 Dec 2010 00:06:31 +0200 Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Mon, 13 Dec 2010 00:06:31 +0200 From: Yoav Nir To: Eliot Lear Date: Mon, 13 Dec 2010 00:06:29 +0200 Thread-Topic: [apps-discuss] [kitten] [saag] HTTP authentication: the next generation Thread-Index: AcuaSNSrne/txJ/+ThWOBmTF9om+dQ== Message-ID: <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> In-Reply-To: <4D054041.7010203@cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "apps-discuss@ietf.org" , websec , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [apps-discuss] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Dec 2010 22:05:02 -0000 Because I'd rather not implement too many mechanisms in my browser or in my= web server. And if EAP integrates better with RADIUS, while SASL integrates better with= LDAP, it's still bad design to expose the server's backend to the client b= y the authentication protocol. Let's try and list the requirements for HTTP authentication: - It has to be integrated in the protocol, not the application - It has to be secure against phishing - if the attacker gets you to authen= ticate, they can't later use that authentication to connect to the real ser= ver - If the authentication succeeded, then (a) you typed your password correct= ly, and (b) this is really the server EAP has some methods that do this. SASL can probably be made to do this, bu= t with an extra layer. On Dec 12, 2010, at 11:36 PM, Eliot Lear wrote: > Why settle for one? >=20 > On 12/12/10 7:40 PM, Alexey Melnikov wrote: >> Yoav Nir wrote: >>=20 >>> EAP has one advantage. It is easy to integrate with existing >>> RADIUS/DIAMETER infrastructure. >>>=20 >> True. >> And SASL has an advantage that it is easier to integrate with LDAP >> infrastructure. >>=20 >> I think this just demonstrates that before an HTTP authentication >> mechanism can be evaluated, people need to agree on a common >> evaluation criteria for HTTP authentication. >>=20 >> _______________________________________________ >> apps-discuss mailing list >> apps-discuss@ietf.org >> https://www.ietf.org/mailman/listinfo/apps-discuss >>=20 >=20 > Scanned by Check Point Total Security Gateway. From ynir@checkpoint.com Mon Dec 13 00:47:43 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2AD0D3A6D70; Mon, 13 Dec 2010 00:47:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.54 X-Spam-Level: X-Spam-Status: No, score=-9.54 tagged_above=-999 required=5 tests=[AWL=1.059, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4HPTUmFhZBCJ; Mon, 13 Dec 2010 00:47:41 -0800 (PST) Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by core3.amsl.com (Postfix) with ESMTP id 1BCB73A6CED; Mon, 13 Dec 2010 00:47:40 -0800 (PST) X-CheckPoint: {4D05DE0D-D-1B221DC2-2FFFF} Received: from il-ex01.ad.checkpoint.com (il-ex01.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id oBD8n31r011021; Mon, 13 Dec 2010 10:49:14 +0200 Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Mon, 13 Dec 2010 10:49:05 +0200 From: Yoav Nir To: Marsh Ray Date: Mon, 13 Dec 2010 10:49:08 +0200 Thread-Topic: [websec] [kitten] [saag] HTTP authentication: the next generation Thread-Index: AcuaopkknTdJEIPhRueT7ek5WBXGLQ== Message-ID: References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <2230EA03-32C5-4D34-BC6B-304E813BE3A7@gbiv.com> <4D056D83.2020704@extendedsubset.com> In-Reply-To: <4D056D83.2020704@extendedsubset.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "http-auth@ietf.org" , websec , "saag@ietf.org" , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [websec] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 08:47:43 -0000 On Dec 13, 2010, at 2:49 AM, Marsh Ray wrote: > On 12/12/2010 04:39 PM, Roy T. Fielding wrote: >>=20 >> Define them all and let's have a bake-off. It has been 16 years >> since HTTP auth was taken out of our hands so that the security >> experts could define something perfect. Zero progress so far. >=20 > Perhaps it's a bad idea? Disagree. Authentication is very much needed in the web. The current state = is that websites have you fill in a form, and store a session cookie. We al= l know how this fails. An attacker can make a login page that looks like go= ogle's or paypal's or bankleumi.co.il just as easily as the respective orga= nizations, and gain access to their credentials. This is good enough for Google, who need the cookies to track your searches= and emails so as to match them to ads. A little bit of someone searching t= he web with someone else's userid doesn't make much difference to them. But= if I have some important information in my gmail account, or money in bank= leumi, I would like to avoid sending my password in the clear to an attacke= r's site. And things like SRP can do this. If SRP succeeds with a remote s= erver, I know that it's the right server. Client certificates would work even better, but client certificates have th= eir own set of problems, which is why they're not widely used. I agree with you that layering whatever authentication on top of HTTP witho= ut at least message authentication is not a good idea, so TLS seems like th= e right choice - all those bank and email sites are already doing it. But w= e do need something more useable than certificates, and for now, this means= passwords. >=20 >> We >> should just define everything and let the security experts do what >> they do best -- find the holes and tell us what not to implement. >=20 > I know some professional pen-testers who would love that! >=20 > Check out these videos. This is what happens when you take a=20 > general-purpose authentication protocol and repurpose it for use across=20 > the internet for an insecure application protocol: >=20 > http://extendedsubset.com/smb_relay_fully_patched.wmv > http://extendedsubset.com/smb_reflection_arp_poisoning.wmv > http://extendedsubset.com/?p=3D36 >=20 > This case is NTLMv2, but the phenomenon is not limited to that. >=20 > The problem is that most general-purpose authentication protocols do not= =20 > require enough specificity about the context of the authentication: who=20 > and what are you authenticating, to whom, and how does each side know=20 > it's operating under the same beliefs as the other? >=20 > This means that even if the client wants to be careful and authenticate=20 > only for the purpose of setting up a secure connection, the attacker can= =20 > possibly forward that authentication to auth his own connection or=20 > transaction on some other service (on the same or even a different server= ). >=20 > Most auth protocols don't let the client strongly verify the server's=20 > identity before the client has to authenticate with his own. This is=20 > probably at least in part because it requires some common infrastructure= =20 > to do this. So Kerberos and x509 PKI systems can authenticate the server= =20 > (and sometimes even the target service), but most others do not. >=20 > Since HTTP lacks connection integrity, it's meaningless to speak of "an=20 > authenticated client". Perhaps the only thing that could be meaningfully= =20 > authenticated is the request data itself. But auth protocols designed=20 > for setting up persistent connections typically don't have defined=20 > inputs for the message data/digest being signed, so it's often=20 > impractical to reuse them for that purpose. >=20 > These issues have been mostly addressed at the protocol level for TLS=20 > client cert authentication. If it really just comes down to deployment=20 > and client usability issues, it's hard to imagine coming up with=20 > something at another layer which would have less risk than building on=20 > top of that. >=20 > Deploying new uses of compatible, standard authentication protocols over= =20 > insecure application protocols can be bad for the greater security=20 > ecosystem because it widens the field for cross-protocol attacks. >=20 > - Marsh > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec >=20 > Scanned by Check Point Total Security Gateway. From ynir@checkpoint.com Mon Dec 13 05:07:02 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D6DB528C0DC; Mon, 13 Dec 2010 05:07:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.611 X-Spam-Level: X-Spam-Status: No, score=-9.611 tagged_above=-999 required=5 tests=[AWL=0.988, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QbzEQ2t+Rgvk; Mon, 13 Dec 2010 05:07:01 -0800 (PST) Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by core3.amsl.com (Postfix) with ESMTP id 6A0423A6DA5; Mon, 13 Dec 2010 05:07:01 -0800 (PST) X-CheckPoint: {4D061AD6-A-1B221DC2-2FFFF} Received: from il-ex01.ad.checkpoint.com (il-ex01.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id oBDD8b6B008607; Mon, 13 Dec 2010 15:08:37 +0200 Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Mon, 13 Dec 2010 15:08:37 +0200 From: Yoav Nir To: Carsten Bormann Date: Mon, 13 Dec 2010 15:08:40 +0200 Thread-Topic: [websec] [kitten] [apps-discuss] [saag] HTTP authentication: the next generation Thread-Index: AcuaxtqbIpwUgQEmQVSWqnfszltQeg== Message-ID: <5D5AF795-22AB-4726-B791-3706693466C3@checkpoint.com> References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> In-Reply-To: <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: General discussion of application-layer protocols , websec , - Next Generation , "ietf-http-wg@w3.org Group" , "http-auth@ietf.org" , Common, "saag@ietf.org" Subject: Re: [saag] [websec] [kitten] [apps-discuss] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 13:07:03 -0000 On Dec 13, 2010, at 2:14 PM, Carsten Bormann wrote: > On Dec 13, 2010, at 12:23, Dave Cridland wrote: >=20 >> every webapp currently uses a form >=20 > Yes. Nice demonstration of conflicting requirements. >=20 > As a webapp developer, I want to control the user interface during authen= tication. > Leaving the user alone with the bland and unforgiving browser user interf= ace for HTTP auth is suicide. > I want to provide extra buttons for forgotten passwords, maybe even passw= ord hints, and a "sign up" method. > HTML/CSS/JS lends itself well to providing such a friendly user interface= . Yes. That's a big part of the problem. To get the security result we're loo= king for, the login field has to be clearly marked. A user should never be = allowed to make the mistake of thinking that a regular input field is actua= lly the password field. With Basic Auth you get some very distinctive clues= (like the sheet in Safari). So if we invent , how can the browser show it that would not be possible to replicate wit= h HTML/CSS/JS ? >=20 > As a security geek, I recognize this as exactly the problem that creates = the potential for phishing. > Having the user type credentials into a random form is never going to be = secure, HSTS notwithstanding. Agree. > Maybe the only way to address both requirements is to have something in H= TML/CSS/JS that addresses authentication interactions. > Replacing for the 21st century. This would al= low web app designers to design a nice context for this interaction, and wo= uld allow running security protocols that are binding themselves to a brows= er-server security association that may be identical to or different from t= he TLS envelope. "Storing passwords" in the browser might turn into storin= g those security associations. I don't think the security requirements can be met using this (although I'd= love to hear differently from browser people). Maybe if we could customize= the authentication dialog with some kind of icon (like favicon), and maybe= a frame or a div with some HTML elements (buttons, links). I am not a UI = expert (IANAUIE ?) but I think it's important that user authentication be q= uite distinct from the rest of the flow. IOW the user should know that at t= his point, she is not just surfing, but actually authenticating to a partic= ular server, and if she's ever presented with some web form that says "user= name:_______ password:_______" she's going to know that something is wrong. >=20 > This is not "HTTP authentication", but it might be more useful in the lon= g run. > We'll need the browser people to start any such effort. Fully agree. We really need to hear from both browser people and web applic= ation developers. No point in designing something really secure if the peop= le in google/amazon/BOA then say "no, we'll never use that" >=20 > Gruesse, Carsten >=20 > PS.: And I'd still like to have some better form of authentication for ma= chine-to-machine that can be independent from the TLS envelope. But that i= s a completely different animal. >=20 > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec >=20 > Scanned by Check Point Total Security Gateway. From rstruik.ext@gmail.com Mon Dec 13 06:13:58 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B2C523A6E96; Mon, 13 Dec 2010 06:13:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tBiJIxnDrIpw; Mon, 13 Dec 2010 06:13:57 -0800 (PST) Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by core3.amsl.com (Postfix) with ESMTP id 74CD03A6D95; Mon, 13 Dec 2010 06:13:57 -0800 (PST) Received: by ywk9 with SMTP id 9so3651354ywk.31 for ; Mon, 13 Dec 2010 06:15:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=P5i8Kc7u5FqhkDnMlie+rutuFLwUoSYU5do7NyZWsbQ=; b=CisR3nG+yxO9DW0XZLSg8U/OW/FIWtiN0S+/2iOHlTWGoRqsiVxYJ/ShDdidUQGdcE 6QLjIQEtFXST/s5842N8lpaF68T2oF4Np/xXMfp9vxOuu3xopvf7nPXtRRp/gTOwjSkK mA0EBv0PXZWXDLOyAkrJF3q4IkrOw0PBuzCbU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=DTIqYuoWJKnu8bXvuGkZB4OkOOM8m2VPPP27IdY9balJxMirPQilOfSbIIPyO8ug1R Hwr1MGfucNvcyZOeC0JWXj8oQpvY4/ZBYIwVSXhlMbzfGE/8nv3qrizWCyheZtOpLht+ 3uirOY7QqUZSxHwFp1OhCt1AR65gy5CglH7QI= Received: by 10.42.241.132 with SMTP id le4mr2775035icb.356.1292249734922; Mon, 13 Dec 2010 06:15:34 -0800 (PST) Received: from [192.168.1.102] (CPE0013100e2c51-CM00186851d6f6.cpe.net.cable.rogers.com [99.231.117.243]) by mx.google.com with ESMTPS id y8sm15060ica.14.2010.12.13.06.15.33 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 13 Dec 2010 06:15:33 -0800 (PST) Message-ID: <4D062A83.5070107@gmail.com> Date: Mon, 13 Dec 2010 09:15:31 -0500 From: Rene Struik User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: Yoav Nir References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <2230EA03-32C5-4D34-BC6B-304E813BE3A7@gbiv.com> <4D056D83.2020704@extendedsubset.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "ietf-http-wg@w3.org Group" , "http-auth@ietf.org" , websec , "saag@ietf.org" , Marsh Ray Subject: Re: [saag] [websec] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 14:13:58 -0000 Hi Yoav: Could you summarize the main problems with client certificates. To my knowledge, there are no technical problems with computational bottlenecks on the client side yet. The only problem area I could think of would be storage of private keys, but this seems solvable. Similarly, if you could point out main usability problems with certs that would be great (is this a general problem, or just an artifact of the way these are currently used?). Problems stem from realistic requirements not being met, so it is good to capture these. Rene == [excerpt email Yoav Nir as of Monday December 13, 2010, 3:49am EST] Client certificates would work even better, but client certificates have their own set of problems, which is why they're not widely used. I agree with you that layering whatever authentication on top of HTTP without at least message authentication is not a good idea, so TLS seems like the right choice - all those bank and email sites are already doing it. But we do need something more useable than certificates, and for now, this means passwords. On 13/12/2010 3:49 AM, Yoav Nir wrote: > Client certificates would work even better, but client certificates have their own set of problems, which is why they're not widely used. > > I agree with you that layering whatever authentication on top of HTTP without at least message authentication is not a good idea, so TLS seems like the right choice - all those bank and email sites are already doing it. But we do need something more useable than certificates, and for now, this means passwords. -- email: rstruik.ext@gmail.com Skype: rstruik cell: +1 (647) 867-5658 USA Google voice: +1 (415) 690-7363 From aland@deployingradius.com Mon Dec 13 06:15:21 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0275E3A6E96; Mon, 13 Dec 2010 06:15:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.574 X-Spam-Level: X-Spam-Status: No, score=-102.574 tagged_above=-999 required=5 tests=[AWL=0.025, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G+DQnsAnEMXX; Mon, 13 Dec 2010 06:15:20 -0800 (PST) Received: from liberty.deployingradius.com (liberty.deployingradius.com [88.191.76.128]) by core3.amsl.com (Postfix) with ESMTP id 1E2D728C0E4; Mon, 13 Dec 2010 06:15:20 -0800 (PST) Message-ID: <4D062AD8.4080805@deployingradius.com> Date: Mon, 13 Dec 2010 15:16:56 +0100 From: Alan DeKok User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: Yoav Nir References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> In-Reply-To: <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: "apps-discuss@ietf.org" , websec , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [apps-discuss] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 14:15:21 -0000 Yoav Nir wrote: > Because I'd rather not implement too many mechanisms in my browser or in my web server. > > And if EAP integrates better with RADIUS, It's more "already integrated with RADIUS", and "RADIUS integrates with LDAP". > while SASL integrates better with LDAP, it's still bad design to expose the server's backend to the client by the authentication protocol. EAP is already being transported over PPP, ethernet, RADIUS, Diameter, and other transport/authentication protocols. It's used because adding it is easy, and it separates the authentication protocols from the application. As for SASL, that's not my area. Alan DeKok. From rstruik.ext@gmail.com Mon Dec 13 06:23:01 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E1FFC3A6E96; Mon, 13 Dec 2010 06:23:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id peEEE9tCYakK; Mon, 13 Dec 2010 06:23:00 -0800 (PST) Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by core3.amsl.com (Postfix) with ESMTP id 409653A690B; Mon, 13 Dec 2010 06:23:00 -0800 (PST) Received: by yxt33 with SMTP id 33so3650044yxt.31 for ; Mon, 13 Dec 2010 06:24:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=1tT+GrexpAZ7NlzzSLDH+8X2oYIY0smLBeIbflLlu/g=; b=lD5LVzV1VT4YSDgf2C7YbGx/+CBTIhrAdHYN77SDx1iAKZN+Cy8gfGhXQwX+JzI5sN cXWHk63csW2f9OZ5gvMszB4VSieVxzBPcJJAwgEm7yYIT1AG//TlR8r/hwzpVjJT7bj1 +SIcmXQoOsNmkmh4d0AQCPM+fD3DUZIeTqVro= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=qL4CAk0pZRGvXXOVfPdAnZPuos+9hTkJxxZMgrMDtNI0GLzx7CUnOvDllWM8WyqqPl beV46mb1o0S1n5gJAbZV11+4jROxbYgSUVGGaNoWO1yCLn6/2ksag385Ypk8h1qRlqN1 Xq1DWG760BZNvzaud8SMXBuvyCCGMyYYrDVn8= Received: by 10.42.179.131 with SMTP id bq3mr2768968icb.193.1292250277616; Mon, 13 Dec 2010 06:24:37 -0800 (PST) Received: from [192.168.1.102] (CPE0013100e2c51-CM00186851d6f6.cpe.net.cable.rogers.com [99.231.117.243]) by mx.google.com with ESMTPS id 8sm6276699iba.10.2010.12.13.06.24.36 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 13 Dec 2010 06:24:36 -0800 (PST) Message-ID: <4D062CA2.8040402@gmail.com> Date: Mon, 13 Dec 2010 09:24:34 -0500 From: Rene Struik User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: Yoav Nir References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <2230EA03-32C5-4D34-BC6B-304E813BE3A7@gbiv.com> <4D056D83.2020704@extendedsubset.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "ietf-http-wg@w3.org Group" , "http-auth@ietf.org" , websec , "saag@ietf.org" , Marsh Ray Subject: Re: [saag] [websec] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 14:23:02 -0000 Hi Yoav: Could you summarize the main problems with client certificates. To my knowledge, there are no technical problems with computational bottlenecks on the client side yet. The only problem area I could think of would be storage of private keys, but this seems solvable. Similarly, if you could point out main usability problems with certs that would be great (is this a general problem, or just an artifact of the way these are currently used?). Problems stem from realistic requirements not being met, so it is good to capture these. Rene == [excerpt email Yoav Nir as of Monday December 13, 2010, 3:49am EST] Client certificates would work even better, but client certificates have their own set of problems, which is why they're not widely used. I agree with you that layering whatever authentication on top of HTTP without at least message authentication is not a good idea, so TLS seems like the right choice - all those bank and email sites are already doing it. But we do need something more useable than certificates, and for now, this means passwords. On 13/12/2010 3:49 AM, Yoav Nir wrote: > On Dec 13, 2010, at 2:49 AM, Marsh Ray wrote: > >> On 12/12/2010 04:39 PM, Roy T. Fielding wrote: >>> Define them all and let's have a bake-off. It has been 16 years >>> since HTTP auth was taken out of our hands so that the security >>> experts could define something perfect. Zero progress so far. >> Perhaps it's a bad idea? > Disagree. Authentication is very much needed in the web. The current state is that websites have you fill in a form, and store a session cookie. We all know how this fails. An attacker can make a login page that looks like google's or paypal's or bankleumi.co.il just as easily as the respective organizations, and gain access to their credentials. > > This is good enough for Google, who need the cookies to track your searches and emails so as to match them to ads. A little bit of someone searching the web with someone else's userid doesn't make much difference to them. But if I have some important information in my gmail account, or money in bankleumi, I would like to avoid sending my password in the clear to an attacker's site. And things like SRP can do this. If SRP succeeds with a remote server, I know that it's the right server. > > Client certificates would work even better, but client certificates have their own set of problems, which is why they're not widely used. > > I agree with you that layering whatever authentication on top of HTTP without at least message authentication is not a good idea, so TLS seems like the right choice - all those bank and email sites are already doing it. But we do need something more useable than certificates, and for now, this means passwords. > >>> We >>> should just define everything and let the security experts do what >>> they do best -- find the holes and tell us what not to implement. >> I know some professional pen-testers who would love that! >> >> Check out these videos. This is what happens when you take a >> general-purpose authentication protocol and repurpose it for use across >> the internet for an insecure application protocol: >> >> http://extendedsubset.com/smb_relay_fully_patched.wmv >> http://extendedsubset.com/smb_reflection_arp_poisoning.wmv >> http://extendedsubset.com/?p=36 >> >> This case is NTLMv2, but the phenomenon is not limited to that. >> >> The problem is that most general-purpose authentication protocols do not >> require enough specificity about the context of the authentication: who >> and what are you authenticating, to whom, and how does each side know >> it's operating under the same beliefs as the other? >> >> This means that even if the client wants to be careful and authenticate >> only for the purpose of setting up a secure connection, the attacker can >> possibly forward that authentication to auth his own connection or >> transaction on some other service (on the same or even a different server). >> >> Most auth protocols don't let the client strongly verify the server's >> identity before the client has to authenticate with his own. This is >> probably at least in part because it requires some common infrastructure >> to do this. So Kerberos and x509 PKI systems can authenticate the server >> (and sometimes even the target service), but most others do not. >> >> Since HTTP lacks connection integrity, it's meaningless to speak of "an >> authenticated client". Perhaps the only thing that could be meaningfully >> authenticated is the request data itself. But auth protocols designed >> for setting up persistent connections typically don't have defined >> inputs for the message data/digest being signed, so it's often >> impractical to reuse them for that purpose. >> >> These issues have been mostly addressed at the protocol level for TLS >> client cert authentication. If it really just comes down to deployment >> and client usability issues, it's hard to imagine coming up with >> something at another layer which would have less risk than building on >> top of that. >> >> Deploying new uses of compatible, standard authentication protocols over >> insecure application protocols can be bad for the greater security >> ecosystem because it widens the field for cross-protocol attacks. >> >> - Marsh >> _______________________________________________ >> websec mailing list >> websec@ietf.org >> https://www.ietf.org/mailman/listinfo/websec >> >> Scanned by Check Point Total Security Gateway. > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag -- email: rstruik.ext@gmail.com Skype: rstruik cell: +1 (647) 867-5658 USA Google voice: +1 (415) 690-7363 From ynir@checkpoint.com Mon Dec 13 07:27:43 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7A56A28C0F8; Mon, 13 Dec 2010 07:27:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.642 X-Spam-Level: X-Spam-Status: No, score=-9.642 tagged_above=-999 required=5 tests=[AWL=0.956, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M51piqqtxI41; Mon, 13 Dec 2010 07:27:42 -0800 (PST) Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by core3.amsl.com (Postfix) with ESMTP id CC7693A6DCB; Mon, 13 Dec 2010 07:27:41 -0800 (PST) X-CheckPoint: {4D063BCF-4-1B221DC2-2FFFF} Received: from il-ex01.ad.checkpoint.com (il-ex01.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id oBDFTFYC004878; Mon, 13 Dec 2010 17:29:15 +0200 Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Mon, 13 Dec 2010 17:29:15 +0200 From: Yoav Nir To: Rene Struik Date: Mon, 13 Dec 2010 17:29:17 +0200 Thread-Topic: [saag] [websec] [kitten] HTTP authentication: the next generation Thread-Index: Acua2n+idFmWhOqaTwCnviBIng6kdQ== Message-ID: <1D87D846-45C8-40EC-A0B9-96D61E5F6E65@checkpoint.com> References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <2230EA03-32C5-4D34-BC6B-304E813BE3A7@gbiv.com> <4D056D83.2020704@extendedsubset.com> <4D062CA2.8040402@gmail.com> In-Reply-To: <4D062CA2.8040402@gmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_1D87D84645C840ECA0B996D61E5F6E65checkpointcom_" MIME-Version: 1.0 Cc: "ietf-http-wg@w3.org Group" , "http-auth@ietf.org" , websec , "saag@ietf.org" , Marsh Ray Subject: Re: [saag] [websec] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 15:27:43 -0000 --_000_1D87D84645C840ECA0B996D61E5F6E65checkpointcom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On Dec 13, 2010, at 4:24 PM, Rene Struik wrote: Hi Yoav: Could you summarize the main problems with client certificates. To my knowledge, there are no technical problems with computational bottlenecks on the client side yet. The only problem area I could think of would be storage of private keys, but this seems solvable. Similarly, if you could point out main usability problems with certs that would be great (is this a general problem, or just an artifact of the way these are currently used?). Problems stem from realistic requirements not being met, so it is good to capture these. I can see several problems with client certificates, most related to usabil= ity, but some also to security: * Certificates do not authenticate the user. They authenticate a device.= Placing a certificate on my laptop is a close enough approximation to auth= enticating *me*, but then I can't use the same certificate on my home compu= ter, my phone, or the computer at some Internet cafe or hotel business cent= er. Passwords, on the other hand, are with me wherever I go, and can be use= d with any device. * A possible solution to the first problem would be to issue multiple ce= rtificates for use in phone, laptop and desktop. But this makes the managem= ent of all these certificates even more complicated, and increases the atta= ck surface. * While some places of business, governments and militaries are willing = to spend the money and effort required to provision certificates for all em= ployees, I don't see companies doing it for customers. It's never a good id= ea to bet that something is too big for Google to do, but I can't imagine t= hem issuing client certificates to all gmail users. Even banks, with real m= oney at stake don't do it, because the support costs would exceed the losse= s to phishing. * Issuing certificates does not solve the problem with Internet cafes. I= t makes no sense for me to install a browser certificate on some random com= puter. But don't take my word for it. Certificates are so inconvenient, that peopl= e would rather use some two-factor authentication solution, where you type = in a password, and then get a one-time code on either a fob or through an S= MS message to your phone, which is what Marsh's company does. --_000_1D87D84645C840ECA0B996D61E5F6E65checkpointcom_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
On Dec 13, 2= 010, at 4:24 PM, Rene Struik wrote:

Hi Yoav:

Could you summarize th= e main problems with client certificates. To my
knowledge, there are no= technical problems with computational
bottlenecks on the client side y= et. The only problem area I could think
of would be storage of private = keys, but this seems solvable.

Similarly, if you could point out mai= n usability problems with certs
that would be great (is this a general = problem, or just an artifact of
the way these are currently used?). Pro= blems stem from realistic
requirements not being met, so it is good to = capture these.

I can see several probl= ems with client certificates, most related to usability, but some also to s= ecurity:

  • Certificate= s do not authenticate the user. They authenticate a device. Placing a certi= ficate on my laptop is a close enough approximation to authenticating *me*,= but then I can't use the same certificate on my home computer, my phone, o= r the computer at some Internet cafe or hotel business center. Passwords, o= n the other hand, are with me wherever I go, and can be used with any devic= e.
  • A possible solution to the first problem would be to issue multi= ple certificates for use in phone, laptop and desktop. But this makes the m= anagement of all these certificates even more complicated, and increases th= e attack surface.
  • While some places of business, governments and mi= litaries are willing to spend the money and effort required to provision ce= rtificates for all employees, I don't see companies doing it for customers.= It's never a good idea to bet that something is too big for Google to do, = but I can't imagine them issuing client certificates to all gmail users. Ev= en banks, with real money at stake don't do it, because the support costs w= ould exceed the losses to phishing.
  • Issuing certificates does not s= olve the problem with Internet cafes. It makes no sense for me to install a= browser certificate on some random computer. 

But don't take my word for it. Certificates are so inconvenient, that= people would rather use some two-factor authentication solution, where you= type in a password, and then get a one-time code on either a fob or throug= h an SMS message to your phone, which is what Marsh's company does.

= --_000_1D87D84645C840ECA0B996D61E5F6E65checkpointcom_-- From yaronf.ietf@gmail.com Mon Dec 13 07:31:32 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A940F28C113; Mon, 13 Dec 2010 07:31:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.999 X-Spam-Level: X-Spam-Status: No, score=-102.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_65=0.6, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oZ8HbcaePJoN; Mon, 13 Dec 2010 07:31:29 -0800 (PST) Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by core3.amsl.com (Postfix) with ESMTP id 9A8C328C111; Mon, 13 Dec 2010 07:31:28 -0800 (PST) Received: by wyf23 with SMTP id 23so6133663wyf.31 for ; Mon, 13 Dec 2010 07:33:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=+0szgrNyk3mkmUDxf309oDZ+9GRtr8meNZqDA8AcMUE=; b=dNDusxC6geA5feEhxkQO/3IBIf77RSA4FBQR+bRQEH5tRXO/8PbfYInvGtfM9K8trB hcCmyCPLhLZDyJghltMS9GriRS04fRXtgKCYQbBqKzCt67nUbMaoehetoJAzO/+z7NgW Qd/tH93nfYIo2etamhq1o40Uf5iY0/vfVQCus= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=ordqzJOVIbEfXFOsrikEoukznWeWMJCAiKTavCcDclq3YG2b4+ifhCv+/xIbEbrVvF bUpQvvk84xgm+pBbhP2bOCrwpM3LeQDpzqpCaAtJBKdvymqaMMv5wGqUxNRmsyHZ+S/T Mco8vjpjuS7KD/s07YacFrp4iBmzd1JkDQZMU= Received: by 10.227.155.138 with SMTP id s10mr1735853wbw.61.1292254386127; Mon, 13 Dec 2010 07:33:06 -0800 (PST) Received: from [10.0.0.1] (bzq-79-176-46-32.red.bezeqint.net [79.176.46.32]) by mx.google.com with ESMTPS id m10sm4489129wbc.16.2010.12.13.07.32.56 (version=SSLv3 cipher=RC4-MD5); Mon, 13 Dec 2010 07:33:04 -0800 (PST) Message-ID: <4D063CA5.8060907@gmail.com> Date: Mon, 13 Dec 2010 17:32:53 +0200 From: Yaron Sheffer User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: Yoav Nir References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <5D5AF795-22AB-4726-B791-3706693466C3@checkpoint.com> In-Reply-To: <5D5AF795-22AB-4726-B791-3706693466C3@checkpoint.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Common@core3.amsl.com, General discussion of application-layer protocols , websec , - Next Generation , "http-auth@ietf.org" , "ietf-http-wg@w3.org Group" , Carsten Bormann , "saag@ietf.org" Subject: Re: [saag] [websec] [kitten] [apps-discuss] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 15:31:32 -0000 Just like the phrase "I am not a lawyer" is always followed by amateur legal advice (I know that for sure, I've done it myself), the same goes for "I am not a UI expert". Two comments: - There are in fact a few security-usability experts. I don't know if any of them participate in the IETF. This is an emerging research field, see e.g. http://oreilly.com/catalog/9780596008277. - (I am not a UI expert, but...) Devising UI cues is extremely difficult. People will gladly enter their password when the web site displays a JPEG-rendered padlock icon. In fact *legitimate* sites have been known to display such icons, strange as it may sound. Thanks, Yaron On 12/13/2010 03:08 PM, Yoav Nir wrote: > > On Dec 13, 2010, at 2:14 PM, Carsten Bormann wrote: > >> On Dec 13, 2010, at 12:23, Dave Cridland wrote: >> >>> every webapp currently uses a form >> >> Yes. Nice demonstration of conflicting requirements. >> >> As a webapp developer, I want to control the user interface during authentication. >> Leaving the user alone with the bland and unforgiving browser user interface for HTTP auth is suicide. >> I want to provide extra buttons for forgotten passwords, maybe even password hints, and a "sign up" method. >> HTML/CSS/JS lends itself well to providing such a friendly user interface. > > Yes. That's a big part of the problem. To get the security result we're looking for, the login field has to be clearly marked. A user should never be allowed to make the mistake of thinking that a regular input field is actually the password field. With Basic Auth you get some very distinctive clues (like the sheet in Safari). So if we invent, how can the browser show it that would not be possible to replicate with HTML/CSS/JS ? > >> >> As a security geek, I recognize this as exactly the problem that creates the potential for phishing. >> Having the user type credentials into a random form is never going to be secure, HSTS notwithstanding. > > Agree. > >> Maybe the only way to address both requirements is to have something in HTML/CSS/JS that addresses authentication interactions. >> Replacing for the 21st century. This would allow web app designers to design a nice context for this interaction, and would allow running security protocols that are binding themselves to a browser-server security association that may be identical to or different from the TLS envelope. "Storing passwords" in the browser might turn into storing those security associations. > > I don't think the security requirements can be met using this (although I'd love to hear differently from browser people). Maybe if we could customize the authentication dialog with some kind of icon (like favicon), and maybe a frame or a div with some HTML elements (buttons, links). I am not a UI expert (IANAUIE ?) but I think it's important that user authentication be quite distinct from the rest of the flow. IOW the user should know that at this point, she is not just surfing, but actually authenticating to a particular server, and if she's ever presented with some web form that says "username:_______ password:_______" she's going to know that something is wrong. > >> >> This is not "HTTP authentication", but it might be more useful in the long run. >> We'll need the browser people to start any such effort. > > Fully agree. We really need to hear from both browser people and web application developers. No point in designing something really secure if the people in google/amazon/BOA then say "no, we'll never use that" > >> >> Gruesse, Carsten >> >> PS.: And I'd still like to have some better form of authentication for machine-to-machine that can be independent from the TLS envelope. But that is a completely different animal. >> >> _______________________________________________ >> websec mailing list >> websec@ietf.org >> https://www.ietf.org/mailman/listinfo/websec >> >> Scanned by Check Point Total Security Gateway. > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag From stephen.farrell@cs.tcd.ie Mon Dec 13 08:26:23 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BAEEF28C0EB; Mon, 13 Dec 2010 08:26:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.92 X-Spam-Level: X-Spam-Status: No, score=-102.92 tagged_above=-999 required=5 tests=[AWL=-0.321, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GenWsWd3UXQt; Mon, 13 Dec 2010 08:26:22 -0800 (PST) Received: from scss.tcd.ie (hermes.cs.tcd.ie [IPv6:2001:770:10:200:21b:21ff:fe3a:3d50]) by core3.amsl.com (Postfix) with ESMTP id 97C7928C0E4; Mon, 13 Dec 2010 08:26:21 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id A543B3E4085; Mon, 13 Dec 2010 16:27:57 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1292257677; bh=HCYv6SVCbK/mWU EQJ47mphEfnzFt3orCKv2wm9INpJQ=; b=5IBjge4QgvgHh/O6ShSCEI4oAiqKGd ow1F57O4CiYpH5xRXPDWceKgysuDJHqHvylHMvjenSGIXEOIPqvHOGnjKrFWuax7 vdsyRGAkUv+QnEJKBxqLfvI+uLEFzu7FKkEBgsCi36ggSoo5h1XX5iKAa9ztgjlq P8UQwBEXQdAIF/lTJL1X4orlzYZ5kxBslSvsPDhNVFfa5WptpALb3erDzpSDzB6g P+vrDvPTBbb5W8Qg9CceYj96b0MZtQIw+uwGsVcYAWzxB8Qt1kUFWkX5yw1sC+lZ ayuZbY2MA3ByxLLyOduxdqxJ6PqD2K2nBp8aqTOaFRpIj6PPG+OkVHmA== X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id 83sppVZ2xSd0; Mon, 13 Dec 2010 16:27:57 +0000 (GMT) Received: from [134.226.36.137] (stephen-samy.dsg.cs.tcd.ie [134.226.36.137]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 66E163E4077; Mon, 13 Dec 2010 16:27:56 +0000 (GMT) Message-ID: <4D06498B.4070900@cs.tcd.ie> Date: Mon, 13 Dec 2010 16:27:55 +0000 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: Yoav Nir References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <2230EA03-32C5-4D34-BC6B-304E813BE3A7@gbiv.com> <4D056D83.2020704@extendedsubset.com> <4D062CA2.8040402@gmail.com> <1D87D846-45C8-40EC-A0B9-96D61E5F6E65@checkpoint.com> In-Reply-To: <1D87D846-45C8-40EC-A0B9-96D61E5F6E65@checkpoint.com> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: websec , Marsh Ray , "http-auth@ietf.org" , "saag@ietf.org" , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [http-auth] [websec] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 16:26:23 -0000 On 13/12/10 15:29, Yoav Nir wrote: > * A possible solution to the first problem would be to issue > multiple certificates for use in phone, laptop and desktop. But > this makes the management of all these certificates even more > complicated, and increases the attack surface. Just a random thought. What if there were a standard way for web server apps to bind together different client public keys? E.g. start at home, with TLS mutual auth somehow, then go to the standard "bind new device" button which returns a shortish URL that the user can cut'n'paste to a 2nd device, also using TLS mutual auth, but with the key pair from that 2nd device. Then the server could associate a set of client public keys with the same account. (The URL could probably also be made only usable on that server as well via some server-side symmetric crypto maybe.) Probably has holes galore, (and/or was tried a decade ago;-) but at least the browsers could work as-is. Well, as-is if you assume people had a way to generate and manage key pairs easily in their various browsers. Regardless of the above, I think that if there were a usable way to do TLS mutual auth that was unencumbered and worked well, (including tackling portability), that'd be great, and even if the probability of failing is high, trying for that is maybe worth a shot. S. From stpeter@stpeter.im Mon Dec 13 09:54:09 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 98D6A28C0E9 for ; Mon, 13 Dec 2010 09:54:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.781 X-Spam-Level: X-Spam-Status: No, score=-102.781 tagged_above=-999 required=5 tests=[AWL=-0.182, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l5MjvPkL0LmE for ; Mon, 13 Dec 2010 09:54:08 -0800 (PST) Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id 7CEFA28C0DF for ; Mon, 13 Dec 2010 09:54:08 -0800 (PST) Received: from dhcp-64-101-72-234.cisco.com (dhcp-64-101-72-234.cisco.com [64.101.72.234]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id AC9AB400F6 for ; Mon, 13 Dec 2010 11:08:05 -0700 (MST) Message-ID: <4D065E24.20302@stpeter.im> Date: Mon, 13 Dec 2010 10:55:48 -0700 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: saag@ietf.org X-Enigmail-Version: 1.1.1 OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms060704030700090403090703" Subject: [saag] HTTP auth discussions X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 17:54:09 -0000 This is a cryptographically signed message in MIME format. --------------ms060704030700090403090703 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Folks, if you're interested in the topic of HTTP auth, please don't copy SAAG on your messages but instead join the http-auth list: https://www.ietf.org/mailman/listinfo/http-auth Sorry about the noise! Peter --=20 Peter Saint-Andre https://stpeter.im/ --------------ms060704030700090403090703 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIITzjCC BjQwggQcoAMCAQICASMwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoT DVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp Z25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3 MTAyNDIxMDMzM1oXDTE3MTAyNDIxMDMzM1owgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1T dGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWdu aW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAzIFByaW1hcnkgSW50ZXJtZWRpYXRlIENs aWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALmjSW4SPiDKlAinvVeL ZOVfItiuP1aRHL530E7QUc9icCwL33+PH+Js1HAh8CgWFl34sOxx1FJyS/C4VLPRsqDfP72j tzCVUAL0DAxZ7wgzQvFz7x61jGxfhYhqYb1+PPOLkYBbkRIrPMg3dLEdKmXIYJYXDH+mB/V/ jLo73/Kb7h/rNoNg/oHHSv5Jolyvp5IY2btfcTBfW/telEFj5rDTX2juTvZ3Qhf3XQX5ca3Q 7A10zrUV/cWJOJ7F5RltbEIaboZmX5JBUb3FhUiAdBotehAX6DbDOuYoJtVxmGof6GuVGcPo 98K4TJf8FHo+UA9EOVDp/W7fCqKT4sXk/XkCAwEAAaOCAa0wggGpMA8GA1UdEwEB/wQFMAMB Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7iZySlyShhEcCy3T8LvSs3DLl8zAfBgNV HSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRaMFgwJwYIKwYBBQUH MAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYhaHR0cDovL3d3 dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6Ly93d3cu c3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20v c2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0 dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQELBQADggIBAGpd SbdLFMhirxK37V4gE00+uW74UdAXtDgQI3AsRZWtaRtKHgAxFBSteqz4kDkeAjH/1b+K8tQR 6cxSI2nho7qOaPW/UpzOfSS/MeKK/9vfM2lfs+uItXH7LWtvS9wD1erfH1a+BXHCrCp4LA1l fADDhRIiGTSS3i0Zu5xV3INNRHrCCCl6patltQ8RZTqzDMri7ombgIxjN51Zo7xV77EZcThV 0GA8iIN+7T53uHhUJpjfLIztHs/69OclRvHux9hCflfOm7GY5Sc4nqjfES+5XPArGGWiQSEk ez37QfXqsxO3oCHK4b3DFZysG4uyOuC/WL80ab3muQ3tgwjBhq0D3JZN5kvu5gSuNZPa1WrV hEgXkd6C7s5stqB6/htVpshG08jRz9DEutGM9oKQ1ncTivbfPNx7pILoHWvvT7N5i/puVoNu bPUmLXh/2wA6wzAzuuoONiIL14Xpw6jLSnqpaLWElo2yTIFZ/CU/nCvvpW1Dj1457P3Ci9bD 0RPkWSR+CuucpgxrEmaw4UOLxflzuYYaq1RJwygOO5K0s2bAWOcXpgteyUOnQ3d/EjJAWRri 2v0ubiq+4H3KUOMlbznlPAY/1T8YyyJPM88+Ueahe/AW1zoUwZayNcTnuM7cq6yBV8Wr3GOI LFXhtT0UVuJLChPMJKVKVsa7qNorlLkMMIIGxzCCBa+gAwIBAgICAIswDQYJKoZIhvcNAQEF BQAwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJT ZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD bGFzcyAzIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0xMDEwMTQwMTM2MzRa Fw0xMjEwMTQxMjAxMDdaMIHAMSAwHgYDVQQNExcyNzQ1ODEtOU5YMDRxeExEYjBvNDY5VDEL MAkGA1UEBhMCVVMxETAPBgNVBAgTCENvbG9yYWRvMQ8wDQYDVQQHEwZEZW52ZXIxLDAqBgNV BAsTI1N0YXJ0Q29tIFRydXN0ZWQgQ2VydGlmaWNhdGUgTWVtYmVyMRowGAYDVQQDExFQZXRl ciBTYWludC1BbmRyZTEhMB8GCSqGSIb3DQEJARYSc3RwZXRlckBzdHBldGVyLmltMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuERvnrkpQTx9wbJfgxbNKEYvt0IilecZRUM6 wrbCzIUPCocuYhaAJcQoqIyHaKybPQ7f+DIGIAolAa3dHnNdlsXP2smTft/ZNpj10PIG5bil NAqLUYwmLJaEaqY7BMW8423U3blW43/luLJk/Pq4OsWcw7AK3LeVh1U/HOgqhin26N3h72X1 nbLEpZFrgcp8egmWtXLCbLBDMqUK3j6wjLldni79muzYEVqU0A5GqSeb8Wc4kIx8VI5yL24J KzinG2iVRP5ZDEbOZETzBXJabUsV56XSxqPG9DK6ke+ybCiL/wKV1HFqdtFB1y25lfvHgOP2 gyEApBKEDNjgLmKyyQIDAQABo4IC+zCCAvcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYD VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBS2EW2iNB+g0EibKJLBdv8I eLovVDAfBgNVHSMEGDAWgBR7iZySlyShhEcCy3T8LvSs3DLl8zAdBgNVHREEFjAUgRJzdHBl dGVyQHN0cGV0ZXIuaW0wggFCBgNVHSAEggE5MIIBNTCCATEGCysGAQQBgbU3AQICMIIBIDAu BggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEF BQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRlLnBkZjCBtwYIKwYB BQUHAgIwgaowFBYNU3RhcnRDb20gTHRkLjADAgEBGoGRTGltaXRlZCBMaWFiaWxpdHksIHNl ZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2YgdGhlIFN0YXJ0Q29tIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFpbGFibGUgYXQgaHR0cDovL3d3dy5zdGFydHNz bC5jb20vcG9saWN5LnBkZjBjBgNVHR8EXDBaMCugKaAnhiVodHRwOi8vd3d3LnN0YXJ0c3Ns LmNvbS9jcnR1My1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnR1 My1jcmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5z dGFydHNzbC5jb20vc3ViL2NsYXNzMy9jbGllbnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczMuY2xpZW50LmNhLmNydDAjBgNVHRIE HDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQEFBQADggEBADVtbXJG tKAr55xc/OUM546gXUybI72Bank0w739Mv+9BBNtq9rMEvCnLmSKhBi76c1mdXh6zXs8RQDo 6nR/aPabE3llF2T4z80smi9jfnl3y9dpu9TcgDoqDLZ7a2lBlW656XAAQzHjvLp2MC7/mxlg PYH2axa+q40mAYM20GbNsAEGbWQT1IqIh0BcLLsgbaMJHbyG/57zd9JLyMX3Vry1L1fJRQr3 GeLxMV5RtxN+mBgxrwFz/cOc09COiFExlsHgekpB5O43gqsAU16MXypyoSt4MrSfKTMHIGx6 2RF/M6vqUlvhi28gk2ZUvQ/+OX5+gjcZyooEzAAn4RuOKNswggbHMIIFr6ADAgECAgIAizAN BgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4x KzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMT L1N0YXJ0Q29tIENsYXNzIDMgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBMB4XDTEw MTAxNDAxMzYzNFoXDTEyMTAxNDEyMDEwN1owgcAxIDAeBgNVBA0TFzI3NDU4MS05TlgwNHF4 TERiMG80NjlUMQswCQYDVQQGEwJVUzERMA8GA1UECBMIQ29sb3JhZG8xDzANBgNVBAcTBkRl bnZlcjEsMCoGA1UECxMjU3RhcnRDb20gVHJ1c3RlZCBDZXJ0aWZpY2F0ZSBNZW1iZXIxGjAY BgNVBAMTEVBldGVyIFNhaW50LUFuZHJlMSEwHwYJKoZIhvcNAQkBFhJzdHBldGVyQHN0cGV0 ZXIuaW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4RG+euSlBPH3Bsl+DFs0o Ri+3QiKV5xlFQzrCtsLMhQ8Khy5iFoAlxCiojIdorJs9Dt/4MgYgCiUBrd0ec12Wxc/ayZN+ 39k2mPXQ8gbluKU0CotRjCYsloRqpjsExbzjbdTduVbjf+W4smT8+rg6xZzDsArct5WHVT8c 6CqGKfbo3eHvZfWdssSlkWuBynx6CZa1csJssEMypQrePrCMuV2eLv2a7NgRWpTQDkapJ5vx ZziQjHxUjnIvbgkrOKcbaJVE/lkMRs5kRPMFclptSxXnpdLGo8b0MrqR77JsKIv/ApXUcWp2 0UHXLbmV+8eA4/aDIQCkEoQM2OAuYrLJAgMBAAGjggL7MIIC9zAJBgNVHRMEAjAAMAsGA1Ud DwQEAwIEsDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYEFLYRbaI0 H6DQSJsoksF2/wh4ui9UMB8GA1UdIwQYMBaAFHuJnJKXJKGERwLLdPwu9KzcMuXzMB0GA1Ud EQQWMBSBEnN0cGV0ZXJAc3RwZXRlci5pbTCCAUIGA1UdIASCATkwggE1MIIBMQYLKwYBBAGB tTcBAgIwggEgMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3ku cGRmMDQGCCsGAQUFBwIBFihodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9pbnRlcm1lZGlhdGUu cGRmMIG3BggrBgEFBQcCAjCBqjAUFg1TdGFydENvbSBMdGQuMAMCAQEagZFMaW1pdGVkIExp YWJpbGl0eSwgc2VlIHNlY3Rpb24gKkxlZ2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRD b20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8v d3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMGMGA1UdHwRcMFowK6ApoCeGJWh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL2NydHUzLWNybC5jcmwwK6ApoCeGJWh0dHA6Ly9jcmwuc3RhcnRz c2wuY29tL2NydHUzLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYBBQUHMAGGLWh0 dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MzL2NsaWVudC9jYTBCBggrBgEFBQcw AoY2aHR0cDovL3d3dy5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMy5jbGllbnQuY2Eu Y3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF AAOCAQEANW1tcka0oCvnnFz85QznjqBdTJsjvYFqeTTDvf0y/70EE22r2swS8KcuZIqEGLvp zWZ1eHrNezxFAOjqdH9o9psTeWUXZPjPzSyaL2N+eXfL12m71NyAOioMtntraUGVbrnpcABD MeO8unYwLv+bGWA9gfZrFr6rjSYBgzbQZs2wAQZtZBPUioiHQFwsuyBtowkdvIb/nvN30kvI xfdWvLUvV8lFCvcZ4vExXlG3E36YGDGvAXP9w5zT0I6IUTGWweB6SkHk7jeCqwBTXoxfKnKh K3gytJ8pMwcgbHrZEX8zq+pSW+GLbyCTZlS9D/45fn6CNxnKigTMACfhG44o2zGCA80wggPJ AgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UE CxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRD b20gQ2xhc3MgMyBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAgCLMAkGBSsOAwIa BQCgggIOMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEwMTIx MzE3NTU0OFowIwYJKoZIhvcNAQkEMRYEFO1mbbbMbEF96LgJTlwpqqiqZD1HMF8GCSqGSIb3 DQEJDzFSMFAwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggq hkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBpAYJKwYBBAGCNxAEMYGWMIGT MIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2Vj dXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh c3MgMyBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAgCLMIGmBgsqhkiG9w0BCRAC CzGBlqCBkzCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNV BAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0 Q29tIENsYXNzIDMgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgIAizANBgkqhkiG 9w0BAQEFAASCAQA4bV3hql0F1Viy7aPgsnwTGfleJHJBmT2rPKz3LoFeKff1eZVYG4O8msUm 7wplz/b6jdXHA91o7SKZj1chmFaodJsUg2NcPL3fbZCDRu97wrOEySWDVUb+RK+7W5ttwNWv hpgJpUbRFLN6mSpxLYgOXKBQIJm1lABmf7zyJvkOV7szkSZYWPvq6FvrZnq0E8QdncQzK02W 6b+xnoe7agLKDua78lA1N8R615FtYbgixj1DwuKsWQoLG5rBiK//wysCNhIg/SMsDeRJE0F+ I6XT+vyFFFW78QVjm0uDKQA8valLsh7XGGRrquK6zcmkV+A4BfRk5WhFYvCBQytfu8kYAAAA AAAA --------------ms060704030700090403090703-- From rbarnes@bbn.com Mon Dec 13 12:16:59 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E1D7F28C116; Mon, 13 Dec 2010 12:16:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zTdtTJuy9Va1; Mon, 13 Dec 2010 12:16:59 -0800 (PST) Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id 01F7E28C0EB; Mon, 13 Dec 2010 12:16:59 -0800 (PST) Received: from ros-dhcp192-1-51-22.bbn.com ([192.1.51.22]:64933) by smtp.bbn.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.71 (FreeBSD)) (envelope-from ) id 1PSEqx-000PO3-CZ; Mon, 13 Dec 2010 15:18:35 -0500 Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: text/plain; charset=us-ascii From: "Richard L. Barnes" In-Reply-To: <4D06498B.4070900@cs.tcd.ie> Date: Mon, 13 Dec 2010 15:18:33 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <2230EA03-32C5-4D34-BC6B-304E813BE3A7@gbiv.com> <4D056D83.2020704@extendedsubset.com> <4D062CA2.8040402@gmail.com> <1D87D846-45C8-40EC-A0B9-96D61E5F6E65@checkpoint.com> <4D06498B.4070900@cs.tcd.ie> To: Stephen Farrell X-Mailer: Apple Mail (2.1082) Cc: websec , Marsh Ray , "http-auth@ietf.org" , "ietf-http-wg@w3.org Group" , "saag@ietf.org" Subject: Re: [saag] [http-auth] [websec] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 20:17:00 -0000 Actually, sounds like it might be a handy usage of OAuth. The whole = point of that protocol is to delegate user authorizations. This is just = the case where the user is delegating his entire set of authorizations = to another instance of himself. --Richard On Dec 13, 2010, at 11:27 AM, Stephen Farrell wrote: >=20 >=20 > On 13/12/10 15:29, Yoav Nir wrote: >=20 >> * A possible solution to the first problem would be to issue >> multiple certificates for use in phone, laptop and desktop. But >> this makes the management of all these certificates even more >> complicated, and increases the attack surface. >=20 > Just a random thought. What if there were a standard way for web = server > apps to bind together different client public keys? E.g. start at = home, > with TLS mutual auth somehow, then go to the standard "bind new = device" > button which returns a shortish URL that the user can cut'n'paste to > a 2nd device, also using TLS mutual auth, but with the key pair from > that 2nd device. Then the server could associate a set of client = public > keys with the same account. (The URL could probably also be made only > usable on that server as well via some server-side symmetric crypto > maybe.) >=20 > Probably has holes galore, (and/or was tried a decade ago;-) but at > least the browsers could work as-is. Well, as-is if you assume people > had a way to generate and manage key pairs easily in their various > browsers. >=20 > Regardless of the above, I think that if there were a usable way to > do TLS mutual auth that was unencumbered and worked well, (including > tackling portability), that'd be great, and even if the probability > of failing is high, trying for that is maybe worth a shot. >=20 > S. > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag From mnot@mnot.net Fri Dec 10 15:04:36 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1EDF328C171; Fri, 10 Dec 2010 15:04:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.583 X-Spam-Level: X-Spam-Status: No, score=-104.583 tagged_above=-999 required=5 tests=[AWL=-1.984, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O9qujG0fX4XH; Fri, 10 Dec 2010 15:04:35 -0800 (PST) Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) by core3.amsl.com (Postfix) with ESMTP id 9199D28C170; Fri, 10 Dec 2010 15:04:34 -0800 (PST) Received: from chancetrain-lm.mnot.net (unknown [118.209.2.20]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id B455722E1EB; Fri, 10 Dec 2010 18:06:03 -0500 (EST) Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: text/plain; charset=us-ascii From: Mark Nottingham In-Reply-To: <4D02AF81.6000907@stpeter.im> Date: Sat, 11 Dec 2010 10:06:00 +1100 Content-Transfer-Encoding: quoted-printable Message-Id: <52E9BD81-E64B-47DA-83FC-C820B15D8B18@mnot.net> References: <4D02AF81.6000907@stpeter.im> To: Peter Saint-Andre X-Mailer: Apple Mail (2.1082) X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "apps-discuss@ietf.org" , websec@ietf.org, "kitten@ietf.org" , http-auth@ietf.org, saag@ietf.org, "ietf-http-wg@w3.org Group" Subject: Re: [saag] [apps-discuss] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Dec 2010 23:04:36 -0000 There was a very well-attended and wide-ranging bar BoF in Vancouver, = and lots of background discussion (/noise). My impression at that point was that the use cases that people wanted to = put into scope were so diverse, and the requirements so exacting, that = it was a non-starter.=20 That may still be the case, and I think that without a concrete target, = starting the discussion again will ultimately just waste a lot of = engineer hours*. Having said that -- since we now have OAuth shaving off some of those = use cases, it may be that a purely browsing-focused authentication = mechanism might be able to get traction, provided we can get browser = vendors on board (naturally). I'd expect them to instigate this, = however. Cheers, * Waste, of course, is subjective. A cynical person would think that the = opportunity cost of having a bunch of standards people working on = something non-productive could, in the end, be a useful diversion. = However, I'm not that person, because I'm not thinking it, I'm saying = it. But I digress. On 11/12/2010, at 9:53 AM, Peter Saint-Andre wrote: > Is it time to start thinking about next-generation authentication > technologies for HTTP? >=20 > We all know that BASIC and DIGEST are ancient and crufty and lacking > many features and security properties we might want, but there hasn't > been much discussion about more modern approaches. Here are a few = things > I've found: >=20 > 1. Way back in 2001, Keith Burdis wrote an I-D about upgrading to SASL > within HTTP: http://tools.ietf.org/id/draft-burdis-http-sasl-00.txt >=20 > 2. In 2007, Robert Sayre put together a few slides on the topic: > http://people.mozilla.com/~sayrer/2007/auth.html >=20 > 3. Yutaka Oiwa and his colleagues have been working on a protocol for > mutual auth: http://tools.ietf.org/html/draft-oiwa-http-mutualauth-08 >=20 > Other than that, I'm not aware of much activity. What have I missed? > Does it make sense to perhaps hold an exploratory BoF at the next IETF > meeting (Prague, March 2011) to get people thinking about this topic? >=20 > If you're interested, please discuss on the http-auth@ietf.org list: >=20 > https://www.ietf.org/mailman/listinfo/http-auth >=20 > Thanks! >=20 > Peter >=20 > --=20 > Peter Saint-Andre > https://stpeter.im/ >=20 >=20 >=20 > _______________________________________________ > apps-discuss mailing list > apps-discuss@ietf.org > https://www.ietf.org/mailman/listinfo/apps-discuss -- Mark Nottingham http://www.mnot.net/ From marsh@extendedsubset.com Fri Dec 10 15:52:59 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4C52628C16B; Fri, 10 Dec 2010 15:52:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.59 X-Spam-Level: X-Spam-Status: No, score=-2.59 tagged_above=-999 required=5 tests=[AWL=0.009, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3T0nlJOeG43h; Fri, 10 Dec 2010 15:52:58 -0800 (PST) Received: from mho-02-ewr.mailhop.org (mho-02-ewr.mailhop.org [204.13.248.72]) by core3.amsl.com (Postfix) with ESMTP id 6FEB928C13D; Fri, 10 Dec 2010 15:52:58 -0800 (PST) Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-02-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from ) id 1PRCnG-0007jy-Mx; Fri, 10 Dec 2010 23:54:30 +0000 Received: from [192.168.1.15] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id BC33060C7; Fri, 10 Dec 2010 23:54:28 +0000 (UTC) X-Mail-Handler: MailHop Outbound by DynDNS X-Originating-IP: 69.164.193.58 X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information) X-MHO-User: U2FsdGVkX1/98GPaWAVDLHrWGRfLI2yC8jrjm0RWGOw= Message-ID: <4D02BDB3.7060801@extendedsubset.com> Date: Fri, 10 Dec 2010 17:54:27 -0600 From: Marsh Ray User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.15) Gecko/20101027 Thunderbird/3.0.10 MIME-Version: 1.0 To: Peter Saint-Andre References: <4D02AF81.6000907@stpeter.im> In-Reply-To: <4D02AF81.6000907@stpeter.im> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "apps-discuss@ietf.org" , websec@ietf.org, "kitten@ietf.org" , http-auth@ietf.org, saag@ietf.org, "ietf-http-wg@w3.org Group" Subject: Re: [saag] [websec] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Dec 2010 23:52:59 -0000 On 12/10/2010 04:53 PM, Peter Saint-Andre wrote: > Is it time to start thinking about next-generation authentication > technologies for HTTP? No? :-) IMHO, authentication just doesn't belong at the HTTP layer. HTTP is inherently bad at being stateful. Stateless interfaces can be fantastic, but it doesn't support the "login session" concept that most people have in mind when they talk about authentication. Unless you're properly using TLS, you have no reason to believe that the byte you just received is from the same party as the previous byte you received. So under those circumstances, what exactly are you authenticating, and to whom? I use a lot of web sites and none of them do authentication via HTTP. Every single one of them expects a username/password via HTTP(s) POST variables and returns a cookie of varying duration. But what could we possibly do for a stateless, unMACed protocol like HTTP, except integrate and bind it better with a lower layer providing real integrity? I think what the world needs are ways for web apps (literally, the Ruby code) to easily work with the strongly-authenticated identities which are supported at the TLS layer. TLS already supports "sessions" and "client authentication", but for whatever reasons they're not being utilized. We should make using those facilities as easy for web developers as doing cookie-based logins. Improving the "authentication" for a protocol lacking basic message integrity would just be giving a false sense of security. It's like improving the login authentication for telnet or FTP sessions. But I do think there are lots of improvements waiting to be made in the right directions. - Marsh From ynir@checkpoint.com Sat Dec 11 15:08:58 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CB2943A6CC6; Sat, 11 Dec 2010 15:08:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.31 X-Spam-Level: X-Spam-Status: No, score=-9.31 tagged_above=-999 required=5 tests=[AWL=1.289, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bNfpvjyZj955; Sat, 11 Dec 2010 15:08:57 -0800 (PST) Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by core3.amsl.com (Postfix) with ESMTP id E78FF3A6CC3; Sat, 11 Dec 2010 15:08:53 -0800 (PST) X-CheckPoint: {4D0404E3-0-1B221DC2-2FFFF} Received: from il-ex01.ad.checkpoint.com (il-ex01.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id oBBNAFio001572; Sun, 12 Dec 2010 01:10:15 +0200 Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Sun, 12 Dec 2010 01:10:15 +0200 From: Yoav Nir To: Paul Hoffman , websec , Peter Saint-Andre Date: Sun, 12 Dec 2010 01:10:11 +0200 Thread-Topic: [saag] HTTP authentication: the next generation Thread-Index: AcuZiJEeUrzxMlnURUmsuTqhB7a9Ww== Message-ID: References: <4D02AF81.6000907@stpeter.im> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "apps-discuss@ietf.org" , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , Hannes Tschofenig , "ietf-http-wg@w3.org Group" Subject: Re: [saag] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Dec 2010 23:08:59 -0000 On Dec 11, 2010, at 1:09 AM, Paul Hoffman wrote: > At 3:53 PM -0700 12/10/10, Peter Saint-Andre wrote: >> Other than that, I'm not aware of much activity. What have I missed? >=20 > TLS client certificates. TLS client certificates work, but as we've learned both with the web and wi= th IPsec clients, people would much rather not use them. A few IETFs ago (C= hicago?), a bunch of us tried to push the idea of TLS with EAP authenticati= on. http://tools.ietf.org/html/draft-nir-tls-eap At the time, the TLS working group (and an AD) told us that this would cont= radict the applicability statement of EAP, so no, you cannot use EAP for an= ything other than network access.=20 Now we have the abfab working group, so I don't think this still holds. Also, I agree with Marsh, that authentication is not enough, and you need t= he rest of TLS anyway. So yes, I think that it is time to resurrect HTTP authentication. Yoav From lukeh@padl.com Sat Dec 11 17:37:09 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7C7E13A6CE2; Sat, 11 Dec 2010 17:37:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qTb5wLZeH8eU; Sat, 11 Dec 2010 17:37:05 -0800 (PST) Received: from us.padl.com (us.padl.com [216.154.215.154]) by core3.amsl.com (Postfix) with ESMTP id 55CB128C0CE; Sat, 11 Dec 2010 17:37:04 -0800 (PST) Received: by us.padl.com with ESMTP id oBC1c2GK007734; Sat, 11 Dec 2010 20:38:07 -0500 Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: text/plain; charset=us-ascii From: Luke Howard In-Reply-To: Date: Sun, 12 Dec 2010 12:38:07 +1100 Content-Transfer-Encoding: quoted-printable Message-Id: <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> References: <4D02AF81.6000907@stpeter.im> To: Yoav Nir X-Mailer: Apple Mail (2.1082) X-SMTP-Vilter-Version: 1.3.6 X-Spamd-Symbols: AWL,BAYES_00 X-SMTP-Vilter-Spam-Backend: spamd X-Spam-Threshold: 5.0 X-Spam-Probability: -0.5 X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "apps-discuss@ietf.org" , websec , Paul Hoffman , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , Hannes Tschofenig , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Dec 2010 01:37:09 -0000 On 12/12/2010, at 10:10 AM, Yoav Nir wrote: >=20 > On Dec 11, 2010, at 1:09 AM, Paul Hoffman wrote: >=20 >> At 3:53 PM -0700 12/10/10, Peter Saint-Andre wrote: >>> Other than that, I'm not aware of much activity. What have I missed? >>=20 >> TLS client certificates. >=20 > TLS client certificates work, but as we've learned both with the web = and with IPsec clients, people would much rather not use them. A few = IETFs ago (Chicago?), a bunch of us tried to push the idea of TLS with = EAP authentication. >=20 > http://tools.ietf.org/html/draft-nir-tls-eap Does draft-williams-tls-app-sasl-opt-04.txt + abfab get you the moral = equivalent? -- Luke= From yaronf.ietf@gmail.com Sat Dec 11 23:28:12 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3B39C3A6D75; Sat, 11 Dec 2010 23:28:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.954 X-Spam-Level: X-Spam-Status: No, score=-102.954 tagged_above=-999 required=5 tests=[AWL=0.645, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fiBC6E4S4MDM; Sat, 11 Dec 2010 23:28:11 -0800 (PST) Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by core3.amsl.com (Postfix) with ESMTP id 418D43A69D5; Sat, 11 Dec 2010 23:28:10 -0800 (PST) Received: by wwa36 with SMTP id 36so5250627wwa.13 for ; Sat, 11 Dec 2010 23:29:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=4BFdEbuS5k7moTIeZMWDbonXYuvqM+FTh7HK4s3ELV0=; b=R7zZPnIdBOKNp2nPeY3K2NZhjgou7tvoXebnAJFu57k1tGQrLCFj+l0rpZR0asu1S6 2w7t4qH9SMTmg+62Ci7lXDKi8KFqbb4U3GJflfE+2VX4jvyr6NhqzA/nEe0l6QNG+9wf Jf6l+cPirQMhESjYBt+yEvnELn1yt0qMx9xWw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=NUSfE1FKnrB8OjMzRVgLCWMde44hlMwveBcDaHt41pcHQnnk89wsCZhMagUfqgOjXR Zf+GPV9NVwiXT7GAOXfi4tJIs6cL5w36QmIFg5SoO9g2ZTjBOWGrcLT8iglgpe9PJHuG QjEuWGoIbHF99bjbQz2K1rmlXb6r4q6kNy5cY= Received: by 10.216.50.72 with SMTP id y50mr900755web.28.1292138984263; Sat, 11 Dec 2010 23:29:44 -0800 (PST) Received: from [10.0.0.1] (bzq-79-181-24-102.red.bezeqint.net [79.181.24.102]) by mx.google.com with ESMTPS id m10sm3466389wbc.16.2010.12.11.23.29.40 (version=SSLv3 cipher=RC4-MD5); Sat, 11 Dec 2010 23:29:42 -0800 (PST) Message-ID: <4D0479E3.4050508@gmail.com> Date: Sun, 12 Dec 2010 09:29:39 +0200 From: Yaron Sheffer User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: Luke Howard References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> In-Reply-To: <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "apps-discuss@ietf.org" , websec , Paul Hoffman , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , Hannes Tschofenig , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Dec 2010 07:28:12 -0000 Hi Luke, I am not a big fan of EAP myself (although I am a co-author on Yoav's TLS-EAP), but no, for pragmatic reasons SASL is not the moral equivalent. There is a number of EAP methods that provide zero-knowledge password based mutual authentication (i.e. password based auth that's *not* susceptible to dictionary attacks). These include (see http://www.iana.org/assignments/eap-numbers/eap-numbers.xml#eap-numbers-3): EAP-SRP-SHA1, EAP-pwd, EAP-EKE and EAP-SPEKE. As far as I can see (http://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml), SASL does not provide any equivalent method. Thanks, Yaron On 12/12/2010 03:38 AM, Luke Howard wrote: > > On 12/12/2010, at 10:10 AM, Yoav Nir wrote: > >> >> On Dec 11, 2010, at 1:09 AM, Paul Hoffman wrote: >> >>> At 3:53 PM -0700 12/10/10, Peter Saint-Andre wrote: >>>> Other than that, I'm not aware of much activity. What have I missed? >>> >>> TLS client certificates. >> >> TLS client certificates work, but as we've learned both with the web and with IPsec clients, people would much rather not use them. A few IETFs ago (Chicago?), a bunch of us tried to push the idea of TLS with EAP authentication. >> >> http://tools.ietf.org/html/draft-nir-tls-eap > > Does draft-williams-tls-app-sasl-opt-04.txt + abfab get you the moral equivalent? > > -- Luke From Josh.Howlett@ja.net Sun Dec 12 00:28:29 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BF9493A6D83; Sun, 12 Dec 2010 00:28:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.098 X-Spam-Level: X-Spam-Status: No, score=-102.098 tagged_above=-999 required=5 tests=[AWL=0.501, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uijQy4we-7Wr; Sun, 12 Dec 2010 00:28:28 -0800 (PST) Received: from har003676.ukerna.ac.uk (har003676.ukerna.ac.uk [194.82.140.75]) by core3.amsl.com (Postfix) with ESMTP id 845183A6D03; Sun, 12 Dec 2010 00:28:28 -0800 (PST) Received: from har003676.ukerna.ac.uk (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id 8D3C64A6BAA_D04880AB; Sun, 12 Dec 2010 08:30:02 +0000 (GMT) Received: from EXC001.atlas.ukerna.ac.uk (exc001.atlas.ukerna.ac.uk [193.62.83.37]) by har003676.ukerna.ac.uk (Sophos Email Appliance) with ESMTP id 3F5484A6BA3_D0487FFF; Sun, 12 Dec 2010 08:29:51 +0000 (GMT) Received: from EXC001.atlas.ukerna.ac.uk ([193.62.83.37]) by EXC001 ([193.62.83.37]) with mapi; Sun, 12 Dec 2010 08:30:08 +0000 From: Josh Howlett To: Yaron Sheffer , Luke Howard Thread-Topic: [kitten] [saag] HTTP authentication: the next generation Thread-Index: AQHLmca26Q0IJHpixEGWpmc927Vy9JOcaR2AgAAQ5U4= Date: Sun, 12 Dec 2010 08:30:07 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:25 -0800 Cc: Josh Howlett , "apps-discuss@ietf.org" , websec , Paul Hoffman , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , Hannes Tschofenig , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Dec 2010 08:28:29 -0000 AbFab is defining a GSS EAP mechanism that can encapsulate the EAP methods = you mention. This mechanism could be run over SASL-TLS using GS2. Josh. --- original message --- From: "Yaron Sheffer" Subject: Re: [kitten] [saag] HTTP authentication: the next generation Date: 12th December 2010 Time: 7:36:41 am Hi Luke, I am not a big fan of EAP myself (although I am a co-author on Yoav's TLS-EAP), but no, for pragmatic reasons SASL is not the moral equivalent. There is a number of EAP methods that provide zero-knowledge password based mutual authentication (i.e. password based auth that's *not* susceptible to dictionary attacks). These include (see http://www.iana.org/assignments/eap-numbers/eap-numbers.xml#eap-numbers-3): EAP-SRP-SHA1, EAP-pwd, EAP-EKE and EAP-SPEKE. As far as I can see (http://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml), SASL does not provide any equivalent method. Thanks, Yaron On 12/12/2010 03:38 AM, Luke Howard wrote: > > On 12/12/2010, at 10:10 AM, Yoav Nir wrote: > >> >> On Dec 11, 2010, at 1:09 AM, Paul Hoffman wrote: >> >>> At 3:53 PM -0700 12/10/10, Peter Saint-Andre wrote: >>>> Other than that, I'm not aware of much activity. What have I missed? >>> >>> TLS client certificates. >> >> TLS client certificates work, but as we've learned both with the web and= with IPsec clients, people would much rather not use them. A few IETFs ago= (Chicago?), a bunch of us tried to push the idea of TLS with EAP authentic= ation. >> >> http://tools.ietf.org/html/draft-nir-tls-eap > > Does draft-williams-tls-app-sasl-opt-04.txt + abfab get you the moral equ= ivalent? > > -- Luke _______________________________________________ Kitten mailing list Kitten@ietf.org https://www.ietf.org/mailman/listinfo/kitten JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024=20 and whose Registered Office is at Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG From ynir@checkpoint.com Sun Dec 12 00:40:02 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C62523A6D89; Sun, 12 Dec 2010 00:40:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.413 X-Spam-Level: X-Spam-Status: No, score=-9.413 tagged_above=-999 required=5 tests=[AWL=1.186, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iy4+jBAiaJoV; Sun, 12 Dec 2010 00:40:01 -0800 (PST) Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by core3.amsl.com (Postfix) with ESMTP id 0CB0E3A6D03; Sun, 12 Dec 2010 00:40:00 -0800 (PST) X-CheckPoint: {4D048ABF-0-1B221DC2-2FFFF} Received: from il-ex01.ad.checkpoint.com (il-ex01.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id oBC8fOCj014846; Sun, 12 Dec 2010 10:41:24 +0200 Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Sun, 12 Dec 2010 10:41:24 +0200 From: Yoav Nir To: "'Josh Howlett'" , Yaron Sheffer , Luke Howard Date: Sun, 12 Dec 2010 10:41:23 +0200 Thread-Topic: [kitten] [saag] HTTP authentication: the next generation Thread-Index: AQHLmca26Q0IJHpixEGWpmc927Vy9JOcaR2AgAAQ5U6AAAIIsA== Message-ID: <006FEB08D9C6444AB014105C9AEB133F012E6FCD449F@il-ex01.ad.checkpoint.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "apps-discuss@ietf.org" , websec , Paul Hoffman , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , Hannes Tschofenig , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Dec 2010 08:40:03 -0000 To quote from Abfab's charter: This working group will specify a federated identity mechanism for use by other Internet protocols not based on HTML/HTTP,=20 For just adding authentication to HTTP, I don't think it makes sense to add= federation. All kinds of services such as web mail, online gaming, and onl= ine shopping require authentication, but there's no federation involved.=20 -----Original Message----- From: Josh Howlett [mailto:Josh.Howlett@ja.net]=20 Sent: 12 December 2010 10:30 To: Yaron Sheffer; Luke Howard Cc: apps-discuss@ietf.org; pgut001@cs.auckland.ac.nz; Yoav Nir; websec; Pau= l Hoffman; kitten@ietf.org; http-auth@ietf.org; saag@ietf.org; Hannes Tscho= fenig; Josh Howlett; ietf-http-wg@w3.org Group Subject: Re: [kitten] [saag] HTTP authentication: the next generation AbFab is defining a GSS EAP mechanism that can encapsulate the EAP methods = you mention. This mechanism could be run over SASL-TLS using GS2. Josh. --- original message --- From: "Yaron Sheffer" Subject: Re: [kitten] [saag] HTTP authentication: the next generation Date: 12th December 2010 Time: 7:36:41 am Hi Luke, I am not a big fan of EAP myself (although I am a co-author on Yoav's TLS-E= AP), but no, for pragmatic reasons SASL is not the moral equivalent. There is a number of EAP methods that provide zero-knowledge password based= mutual authentication (i.e. password based auth that's *not* susceptible t= o dictionary attacks). These include (see http://www.iana.org/assignments/eap-numbers/eap-numbers.xml#eap-numbers-3): EAP-SRP-SHA1, EAP-pwd, EAP-EKE and EAP-SPEKE. As far as I can see (http://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml), SASL does not provide any equivalent method. Thanks, Yaron On 12/12/2010 03:38 AM, Luke Howard wrote: > > On 12/12/2010, at 10:10 AM, Yoav Nir wrote: > >> >> On Dec 11, 2010, at 1:09 AM, Paul Hoffman wrote: >> >>> At 3:53 PM -0700 12/10/10, Peter Saint-Andre wrote: >>>> Other than that, I'm not aware of much activity. What have I missed? >>> >>> TLS client certificates. >> >> TLS client certificates work, but as we've learned both with the web and= with IPsec clients, people would much rather not use them. A few IETFs ago= (Chicago?), a bunch of us tried to push the idea of TLS with EAP authentic= ation. >> >> http://tools.ietf.org/html/draft-nir-tls-eap > > Does draft-williams-tls-app-sasl-opt-04.txt + abfab get you the moral equ= ivalent? > > -- Luke _______________________________________________ Kitten mailing list Kitten@ietf.org https://www.ietf.org/mailman/listinfo/kitten JANET(UK) is a trading name of The JNT Association, a company limited by gu= arantee which is registered in England under No. 2881024 and whose Register= ed Office is at Lumen House, Library Avenue, Harwell Science and Innovation= Campus, Didcot, Oxfordshire. OX11 0SG Scanned by Check Point Total Security Gateway. From Josh.Howlett@ja.net Sun Dec 12 01:15:19 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C51F33A6C70; Sun, 12 Dec 2010 01:15:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.181 X-Spam-Level: X-Spam-Status: No, score=-102.181 tagged_above=-999 required=5 tests=[AWL=0.418, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aCxxAMcVq9eP; Sun, 12 Dec 2010 01:15:18 -0800 (PST) Received: from har003676.ukerna.ac.uk (har003676.ukerna.ac.uk [194.82.140.75]) by core3.amsl.com (Postfix) with ESMTP id 514483A6D8E; Sun, 12 Dec 2010 01:15:18 -0800 (PST) Received: from har003676.ukerna.ac.uk (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id F0B604A6B4E_D049304B; Sun, 12 Dec 2010 09:16:52 +0000 (GMT) Received: from EXC001.atlas.ukerna.ac.uk (exc001.atlas.ukerna.ac.uk [193.62.83.37]) by har003676.ukerna.ac.uk (Sophos Email Appliance) with ESMTP id 9E1374A6BA3_D0492F9F; Sun, 12 Dec 2010 09:16:41 +0000 (GMT) Received: from EXC001.atlas.ukerna.ac.uk ([193.62.83.37]) by EXC001 ([193.62.83.37]) with mapi; Sun, 12 Dec 2010 09:16:58 +0000 From: Josh Howlett To: Yoav Nir , Yaron Sheffer , Luke Howard Thread-Topic: [kitten] [saag] HTTP authentication: the next generation Thread-Index: AQHLmca26Q0IJHpixEGWpmc927Vy9JOcaR2AgAAQ5U6AAAIIsIAACxBo Date: Sun, 12 Dec 2010 09:16:58 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:25 -0800 Cc: Josh Howlett , "apps-discuss@ietf.org" , websec , Paul Hoffman , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , Hannes Tschofenig , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Dec 2010 09:15:19 -0000 Right, HTTP authentication is out of Abfab's scope. My point was that Abfab= is doing stuff that may nonetheless be useful for some other effort lookin= g at the problem. I agree with your observation re federation, but note that EAP authenticati= on does not imply federation. Josh. --- original message --- From: "Yoav Nir" Subject: RE: [kitten] [saag] HTTP authentication: the next generation Date: 12th December 2010 Time: 8:42:08 am To quote from Abfab's charter: This working group will specify a federated identity mechanism for use by other Internet protocols not based on HTML/HTTP, For just adding authentication to HTTP, I don't think it makes sense to add= federation. All kinds of services such as web mail, online gaming, and onl= ine shopping require authentication, but there's no federation involved. -----Original Message----- From: Josh Howlett [mailto:Josh.Howlett@ja.net] Sent: 12 December 2010 10:30 To: Yaron Sheffer; Luke Howard Cc: apps-discuss@ietf.org; pgut001@cs.auckland.ac.nz; Yoav Nir; websec; Pau= l Hoffman; kitten@ietf.org; http-auth@ietf.org; saag@ietf.org; Hannes Tscho= fenig; Josh Howlett; ietf-http-wg@w3.org Group Subject: Re: [kitten] [saag] HTTP authentication: the next generation AbFab is defining a GSS EAP mechanism that can encapsulate the EAP methods = you mention. This mechanism could be run over SASL-TLS using GS2. Josh. --- original message --- From: "Yaron Sheffer" Subject: Re: [kitten] [saag] HTTP authentication: the next generation Date: 12th December 2010 Time: 7:36:41 am Hi Luke, I am not a big fan of EAP myself (although I am a co-author on Yoav's TLS-E= AP), but no, for pragmatic reasons SASL is not the moral equivalent. There is a number of EAP methods that provide zero-knowledge password based= mutual authentication (i.e. password based auth that's *not* susceptible t= o dictionary attacks). These include (see http://www.iana.org/assignments/eap-numbers/eap-numbers.xml#eap-numbers-3): EAP-SRP-SHA1, EAP-pwd, EAP-EKE and EAP-SPEKE. As far as I can see (http://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml), SASL does not provide any equivalent method. Thanks, Yaron On 12/12/2010 03:38 AM, Luke Howard wrote: > > On 12/12/2010, at 10:10 AM, Yoav Nir wrote: > >> >> On Dec 11, 2010, at 1:09 AM, Paul Hoffman wrote: >> >>> At 3:53 PM -0700 12/10/10, Peter Saint-Andre wrote: >>>> Other than that, I'm not aware of much activity. What have I missed? >>> >>> TLS client certificates. >> >> TLS client certificates work, but as we've learned both with the web and= with IPsec clients, people would much rather not use them. A few IETFs ago= (Chicago?), a bunch of us tried to push the idea of TLS with EAP authentic= ation. >> >> http://tools.ietf.org/html/draft-nir-tls-eap > > Does draft-williams-tls-app-sasl-opt-04.txt + abfab get you the moral equ= ivalent? > > -- Luke _______________________________________________ Kitten mailing list Kitten@ietf.org https://www.ietf.org/mailman/listinfo/kitten JANET(UK) is a trading name of The JNT Association, a company limited by gu= arantee which is registered in England under No. 2881024 and whose Register= ed Office is at Lumen House, Library Avenue, Harwell Science and Innovation= Campus, Didcot, Oxfordshire. OX11 0SG Scanned by Check Point Total Security Gateway. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024=20 and whose Registered Office is at Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG From alexey.melnikov@isode.com Sun Dec 12 06:09:09 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C9AFD3A6DC1; Sun, 12 Dec 2010 06:09:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.804 X-Spam-Level: X-Spam-Status: No, score=-102.804 tagged_above=-999 required=5 tests=[AWL=-0.205, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7RKNwzBRmOBT; Sun, 12 Dec 2010 06:09:08 -0800 (PST) Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by core3.amsl.com (Postfix) with ESMTP id ED60D3A6DBE; Sun, 12 Dec 2010 06:09:07 -0800 (PST) Received: from [192.168.0.102] ((unknown) [109.73.6.25]) by rufus.isode.com (submission channel) via TCP with ESMTPA id ; Sun, 12 Dec 2010 14:10:42 +0000 X-SMTP-Protocol-Errors: NORDNS Message-ID: <4D04D7D6.4090105@isode.com> Date: Sun, 12 Dec 2010 17:10:30 +0300 From: Alexey Melnikov User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: en-us, en To: Yaron Sheffer References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> In-Reply-To: <4D0479E3.4050508@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "apps-discuss@ietf.org" , websec , Paul Hoffman , "kitten@ietf.org" , "http-auth@ietf.org" , Luke Howard , "saag@ietf.org" , Hannes Tschofenig , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Dec 2010 14:09:10 -0000 Yaron Sheffer wrote: > Hi Luke, > > I am not a big fan of EAP myself (although I am a co-author on Yoav's > TLS-EAP), but no, for pragmatic reasons SASL is not the moral equivalent. > > There is a number of EAP methods that provide zero-knowledge password > based mutual authentication (i.e. password based auth that's *not* > susceptible to dictionary attacks). These include (see > http://www.iana.org/assignments/eap-numbers/eap-numbers.xml#eap-numbers-3): > EAP-SRP-SHA1, EAP-pwd, EAP-EKE and EAP-SPEKE. > > As far as I can see > (http://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml), > SASL does not provide any equivalent method. There is an expired SASL SRP draft, which can be revived, if needed. > Thanks, > Yaron > > On 12/12/2010 03:38 AM, Luke Howard wrote: > >> On 12/12/2010, at 10:10 AM, Yoav Nir wrote: >> >>> On Dec 11, 2010, at 1:09 AM, Paul Hoffman wrote: >>> >>>> At 3:53 PM -0700 12/10/10, Peter Saint-Andre wrote: >>>> >>>>> Other than that, I'm not aware of much activity. What have I missed? >>>> >>>> >>>> TLS client certificates. >>> >>> >>> TLS client certificates work, but as we've learned both with the web >>> and with IPsec clients, people would much rather not use them. A few >>> IETFs ago (Chicago?), a bunch of us tried to push the idea of TLS >>> with EAP authentication. >>> >>> http://tools.ietf.org/html/draft-nir-tls-eap >> >> >> Does draft-williams-tls-app-sasl-opt-04.txt + abfab get you the moral >> equivalent? >> >> -- Luke > From lear@cisco.com Sun Dec 12 13:34:17 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 00D433A6E08; Sun, 12 Dec 2010 13:34:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -110.055 X-Spam-Level: X-Spam-Status: No, score=-110.055 tagged_above=-999 required=5 tests=[AWL=0.544, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NebqHih4IIKe; Sun, 12 Dec 2010 13:34:16 -0800 (PST) Received: from ams-iport-2.cisco.com (ams-iport-2.cisco.com [144.254.224.141]) by core3.amsl.com (Postfix) with ESMTP id 3D5EE3A6D47; Sun, 12 Dec 2010 13:34:15 -0800 (PST) Authentication-Results: ams-iport-2.cisco.com; dkim=neutral (message not signed) header.i=none X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AmAEAIjPBE2Q/khLgWdsb2JhbACDXKAqFQEBFiIppWmKSY9SgSGDNXQEink X-IronPort-AV: E=Sophos;i="4.59,333,1288569600"; d="scan'208";a="15112279" Received: from ams-core-2.cisco.com ([144.254.72.75]) by ams-iport-2.cisco.com with ESMTP; 12 Dec 2010 21:35:51 +0000 Received: from ams3-vpn-dhcp4641.cisco.com (ams3-vpn-dhcp4641.cisco.com [10.61.82.32]) by ams-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id oBCLZoMB011735; Sun, 12 Dec 2010 21:35:50 GMT Message-ID: <4D054041.7010203@cisco.com> Date: Sun, 12 Dec 2010 22:36:01 +0100 From: Eliot Lear User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12) Gecko/20101027 Lightning/1.0b2 Thunderbird/3.1.6 MIME-Version: 1.0 To: Alexey Melnikov References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> In-Reply-To: <4D051731.1020400@isode.com> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:25 -0800 Cc: "apps-discuss@ietf.org" , websec , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [apps-discuss] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Dec 2010 21:34:17 -0000 Why settle for one? On 12/12/10 7:40 PM, Alexey Melnikov wrote: > Yoav Nir wrote: > >> EAP has one advantage. It is easy to integrate with existing >> RADIUS/DIAMETER infrastructure. >> > True. > And SASL has an advantage that it is easier to integrate with LDAP > infrastructure. > > I think this just demonstrates that before an HTTP authentication > mechanism can be evaluated, people need to agree on a common > evaluation criteria for HTTP authentication. > > _______________________________________________ > apps-discuss mailing list > apps-discuss@ietf.org > https://www.ietf.org/mailman/listinfo/apps-discuss > From fielding@gbiv.com Sun Dec 12 14:37:48 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EA2483A6DFA; Sun, 12 Dec 2010 14:37:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.908 X-Spam-Level: X-Spam-Status: No, score=-102.908 tagged_above=-999 required=5 tests=[AWL=-0.309, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5F7DPk-i9+xg; Sun, 12 Dec 2010 14:37:48 -0800 (PST) Received: from homiemail-a73.g.dreamhost.com (caiajhbdcaib.dreamhost.com [208.97.132.81]) by core3.amsl.com (Postfix) with ESMTP id E3FE33A6CCA; Sun, 12 Dec 2010 14:37:47 -0800 (PST) Received: from homiemail-a73.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a73.g.dreamhost.com (Postfix) with ESMTP id 765EE1F0069; Sun, 12 Dec 2010 14:39:24 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gbiv.com; h=subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to; q=dns; s=gbiv.com; b=FYJb5G/ckuimNYH2 EAMF3uuc/bmghPYH8ir/SmwsMldYFoE+q6MzaGFSbJI9RRh/KECrXuBVc6f27dDE yhWSaZliwtQsnTI1hlclvSpj7YkVT+8KdfyzMKny2yqtt3roZAfNF7h3tWfvOKEl SiiYD3rxArbXfIIhT3q52pL2QAA= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gbiv.com; h=subject :mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=gbiv.com; bh=AY54s7iPVjMmfy217h64SJv5wQw=; b=cyn7LDvPTexWvZcI80dZLqHSlJG2 E1gBEKD8jFcSwDbV5YdfvdzZHIXMaoq+R3IN+Ssx1HqjKORiTU7yYahe0XDvqbAM /XzSPPuTPFS5TVncRhVYQ6NaMqT4zN462bWQbXkR52lqQjt4FoIDFAeLLne3QyTS +587nIlVypmcR3A= Received: from [192.168.1.66] (99-21-208-82.lightspeed.irvnca.sbcglobal.net [99.21.208.82]) (Authenticated sender: fielding@gbiv.com) by homiemail-a73.g.dreamhost.com (Postfix) with ESMTPA id 01E541F0065; Sun, 12 Dec 2010 14:39:23 -0800 (PST) Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: text/plain; charset=us-ascii From: "Roy T. Fielding" In-Reply-To: <4D051731.1020400@isode.com> Date: Sun, 12 Dec 2010 14:39:23 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: <2230EA03-32C5-4D34-BC6B-304E813BE3A7@gbiv.com> References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> To: Alexey Melnikov X-Mailer: Apple Mail (2.1082) X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "apps-discuss@ietf.org" , websec , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Dec 2010 22:37:49 -0000 On Dec 12, 2010, at 10:40 AM, Alexey Melnikov wrote: > Yoav Nir wrote: >=20 >> EAP has one advantage. It is easy to integrate with existing = RADIUS/DIAMETER infrastructure. >>=20 > True. > And SASL has an advantage that it is easier to integrate with LDAP = infrastructure. >=20 > I think this just demonstrates that before an HTTP authentication = mechanism can be evaluated, people need to agree on a common evaluation = criteria for HTTP authentication. Define them all and let's have a bake-off. It has been 16 years since HTTP auth was taken out of our hands so that the security experts could define something perfect. Zero progress so far. We should just define everything and let the security experts do what they do best -- find the holes and tell us what not to implement. ....Roy= From lear@cisco.com Mon Dec 13 03:28:02 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C92723A6E8A; Mon, 13 Dec 2010 03:28:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -110.104 X-Spam-Level: X-Spam-Status: No, score=-110.104 tagged_above=-999 required=5 tests=[AWL=0.495, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O6ZgrQY9HnNt; Mon, 13 Dec 2010 03:28:01 -0800 (PST) Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by core3.amsl.com (Postfix) with ESMTP id 299D23A6D9A; Mon, 13 Dec 2010 03:28:00 -0800 (PST) Authentication-Results: ams-iport-1.cisco.com; dkim=neutral (message not signed) header.i=none X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApkEABmSBU2Q/khNgWdsb2JhbACDXKAgFQEBFiIppjSKSZAggSGDNXQEink X-IronPort-AV: E=Sophos;i="4.59,335,1288569600"; d="scan'208";a="71514783" Received: from ams-core-4.cisco.com ([144.254.72.77]) by ams-iport-1.cisco.com with ESMTP; 13 Dec 2010 11:29:37 +0000 Received: from dhcp-10-61-107-163.cisco.com (dhcp-10-61-107-163.cisco.com [10.61.107.163]) by ams-core-4.cisco.com (8.14.3/8.14.3) with ESMTP id oBDBTack011491; Mon, 13 Dec 2010 11:29:36 GMT Message-ID: <4D0603AA.7000004@cisco.com> Date: Mon, 13 Dec 2010 12:29:46 +0100 From: Eliot Lear User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12) Gecko/20101027 Lightning/1.0b2 Thunderbird/3.1.6 MIME-Version: 1.0 To: Yoav Nir References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> In-Reply-To: <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:25 -0800 Cc: "apps-discuss@ietf.org" , websec , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [apps-discuss] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 11:28:02 -0000 And here-in lies the problem: I am concerned that in a large group we will not be able to reduce down to a single requirements list – AT THIS TIME. Also- my own experience is that having some decent proposals in front of you often helps drive at least SOME consolidation. From marsh@extendedsubset.com Sun Dec 12 16:47:37 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EF99E3A6D90; Sun, 12 Dec 2010 16:47:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.59 X-Spam-Level: X-Spam-Status: No, score=-2.59 tagged_above=-999 required=5 tests=[AWL=0.009, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bWvmuEKtAYSh; Sun, 12 Dec 2010 16:47:35 -0800 (PST) Received: from mho-02-ewr.mailhop.org (mho-02-ewr.mailhop.org [204.13.248.72]) by core3.amsl.com (Postfix) with ESMTP id 653B93A6D16; Sun, 12 Dec 2010 16:47:35 -0800 (PST) Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-02-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from ) id 1PRwbI-00080u-0i; Mon, 13 Dec 2010 00:49:12 +0000 Received: from [192.168.1.15] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id 2788E60C6; Mon, 13 Dec 2010 00:49:09 +0000 (UTC) X-Mail-Handler: MailHop Outbound by DynDNS X-Originating-IP: 69.164.193.58 X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information) X-MHO-User: U2FsdGVkX1+LS98k8zKrRc2V9A6d+dLVfNCJcc+FPxg= Message-ID: <4D056D83.2020704@extendedsubset.com> Date: Sun, 12 Dec 2010 18:49:07 -0600 From: Marsh Ray User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 MIME-Version: 1.0 To: "Roy T. Fielding" References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <2230EA03-32C5-4D34-BC6B-304E813BE3A7@gbiv.com> In-Reply-To: <2230EA03-32C5-4D34-BC6B-304E813BE3A7@gbiv.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "apps-discuss@ietf.org" , websec , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [websec] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 00:47:37 -0000 On 12/12/2010 04:39 PM, Roy T. Fielding wrote: > > Define them all and let's have a bake-off. It has been 16 years > since HTTP auth was taken out of our hands so that the security > experts could define something perfect. Zero progress so far. Perhaps it's a bad idea? > We > should just define everything and let the security experts do what > they do best -- find the holes and tell us what not to implement. I know some professional pen-testers who would love that! Check out these videos. This is what happens when you take a general-purpose authentication protocol and repurpose it for use across the internet for an insecure application protocol: http://extendedsubset.com/smb_relay_fully_patched.wmv http://extendedsubset.com/smb_reflection_arp_poisoning.wmv http://extendedsubset.com/?p=36 This case is NTLMv2, but the phenomenon is not limited to that. The problem is that most general-purpose authentication protocols do not require enough specificity about the context of the authentication: who and what are you authenticating, to whom, and how does each side know it's operating under the same beliefs as the other? This means that even if the client wants to be careful and authenticate only for the purpose of setting up a secure connection, the attacker can possibly forward that authentication to auth his own connection or transaction on some other service (on the same or even a different server). Most auth protocols don't let the client strongly verify the server's identity before the client has to authenticate with his own. This is probably at least in part because it requires some common infrastructure to do this. So Kerberos and x509 PKI systems can authenticate the server (and sometimes even the target service), but most others do not. Since HTTP lacks connection integrity, it's meaningless to speak of "an authenticated client". Perhaps the only thing that could be meaningfully authenticated is the request data itself. But auth protocols designed for setting up persistent connections typically don't have defined inputs for the message data/digest being signed, so it's often impractical to reuse them for that purpose. These issues have been mostly addressed at the protocol level for TLS client cert authentication. If it really just comes down to deployment and client usability issues, it's hard to imagine coming up with something at another layer which would have less risk than building on top of that. Deploying new uses of compatible, standard authentication protocols over insecure application protocols can be bad for the greater security ecosystem because it widens the field for cross-protocol attacks. - Marsh From dsr@w3.org Mon Dec 13 02:16:17 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8CA3E28C0DD; Mon, 13 Dec 2010 02:16:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1QhYXMl8RCJH; Mon, 13 Dec 2010 02:16:16 -0800 (PST) Received: from lewis.sophia.w3.org (gw.sophia.w3.org [193.51.208.72]) by core3.amsl.com (Postfix) with ESMTP id 55D863A6CF3; Mon, 13 Dec 2010 02:16:16 -0800 (PST) Received: from dsl-217-155-168-222.zen.co.uk ([217.155.168.222] helo=[192.168.1.3]) by lewis.sophia.w3.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from ) id 1PS5TJ-0003FO-IJ; Mon, 13 Dec 2010 10:17:33 +0000 From: Dave Raggett To: "Roy T. Fielding" In-Reply-To: <2230EA03-32C5-4D34-BC6B-304E813BE3A7@gbiv.com> References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <2230EA03-32C5-4D34-BC6B-304E813BE3A7@gbiv.com> Content-Type: text/plain; charset="UTF-8" Organization: W3C Date: Mon, 13 Dec 2010 10:17:34 +0000 Message-ID: <1292235454.20343.122.camel@ivy> Mime-Version: 1.0 X-Mailer: Evolution 2.30.3 Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: Jan Camenisch , "apps-discuss@ietf.org" , websec , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [apps-discuss] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 10:16:17 -0000 And let's not ignore secure privacy enhancing technologies like anonymous credentials and zero knowledge proofs, see e.g: http://www.w3.org/QA/2010/11/boosting_privacy_online_-_anon.html It is often sufficient to know that someone is a member of a group or has certain attributes rather than knowing exactly who that person is. Perhaps we could add to SASL the notion of secure anonymous access for authenticated access? This involves the client generating and passing a proof to the server that satisfies the proof specification and nonce provided by the server. [ Jan, see http://datatracker.ietf.org/wg/kitten/charter/ ] n.b. this work was carried out with support from the European PrimeLife project on privacy and identity, see http://www.primelife.eu/ On Sun, 2010-12-12 at 14:39 -0800, Roy T. Fielding wrote: > On Dec 12, 2010, at 10:40 AM, Alexey Melnikov wrote: > > > Yoav Nir wrote: > > > >> EAP has one advantage. It is easy to integrate with existing > RADIUS/DIAMETER infrastructure. > >> > > True. > > And SASL has an advantage that it is easier to integrate with LDAP > infrastructure. > > > > I think this just demonstrates that before an HTTP authentication > mechanism can be evaluated, people need to agree on a common > evaluation criteria for HTTP authentication. > > Define them all and let's have a bake-off. It has been 16 years since > HTTP auth was taken out of our hands so that the security experts could > define something perfect. Zero progress so far. We should just define > everything and let the security experts do what they do best -- find the > holes and tell us what not to implement. > > ....Roy > _______________________________________________ > apps-discuss mailing list > apps-discuss@ietf.org > https://www.ietf.org/mailman/listinfo/apps-discuss > -- Dave Raggett http://www.w3.org/People/Raggett From dave@cridland.net Mon Dec 13 02:24:26 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4A64D28C0E3; Mon, 13 Dec 2010 02:24:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.524 X-Spam-Level: X-Spam-Status: No, score=-2.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hYtbAzJLozZ9; Mon, 13 Dec 2010 02:24:25 -0800 (PST) Received: from peirce.dave.cridland.net (peirce.dave.cridland.net [IPv6:2001:470:1f09:882:2e0:81ff:fe29:d16a]) by core3.amsl.com (Postfix) with ESMTP id 7F1B33A6D7A; Mon, 13 Dec 2010 02:24:24 -0800 (PST) Received: from localhost (localhost.localdomain [127.0.0.1]) by peirce.dave.cridland.net (Postfix) with ESMTP id 2834911680FB; Mon, 13 Dec 2010 10:26:00 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at peirce.dave.cridland.net Received: from peirce.dave.cridland.net ([127.0.0.1]) by localhost (peirce.dave.cridland.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 718q9D-RRrSU; Mon, 13 Dec 2010 10:25:53 +0000 (GMT) Received: from puncture (puncture.dave.cridland.net [IPv6:2001:470:1f09:882:221:85ff:fe3f:1696]) by peirce.dave.cridland.net (Postfix) with ESMTPA id EDEAF1168110; Mon, 13 Dec 2010 10:25:52 +0000 (GMT) References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> In-Reply-To: <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> MIME-Version: 1.0 Message-Id: <2229.1292235952.971571@puncture> Date: Mon, 13 Dec 2010 10:25:52 +0000 From: Dave Cridland To: Yoav Nir , General discussion of application-layer protocols , websec , Common Authentication Technologies - Next Generation , "http-auth@ietf.org" , "saag@ietf.org" , "ietf-http-wg@w3.org Group" , Eliot Lear Content-Type: text/plain; delsp="yes"; charset="us-ascii"; format="flowed" X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Subject: Re: [saag] [kitten] [apps-discuss] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 10:24:26 -0000 On Sun Dec 12 22:06:29 2010, Yoav Nir wrote: > - It has to be integrated in the protocol, not the application What?! No. It must be integrated in the application. If nothing else can be learnt, then learn this one thing - we have had Basic and Digest support in the protocol for years, but because they cannot easily be integrated into the application, no serious consumer applications use them, even though what they provide is never any better than Basic. If I could wave a magic wand and have all my wishes come true, I'd embed SASL into the web browser such that: - Users are presented with visually-distinct controls embedded into a web page for authentication, much like Extended Validation. Perhaps focussing them turns the address bar red or something. - The SASL message exchanges happen over a WebSocket or equivalent low-latency bidirectional channel. (Perhaps even HTTPS, I suppose - I imagine a webbrowser gets given one or more URIs to use for communications). - The result of this is a one-time password intializer. - Subsequent requests and responses occur with traditional HTTP auth, using some OTP mechanism that requires only a single message. The two parts of the protocol can, and should, be split - many existing websites use a cookie as the result of authentication, and having a more secure variant of this alone would be extremely useful. Note that the key portion of this - embedded SASL - is not really HTTP auth at all, but a Web Application Auth - since that's really the other party to the authentication, it seems quite obvious to me that this should be the authenticating entity. > - It has to be secure against phishing - if the attacker gets you > to authenticate, they can't later use that authentication to > connect to the real server > - If the authentication succeeded, then (a) you typed your password > correctly, and (b) this is really the server > > EAP has some methods that do this. SASL can probably be made to do > this, but with an extra layer. > > SASL also has methods that will do this, I think - I'm not sure what additional layer you're referring to here. Dave. -- Dave Cridland - mailto:dave@cridland.net - xmpp:dwd@dave.cridland.net - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade From adrien@qbik.com Mon Dec 13 02:53:39 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 64E4F28C0DB; Mon, 13 Dec 2010 02:53:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.769 X-Spam-Level: X-Spam-Status: No, score=-5.769 tagged_above=-999 required=5 tests=[AWL=-3.170, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QA-g+RFm1zpx; Mon, 13 Dec 2010 02:53:37 -0800 (PST) Received: from smtp.qbik.com (smtp.qbik.com [210.55.214.35]) by core3.amsl.com (Postfix) with ESMTP id 796D63A6E85; Mon, 13 Dec 2010 02:53:36 -0800 (PST) Received: From [192.168.1.10] (unverified [125.237.244.120]) by SMTP Server [210.55.214.35] (WinGate SMTP Receiver v7.0.0 (Build 3102)) with SMTP id <0017850742@smtp.qbik.com>; Mon, 13 Dec 2010 23:55:11 +1300 Message-ID: <4D05FB8F.3070804@qbik.com> Date: Mon, 13 Dec 2010 23:55:11 +1300 From: Adrien de Croy User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: Dave Cridland References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> In-Reply-To: <2229.1292235952.971571@puncture> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:25 -0800 Cc: General discussion of application-layer protocols , websec , Common Authentication Technologies - Next Generation , "http-auth@ietf.org" , "saag@ietf.org" , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [kitten] [apps-discuss] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 10:53:39 -0000 you might want to reconsider. for instance what would you propose for non-browsers, which perform a large proportion of all HTTP transactions. Also, it seems like it would make the problem about a billion times worse putting the auth into the application, where there are no standards, and therefore it would need to be re-implemented for each different application... kinda like what we have now already. SASL is an orthogonal concept. It's just a framework to negotiate auth, whether that's over HTTP or something else. So, it's a bit of a red herring in this. Yoav is correct, the auth must be in the protocol (1 of these) as opposed to the application (too many of these). The trick is to get the application to actually use the auth of the protocol. Adrien On 13/12/2010 11:25 p.m., Dave Cridland wrote: > On Sun Dec 12 22:06:29 2010, Yoav Nir wrote: >> - It has to be integrated in the protocol, not the application > > What?! No. It must be integrated in the application. If nothing else > can be learnt, then learn this one thing - we have had Basic and > Digest support in the protocol for years, but because they cannot > easily be integrated into the application, no serious consumer > applications use them, even though what they provide is never any > better than Basic. > > If I could wave a magic wand and have all my wishes come true, I'd > embed SASL into the web browser such that: > > - Users are presented with visually-distinct controls embedded into a > web page for authentication, much like Extended Validation. Perhaps > focussing them turns the address bar red or something. > - The SASL message exchanges happen over a WebSocket or equivalent > low-latency bidirectional channel. (Perhaps even HTTPS, I suppose - I > imagine a webbrowser gets given one or more URIs to use for > communications). > - The result of this is a one-time password intializer. > - Subsequent requests and responses occur with traditional HTTP auth, > using some OTP mechanism that requires only a single message. > > The two parts of the protocol can, and should, be split - many > existing websites use a cookie as the result of authentication, and > having a more secure variant of this alone would be extremely useful. > > Note that the key portion of this - embedded SASL - is not really HTTP > auth at all, but a Web Application Auth - since that's really the > other party to the authentication, it seems quite obvious to me that > this should be the authenticating entity. > > >> - It has to be secure against phishing - if the attacker gets you to >> authenticate, they can't later use that authentication to connect to >> the real server >> - If the authentication succeeded, then (a) you typed your password >> correctly, and (b) this is really the server >> >> EAP has some methods that do this. SASL can probably be made to do >> this, but with an extra layer. >> >> > SASL also has methods that will do this, I think - I'm not sure what > additional layer you're referring to here. > > Dave. -- Adrien de Croy - WinGate Proxy Server - http://www.wingate.com From dave@cridland.net Mon Dec 13 03:21:34 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6325F28C0D0; Mon, 13 Dec 2010 03:21:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.532 X-Spam-Level: X-Spam-Status: No, score=-2.532 tagged_above=-999 required=5 tests=[AWL=0.067, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zj7BugRYLD1g; Mon, 13 Dec 2010 03:21:33 -0800 (PST) Received: from peirce.dave.cridland.net (peirce.dave.cridland.net [IPv6:2001:470:1f09:882:2e0:81ff:fe29:d16a]) by core3.amsl.com (Postfix) with ESMTP id 63DCA3A6CD9; Mon, 13 Dec 2010 03:21:32 -0800 (PST) Received: from localhost (localhost.localdomain [127.0.0.1]) by peirce.dave.cridland.net (Postfix) with ESMTP id E14FD1168112; Mon, 13 Dec 2010 11:23:08 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at peirce.dave.cridland.net Received: from peirce.dave.cridland.net ([127.0.0.1]) by localhost (peirce.dave.cridland.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CPfyXaB0kJvE; Mon, 13 Dec 2010 11:23:04 +0000 (GMT) Received: from puncture (puncture.dave.cridland.net [IPv6:2001:470:1f09:882:221:85ff:fe3f:1696]) by peirce.dave.cridland.net (Postfix) with ESMTPA id 43BFF1168110; Mon, 13 Dec 2010 11:23:04 +0000 (GMT) References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> In-Reply-To: <4D05FB8F.3070804@qbik.com> MIME-Version: 1.0 Message-Id: <2229.1292239384.281779@puncture> Date: Mon, 13 Dec 2010 11:23:04 +0000 From: Dave Cridland To: Adrien de Croy , Yoav Nir , General discussion of application-layer protocols , websec , Common Authentication Technologies - Next Generation , "http-auth@ietf.org" , "saag@ietf.org" , "ietf-http-wg@w3.org Group" , Eliot Lear Content-Type: text/plain; delsp="yes"; charset="us-ascii"; format="flowed" X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Subject: Re: [saag] [kitten] [apps-discuss] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 11:21:34 -0000 On Mon Dec 13 10:55:11 2010, Adrien de Croy wrote: > for instance what would you propose for non-browsers, which perform > a large proportion of all HTTP transactions. > > I agree a solution is needed for non-browsers (including IPP, for example). I disagree this needs to be, or should be, the same as a solution for web apps. I disagree that non-browser security is even a major priority at this point in time - it's adequately served by TLS and client certificates and/or Basic auth, depending on the security model desired - this latter I appreciate is a personal opinion. However there is no doubt at all that current webapp deployments are in need of a serious improvement in security, given that these generally use TLS only during authentication itself, and use plaintext usernames and passwords for the authentication itself. > Also, it seems like it would make the problem about a billion times > worse putting the auth into the application, where there are no > standards, and therefore it would need to be re-implemented for > each different application... kinda like what we have now already. Yet every webapp currently uses a form, and it's so close a standard that browsers can, and do, spot login forms and allow the credentials to be cached. As such, I fail to see why we wouldn't want to place better authentication at that layer, where it's quite likely to be actually used. > SASL is an orthogonal concept. It's just a framework to negotiate > auth, whether that's over HTTP or something else. So, it's a bit > of a red herring in this. Right, that's fair enough. > The trick is to get the application to actually use the auth of the > protocol. Yes, but the problem is that existing, deployed, webapps could use Basic right now - they all just ask for a username and password after all. Yet none of them do, in part because of integration issues, but mostly I suspect due to usability and branding issues. We could deploy some more advanced mechanisms in HTTP auth tomorrow, and nobody would use those either. Dave. -- Dave Cridland - mailto:dave@cridland.net - xmpp:dwd@dave.cridland.net - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade From benl@google.com Mon Dec 13 04:07:11 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BF1B83A6D9E for ; Mon, 13 Dec 2010 04:07:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -109.977 X-Spam-Level: X-Spam-Status: No, score=-109.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JNpTtEA-LNSt for ; Mon, 13 Dec 2010 04:07:11 -0800 (PST) Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.35]) by core3.amsl.com (Postfix) with ESMTP id A98723A6E8E for ; Mon, 13 Dec 2010 04:07:08 -0800 (PST) Received: from wpaz1.hot.corp.google.com (wpaz1.hot.corp.google.com [172.24.198.65]) by smtp-out.google.com with ESMTP id oBDC8j0D017212 for ; Mon, 13 Dec 2010 04:08:45 -0800 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1292242126; bh=IjyN8R0N33aGAIFAsPoKvVzfyyw=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type; b=Yb3kzYgDWRmY5mxDWtFvaHfcsHnwpFnk7d/XudI0GYrG1a01QcMwyKKbTQO+DQwjw xZY2rLIyubGVind62c8pw== Received: from pvh11 (pvh11.prod.google.com [10.241.210.203]) by wpaz1.hot.corp.google.com with ESMTP id oBDC8dhc025000 for ; Mon, 13 Dec 2010 04:08:44 -0800 Received: by pvh11 with SMTP id 11so1283738pvh.4 for ; Mon, 13 Dec 2010 04:08:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=jnk/rIg1eD9tZ2qzrBPET1JpYPZwhSbJgLeKzkK3VjE=; b=xbhr0gmJzm0BSQVE4EXZPxPvzxwDbzk8RYeu/+ztSagtknC/eRAIHNvgO9f4wsz56P CYomMJegFuaBAnXh8Dng== DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=Rw1xtelJDClcXIznUGgalnYuvnVjjorS/PQoclxpboKmnhAPy2zJmoWpritlHxlap0 Y59t0yFafY3Qv7+O0gBw== MIME-Version: 1.0 Received: by 10.142.199.20 with SMTP id w20mr3107000wff.419.1292242123701; Mon, 13 Dec 2010 04:08:43 -0800 (PST) Received: by 10.142.47.14 with HTTP; Mon, 13 Dec 2010 04:08:43 -0800 (PST) In-Reply-To: References: <4D02AF81.6000907@stpeter.im> Date: Mon, 13 Dec 2010 12:08:43 +0000 Message-ID: From: Ben Laurie To: Yoav Nir Content-Type: text/plain; charset=ISO-8859-1 X-System-Of-Record: true X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "apps-discuss@ietf.org" , websec , Paul Hoffman , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , Hannes Tschofenig , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [websec] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 12:07:11 -0000 On 11 December 2010 23:10, Yoav Nir wrote: > TLS client certificates work, but as we've learned both with the web and with IPsec clients, people would much rather not use them. A few IETFs ago (Chicago?), a bunch of us tried to push the idea of TLS with EAP authentication. I think what we've learnt is that we need to provide good UI and portability if we want people to use them. From cabo@tzi.org Mon Dec 13 04:12:36 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AB5B63A6D9E; Mon, 13 Dec 2010 04:12:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.316 X-Spam-Level: X-Spam-Status: No, score=-106.316 tagged_above=-999 required=5 tests=[AWL=-0.067, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vlx35im81SA2; Mon, 13 Dec 2010 04:12:35 -0800 (PST) Received: from informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9:209:3dff:fe00:7136]) by core3.amsl.com (Postfix) with ESMTP id A20C03A6DAA; Mon, 13 Dec 2010 04:12:34 -0800 (PST) X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de Received: from smtp-fb3.informatik.uni-bremen.de (smtp-fb3.informatik.uni-bremen.de [134.102.224.120]) by informatik.uni-bremen.de (8.14.3/8.14.3) with ESMTP id oBDCE5FS003904; Mon, 13 Dec 2010 13:14:05 +0100 (CET) Received: from [192.168.217.101] (p5489B2BC.dip.t-dialin.net [84.137.178.188]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp-fb3.informatik.uni-bremen.de (Postfix) with ESMTPSA id 908AF497; Mon, 13 Dec 2010 13:14:04 +0100 (CET) Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: text/plain; charset=us-ascii From: Carsten Bormann In-Reply-To: <2229.1292239384.281779@puncture> Date: Mon, 13 Dec 2010 13:14:03 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> To: General discussion of application-layer protocols , http-auth@ietf.org X-Mailer: Apple Mail (2.1082) X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: Common Authentication Technologies - Next Generation , websec , saag@ietf.org, "ietf-http-wg@w3.org Group" Subject: Re: [saag] [kitten] [apps-discuss] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 12:12:36 -0000 On Dec 13, 2010, at 12:23, Dave Cridland wrote: > every webapp currently uses a form Yes. Nice demonstration of conflicting requirements. As a webapp developer, I want to control the user interface during = authentication. Leaving the user alone with the bland and unforgiving browser user = interface for HTTP auth is suicide. I want to provide extra buttons for forgotten passwords, maybe even = password hints, and a "sign up" method. HTML/CSS/JS lends itself well to providing such a friendly user = interface. As a security geek, I recognize this as exactly the problem that creates = the potential for phishing. Having the user type credentials into a random form is never going to be = secure, HSTS notwithstanding. Maybe the only way to address both requirements is to have something in = HTML/CSS/JS that addresses authentication interactions. Replacing for the 21st century. This would = allow web app designers to design a nice context for this interaction, = and would allow running security protocols that are binding themselves = to a browser-server security association that may be identical to or = different from the TLS envelope. "Storing passwords" in the browser = might turn into storing those security associations. This is not "HTTP authentication", but it might be more useful in the = long run. We'll need the browser people to start any such effort. Gruesse, Carsten PS.: And I'd still like to have some better form of authentication for = machine-to-machine that can be independent from the TLS envelope. But = that is a completely different animal. From lear@cisco.com Mon Dec 13 05:44:17 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 689453A6E96; Mon, 13 Dec 2010 05:44:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -110.119 X-Spam-Level: X-Spam-Status: No, score=-110.119 tagged_above=-999 required=5 tests=[AWL=0.480, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id txPFAo4BN0aO; Mon, 13 Dec 2010 05:44:16 -0800 (PST) Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by core3.amsl.com (Postfix) with ESMTP id B6EF53A6E8E; Mon, 13 Dec 2010 05:44:15 -0800 (PST) Authentication-Results: ams-iport-1.cisco.com; dkim=neutral (message not signed) header.i=none X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApkEALOxBU2Q/khNgWdsb2JhbACDXKAlFQEBFiIppxWKSZAogSGBcYFEdASKeQ X-IronPort-AV: E=Sophos;i="4.59,335,1288569600"; d="scan'208";a="71525320" Received: from ams-core-4.cisco.com ([144.254.72.77]) by ams-iport-1.cisco.com with ESMTP; 13 Dec 2010 13:45:53 +0000 Received: from dhcp-10-61-107-163.cisco.com (dhcp-10-61-107-163.cisco.com [10.61.107.163]) by ams-core-4.cisco.com (8.14.3/8.14.3) with ESMTP id oBDDjqBp005402; Mon, 13 Dec 2010 13:45:52 GMT Message-ID: <4D06239A.60208@cisco.com> Date: Mon, 13 Dec 2010 14:46:02 +0100 From: Eliot Lear User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12) Gecko/20101027 Lightning/1.0b2 Thunderbird/3.1.6 MIME-Version: 1.0 To: Carsten Bormann References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> In-Reply-To: <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:25 -0800 Cc: General discussion of application-layer protocols , websec , Common Authentication Technologies - Next Generation , http-auth@ietf.org, saag@ietf.org, "ietf-http-wg@w3.org Group" Subject: Re: [saag] [apps-discuss] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 13:44:17 -0000 On 12/13/10 1:14 PM, Carsten Bormann wrote: > As a webapp developer, I want to control the user interface during authentication. > Leaving the user alone with the bland and unforgiving browser user interface for HTTP auth is suicide. > I want to provide extra buttons for forgotten passwords, maybe even password hints, and a "sign up" method. > HTML/CSS/JS lends itself well to providing such a friendly user interface. On the other hand, that's what you have today. What is it you want for tomorrow? Eliot From philip.eardley@bt.com Mon Dec 13 06:50:03 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 31E0728C0E8; Mon, 13 Dec 2010 06:50:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.97 X-Spam-Level: X-Spam-Status: No, score=-101.97 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SFRmx7A4jyrQ; Mon, 13 Dec 2010 06:50:00 -0800 (PST) Received: from smtpe1.intersmtp.com (smtp61.intersmtp.COM [62.239.224.234]) by core3.amsl.com (Postfix) with ESMTP id B0FC628C0FB; Mon, 13 Dec 2010 06:49:59 -0800 (PST) Received: from EVMHT68-UKRD.domain1.systemhost.net (10.36.3.105) by RDW083A005ED61.smtp-e1.hygiene.service (10.187.98.10) with Microsoft SMTP Server (TLS) id 8.3.106.1; Mon, 13 Dec 2010 14:51:38 +0000 Received: from EMV65-UKRD.domain1.systemhost.net ([169.254.2.51]) by EVMHT68-UKRD.domain1.systemhost.net ([10.36.3.105]) with mapi; Mon, 13 Dec 2010 14:51:37 +0000 From: To: , Date: Mon, 13 Dec 2010 14:51:35 +0000 Thread-Topic: REMINDER: Multipath TCP - Security interim - Tuesday 14th December 4pm GMT Thread-Index: AcuRedipymRtWZE8RpaaxpraY06BZAJWykPQ Message-ID: <9510D26531EF184D9017DF24659BB87F3272A5B4B6@EMV65-UKRD.domain1.systemhost.net> References: <9510D26531EF184D9017DF24659BB87F326654C75D@EMV65-UKRD.domain1.systemhost.net> In-Reply-To: <9510D26531EF184D9017DF24659BB87F326654C75D@EMV65-UKRD.domain1.systemhost.net> Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB Content-Type: multipart/alternative; boundary="_000_9510D26531EF184D9017DF24659BB87F3272A5B4B6EMV65UKRDdoma_" MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Subject: [saag] REMINDER: Multipath TCP - Security interim - Tuesday 14th December 4pm GMT X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 14:50:03 -0000 --_000_9510D26531EF184D9017DF24659BB87F3272A5B4B6EMV65UKRDdoma_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Just a reminder that we have our security meeting tomorrow at 4pm GMT. I've uploaded the slides onto the wiki - thanks Alan. Talk with you tomorrow Best wishes, Phil & Yoshifumi. From: multipathtcp-bounces@ietf.org [mailto:multipathtcp-bounces@ietf.org] = On Behalf Of philip.eardley@bt.com Sent: 01 December 2010 17:14 To: multipathtcp@ietf.org Subject: [multipathtcp] Multipath TCP - Security interim Please let us know if you'd like a slot on the agenda. Here's a rough draft= agenda: * Background * What attackers are we protecting against * Outline proposed solution * Open issues Webex details are now on wiki http://trac.tools.ietf.org/wg/mptcp/trac/wiki= /Interim_Dec_2010 thanks --_000_9510D26531EF184D9017DF24659BB87F3272A5B4B6EMV65UKRDdoma_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Just a reminder that we have our security meeting tomorrow at= 4pm GMT.

 

I’ve uploaded the slides onto the wiki – thanks Alan= .

<= o:p> 

Talk with you tomorrow

Best wishes,

Phil & Yoshifumi.

 

From: mult= ipathtcp-bounces@ietf.org [mailto:multipathtcp-bounces@ietf.org] On Beha= lf Of philip.eardley@bt.com
Sent: 01 December 2010 17:14
<= b>To: multipathtcp@ietf.org
Subject: [multipathtcp] Multipath= TCP - Security interim

 

Please let us know if you̵= 7;d like a slot on the agenda. Here’s a rough draft agenda:

·       &n= bsp; What attackers are we protecting agains= t

·         Outline proposed solution

·   =       Open issues

 

Webex details are now on wiki http://trac.tools.ietf.org/wg/mptcp/trac/wik= i/Interim_Dec_2010

 =

thanks

= --_000_9510D26531EF184D9017DF24659BB87F3272A5B4B6EMV65UKRDdoma_-- From dave@cridland.net Mon Dec 13 07:14:43 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4F7A83A6EA8; Mon, 13 Dec 2010 07:14:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.539 X-Spam-Level: X-Spam-Status: No, score=-2.539 tagged_above=-999 required=5 tests=[AWL=0.060, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oai1jUCwfRGx; Mon, 13 Dec 2010 07:14:42 -0800 (PST) Received: from peirce.dave.cridland.net (peirce.dave.cridland.net [IPv6:2001:470:1f09:882:2e0:81ff:fe29:d16a]) by core3.amsl.com (Postfix) with ESMTP id 751923A6EA4; Mon, 13 Dec 2010 07:14:40 -0800 (PST) Received: from localhost (localhost.localdomain [127.0.0.1]) by peirce.dave.cridland.net (Postfix) with ESMTP id 640601168110; Mon, 13 Dec 2010 15:16:17 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at peirce.dave.cridland.net Received: from peirce.dave.cridland.net ([127.0.0.1]) by localhost (peirce.dave.cridland.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fI2-sW0P2Uy5; Mon, 13 Dec 2010 15:16:12 +0000 (GMT) Received: from puncture (puncture.dave.cridland.net [IPv6:2001:470:1f09:882:221:85ff:fe3f:1696]) by peirce.dave.cridland.net (Postfix) with ESMTPA id 9E21A11680FB; Mon, 13 Dec 2010 15:16:12 +0000 (GMT) References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> In-Reply-To: <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> MIME-Version: 1.0 Message-Id: <2229.1292253372.639419@puncture> Date: Mon, 13 Dec 2010 15:16:12 +0000 From: Dave Cridland To: Carsten Bormann , Common Authentication Technologies - Next Generation , websec , "saag@ietf.org" , "ietf-http-wg@w3.org Group" , General discussion of application-layer protocols , "http-auth@ietf.org" Content-Type: text/plain; delsp="yes"; charset="us-ascii"; format="flowed" X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Subject: Re: [saag] [apps-discuss] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 15:14:43 -0000 On Mon Dec 13 12:14:03 2010, Carsten Bormann wrote: > Maybe the only way to address both requirements is to have > something in HTML/CSS/JS that addresses authentication interactions. > Replacing for the 21st century. This > would allow web app designers to design a nice context for this > interaction, and would allow running security protocols that are > binding themselves to a browser-server security association that > may be identical to or different from the TLS envelope. "Storing > passwords" in the browser might turn into storing those security > associations. > > Or storing credentials rather than username/password pairs, possibly. But in any case, I think that's close to what we want. As I say, I think we need to establish a session credential of some kind that can be used over unencrypted sessions with some improvement in security over typical fixed cookies that exist today. I'm fine if one of these credential options happens to tie into a TLS property, but I think we'll have to have reasonable security over non-TLS, too. (And by "reasonable", I'm expecting this to be "not as good as if you had TLS") And I absolutely agree that this effort needs strong support from the browser implementors from the start - we also need the same from a few major webapps. Dave. -- Dave Cridland - mailto:dave@cridland.net - xmpp:dwd@dave.cridland.net - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade From ynir@checkpoint.com Mon Dec 13 07:49:17 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3D15E28C0FB; Mon, 13 Dec 2010 07:49:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.673 X-Spam-Level: X-Spam-Status: No, score=-9.673 tagged_above=-999 required=5 tests=[AWL=0.926, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zflb53p1RFGT; Mon, 13 Dec 2010 07:49:16 -0800 (PST) Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by core3.amsl.com (Postfix) with ESMTP id D009628C0E4; Mon, 13 Dec 2010 07:49:15 -0800 (PST) X-CheckPoint: {4D0640DD-4-1B221DC2-2FFFF} Received: from il-ex01.ad.checkpoint.com (il-ex01.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id oBDFooSV009459; Mon, 13 Dec 2010 17:50:50 +0200 Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Mon, 13 Dec 2010 17:50:50 +0200 From: Yoav Nir To: Yaron Sheffer Date: Mon, 13 Dec 2010 17:50:52 +0200 Thread-Topic: [saag] [websec] [kitten] [apps-discuss] HTTP authentication: the next generation Thread-Index: Acua3YNg2kbXw68wS5e96OwOd0Ko4A== Message-ID: <878FA115-D801-4063-AD87-DB2C2B2DE0D1@checkpoint.com> References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <5D5AF795-22AB-4726-B791-3706693466C3@checkpoint.com> <4D063CA5.8060907@gmail.com> In-Reply-To: <4D063CA5.8060907@gmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "Common@core3.amsl.com" , protocols , websec , -, General, Generation , "http-auth@ietf.org" , "ietf-http-wg@w3.org Group" , Carsten Bormann , "saag@ietf.org" Subject: Re: [saag] [websec] [kitten] [apps-discuss] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 15:49:17 -0000 On Dec 13, 2010, at 5:32 PM, Yaron Sheffer wrote: > Just like the phrase "I am not a lawyer" is always followed by amateur=20 > legal advice (I know that for sure, I've done it myself), the same goes=20 > for "I am not a UI expert". >=20 > Two comments: >=20 > - There are in fact a few security-usability experts. I don't know if=20 > any of them participate in the IETF. This is an emerging research field,= =20 > see e.g. http://oreilly.com/catalog/9780596008277. >=20 > - (I am not a UI expert, but...) Devising UI cues is extremely=20 > difficult. People will gladly enter their password when the web site=20 > displays a JPEG-rendered padlock icon. I don't know how to stop them, unless the "special" UI cue becomes so ubiqu= itous, that its absence causes the user to think, "wait a minute. This does= not look like authentication!" As long as every website has authentication that looks different and not di= fferent enough from regular web browsing, people are going to accept any we= b form as a legitimate authentication dialog. > In fact *legitimate* sites have=20 > been known to display such icons, strange as it may sound. >=20 > Thanks, > Yaron From julian.reschke@gmx.de Mon Dec 13 08:04:28 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7F22D28C10E for ; Mon, 13 Dec 2010 08:04:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.834 X-Spam-Level: X-Spam-Status: No, score=-104.834 tagged_above=-999 required=5 tests=[AWL=-2.235, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jPaO540iK6Dm for ; Mon, 13 Dec 2010 08:04:27 -0800 (PST) Received: from mail.gmx.net (mailout-de.gmx.net [213.165.64.23]) by core3.amsl.com (Postfix) with SMTP id B477828C0E2 for ; Mon, 13 Dec 2010 08:04:26 -0800 (PST) Received: (qmail invoked by alias); 13 Dec 2010 15:39:23 -0000 Received: from mail.greenbytes.de (EHLO [192.168.1.133]) [217.91.35.233] by mail.gmx.net (mp013) with SMTP; 13 Dec 2010 16:39:23 +0100 X-Authenticated: #1915285 X-Provags-ID: V01U2FsdGVkX18UHbgtRrAUjdGBQU5gg4BvM7LRRZTDqhBbrFmn67 sCLQ8sxb3b/4dZ Message-ID: <4D063E2A.3010108@gmx.de> Date: Mon, 13 Dec 2010 16:39:22 +0100 From: Julian Reschke User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: Peter Saint-Andre References: <4D02AF81.6000907@stpeter.im> In-Reply-To: <4D02AF81.6000907@stpeter.im> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "apps-discuss@ietf.org" , websec@ietf.org, "kitten@ietf.org" , http-auth@ietf.org, saag@ietf.org, "ietf-http-wg@w3.org Group" Subject: Re: [saag] [websec] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 16:04:28 -0000 On 10.12.2010 23:53, Peter Saint-Andre wrote: > Is it time to start thinking about next-generation authentication > technologies for HTTP? > > We all know that BASIC and DIGEST are ancient and crufty and lacking > many features and security properties we might want, but there hasn't > been much discussion about more modern approaches. Here are a few things > I've found: > ... Probably. But while doing so, we need to look at the existing base as well. HTTPbis now includes the HTTP authentication framework (essentially RFC2617 minus Basic and Digest). The HTTPbis WG is interested on feedback on the remaining issues (such as Realm required?, and considerations for new schemes). Also, I believe Basic is not going to go away, and I'd really like to fix its I18N problem. Proposal here: . Best regards, Julian From tim-projects@sentinelchicken.org Mon Dec 13 09:08:57 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CF43228C0E4 for ; Mon, 13 Dec 2010 09:08:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.265 X-Spam-Level: X-Spam-Status: No, score=-2.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ld03Yv-xISsX for ; Mon, 13 Dec 2010 09:08:56 -0800 (PST) Received: from sentinelchicken.org (mail.sentinelchicken.org [69.168.48.72]) by core3.amsl.com (Postfix) with ESMTP id 990D13A6CB5 for ; Mon, 13 Dec 2010 09:08:56 -0800 (PST) Received: (qmail 28268 invoked from network); 13 Dec 2010 17:21:10 -0000 Received: from unknown (HELO pascal.sentinelchicken.org) (10.81.64.2) by feynman.sentinelchicken.org with ESMTPS (DHE-RSA-AES256-SHA encrypted); 13 Dec 2010 17:21:10 -0000 Received: (qmail 2438 invoked from network); 13 Dec 2010 17:14:14 -0000 Received: from shannon.sentinelchicken.org (10.81.64.4) by pascal.sentinelchicken.org with SMTP; 13 Dec 2010 17:14:14 -0000 Received: (nullmailer pid 4529 invoked by uid 1000); Mon, 13 Dec 2010 17:10:33 -0000 Date: Mon, 13 Dec 2010 09:10:33 -0800 From: Tim Morgan To: Dave Cridland Message-ID: <20101213171033.GA2111@sentinelchicken.org> References: <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <2229.1292253372.639419@puncture> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2229.1292253372.639419@puncture> User-Agent: Mutt/1.5.20 (2009-06-14) X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: General discussion of application-layer protocols , websec , Common Authentication Technologies - Next Generation , "http-auth@ietf.org" , "saag@ietf.org" , Carsten Bormann , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [apps-discuss] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 17:36:22 -0000 Hi Everyone, These last few messages do a great job outlining both the real problems that face adoption of HTTP authentication without a customizable user interface, and the fact that HTTP authentication is perhaps more secure than form-based authentication (as well as being a requirement for automated/non-GUI clients). I did some work not long ago on this and found that we can have our cake and eat it too. That is, even with current browser implementations, one can utilize HTTP Basic/Digest with an HTML form (if desired). (Yes, once again, HTML forms may allow for easier phishing, etc, but that is what the HTTP Mutual authentication proposal can address.) My position paper is here: http://vsecurity.com/download/papers/WeaningTheWebOffOfSessionCookies.pdf And some proof of concept code for forms-based HTTP authentication can be found on this page: http://vsecurity.com/resources/tool The implementation is hacky right now, because, at the time of development and testing, browsers didn't adhere well to the draft XMLHttpRequest standard. I haven't checked the status of browser implementations, but the proposed standard still requires a behavior that is workable with such a system. So all of these pieces are coming together on their own to allow for forms-based HTTP authentication. The major outstanding piece needed for most web applications with HTTP authentication is the ability to log out. The ability to instruct a browser, in an standard way (preferrably with HTTP response headers) to forget the credentials it has cached. Writing a draft RFC for this has been on my list for some time, but I've been quite busy this year. For those interested, I can dig up some of the previous discussion threads... cheers, tim From smb@cs.columbia.edu Mon Dec 13 10:55:34 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 14F4628C0DF; Mon, 13 Dec 2010 10:55:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PESEjYVnT6nU; Mon, 13 Dec 2010 10:55:32 -0800 (PST) Received: from brinza.cc.columbia.edu (brinza.cc.columbia.edu [128.59.29.8]) by core3.amsl.com (Postfix) with ESMTP id 4A39128C0F8; Mon, 13 Dec 2010 10:55:32 -0800 (PST) Received: from dyn-209-2-229-36.dyn.columbia.edu (dyn-209-2-229-36.dyn.columbia.edu [209.2.229.36]) (user=smb2132 mech=PLAIN bits=0) by brinza.cc.columbia.edu (8.14.4/8.14.3) with ESMTP id oBDIv34P024750 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 13 Dec 2010 13:57:04 -0500 (EST) Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: text/plain; charset=us-ascii From: Steven Bellovin In-Reply-To: <4D063CA5.8060907@gmail.com> Date: Mon, 13 Dec 2010 13:57:03 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <5D5AF795-22AB-4726-B791-3706693466C3@checkpoint.com> <4D063CA5.8060907@gmail.com> To: Yaron Sheffer X-Mailer: Apple Mail (2.1082) X-No-Spam-Score: Local X-Scanned-By: MIMEDefang 2.68 on 128.59.29.8 X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: Common@core3.amsl.com, General discussion of application-layer protocols , websec , - Next Generation , "http-auth@ietf.org" , "ietf-http-wg@w3.org Group" , Carsten Bormann , "saag@ietf.org" Subject: Re: [saag] [websec] [kitten] [apps-discuss] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 18:55:34 -0000 On Dec 13, 2010, at 10:32 53AM, Yaron Sheffer wrote: > Just like the phrase "I am not a lawyer" is always followed by amateur = legal advice (I know that for sure, I've done it myself), the same goes = for "I am not a UI expert". >=20 > Two comments: >=20 > - There are in fact a few security-usability experts. I don't know if = any of them participate in the IETF. This is an emerging research field, = see e.g. http://oreilly.com/catalog/9780596008277. >=20 > - (I am not a UI expert, but...) Devising UI cues is extremely = difficult. People will gladly enter their password when the web site = displays a JPEG-rendered padlock icon. In fact *legitimate* sites have = been known to display such icons, strange as it may sound. Security and usability *is* one of my research areas. I agree with = Yoav: there are many problems with use of client-side certificates. In = general, I like them -- the only way to log in to the computers I = control is with public-key authenticated SSH -- but there are very good = reasons why they are seldom used. Private key storage and transport is = the major one, but key issuance and recovery from lost or stolen keys = are serious issues as well. The security community has made that worse = by layering heavyweight policies and procedures on top of the = certificate issuance process, even when the value of the resource being = protected isn't high enough to justify it. (I've been worrying about usability issues for a long time. There was = one I-D that I dealt with as AD that I abstained on -- I wouldn't vote = "no-ob" because I did object, but I had no better suggestion than "go = back and start over". While dealing with that document, I emailed one = of the top usability people and asked Do you know of papers on the difficulty of administering complex=20= access control lists? I'm trying to convince people that a=20 seriously-complex scheme will lead to massive security failures,=20= because no one will be able to get the ACLs right. So yes, there are people in the IETF who worry about UI issues.) --Steve Bellovin, http://www.cs.columbia.edu/~smb From marsh@extendedsubset.com Mon Dec 13 11:23:03 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7037028C0DF; Mon, 13 Dec 2010 11:23:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.591 X-Spam-Level: X-Spam-Status: No, score=-2.591 tagged_above=-999 required=5 tests=[AWL=0.008, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eiu44KNobs2s; Mon, 13 Dec 2010 11:23:01 -0800 (PST) Received: from mho-01-ewr.mailhop.org (mho-01-ewr.mailhop.org [204.13.248.71]) by core3.amsl.com (Postfix) with ESMTP id 11CFF3A6DEB; Mon, 13 Dec 2010 11:23:01 -0800 (PST) Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-01-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from ) id 1PSE0k-000367-F9; Mon, 13 Dec 2010 19:24:38 +0000 Received: from [192.168.1.15] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id 794AD60C6; Mon, 13 Dec 2010 19:24:34 +0000 (UTC) X-Mail-Handler: MailHop Outbound by DynDNS X-Originating-IP: 69.164.193.58 X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information) X-MHO-User: U2FsdGVkX1/Q37PlkAZHnTRK33n7uni+GlAsvheYsbA= Message-ID: <4D0672F2.4070600@extendedsubset.com> Date: Mon, 13 Dec 2010 13:24:34 -0600 From: Marsh Ray User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 MIME-Version: 1.0 To: Yoav Nir References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <5D5AF795-22AB-4726-B791-3706693466C3@checkpoint.com> <4D063CA5.8060907@gmail.com> <878FA115-D801-4063-AD87-DB2C2B2DE0D1@checkpoint.com> In-Reply-To: <878FA115-D801-4063-AD87-DB2C2B2DE0D1@checkpoint.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "Common@core3.amsl.com" , protocols , websec , General@core3.amsl.com, Generation , "http-auth@ietf.org" , "ietf-http-wg@w3.org Group" , "saag@ietf.org" Subject: Re: [saag] [websec] [kitten] [apps-discuss] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 19:23:03 -0000 On 12/13/2010 09:29 AM, Yoav Nir wrote: > > On Dec 13, 2010, at 4:24 PM, Rene Struik wrote: > >> Hi Yoav: >> >> Could you summarize the main problems with client certificates. To >> my knowledge, there are no technical problems with computational >> bottlenecks on the client side yet. The only problem area I could >> think of would be storage of private keys, but this seems >> solvable. >> >> Similarly, if you could point out main usability problems with >> certs that would be great (is this a general problem, or just an >> artifact of the way these are currently used?). Problems stem from >> realistic requirements not being met, so it is good to capture >> these. > > I can see several problems with client certificates, most related to > usability, but some also to security: > > * Certificates do not authenticate the user. They authenticate a > device. I don't think they do that exactly either. The client cert is generally public, its private key is a secret like a password, but one that's too hard to memorize. > Placing a certificate on my laptop is a close enough > approximation to authenticating *me*, but then I can't use the same > certificate on my home computer, my phone, Why not? > or the computer at some > Internet cafe or hotel business center. But there's nothing that you can do securely on an untrusted computer. Sometimes people propose the idea of a secure boot CD users carry around, but those can't defend against trojaned firmware or hardware. > Passwords, on the other hand, > are with me wherever I go, and can be used with any device. They have some pretty significant limitations too. > * A possible solution to the first problem would be to issue multiple > certificates for use in phone, laptop and desktop. But this makes the > management of all these certificates even more complicated, N users, M sites. N is billions, M is millions. N * M = a big number. Perhaps if we accept it as an inherently complicated problem then we can give people tools that they need? > and increases the attack surface. Honestly, could it be any worse? > * While some places of business, governments and militaries are > willing to spend the money and effort required to provision > certificates for all employees, I don't see companies doing it for > customers. It's never a good idea to bet that something is too big > for Google to do, but I can't imagine them issuing client > certificates to all gmail users. Ha! I bet if we double-dog dared them, they just might. Remember that they went all-TLS for gmail, when every other smaller site was saying it was un-economic. > Even banks, with real money at stake > don't do it, because the support costs would exceed the losses to > phishing. My understanding is that some banks do, in fact, use client certs. But from what I've seen, the economics and risk motivations of the banking sector are just really weird. It varies by country, and in the US it's still not entirely clear yet who's liable for losses due to online security. Banking is just so different than everyone else that it's usually not helpful to use it as an example it in general security discussion. > * Issuing certificates does not solve the problem with Internet > cafes. It makes no sense for me to install a browser certificate on > some random computer. Again, there's nothing you can do to make a login session secure from an untrusted machine. Perhaps we should throw this scenario out for the purposes of this discussion? > But don't take my word for it. Certificates are so inconvenient, that > people would rather use some two-factor authentication solution, > where you type in a password, and then get a one-time code on either > a fob or through an SMS message to your phone, which is what Marsh's > company does. The key thing is that the phone is something most people already have and are comfortable using. It's hard to overstate the value of that. Nevertheless, what we (well, Marketing in particular :-) are continually up against is this: on some level, the entire purpose of strengthening the authentication is to make it harder to log in to the computer. We can do our best to minimize how much harder it is for the legitimate user, and maximize how much harder it is for the bad guy, but at the end of the day the system ends up having more ways to say 'no'. For most systems, the vast majority of 'no's are not actual attacks. Theatrics that don't provide real security are obviously worthless, but so are strong systems that people don't use. This trade-off between security and usability is very real, not theoretical. Perfect example: On 12/13/2010 06:14 AM, Carsten Bormann wrote: > > As a webapp developer, I want to control the user interface during > authentication. Leaving the user alone with the bland and > unforgiving browser user interface for HTTP auth is suicide. I want > to provide extra buttons for forgotten passwords, maybe even > password hints, and a "sign up" method. Yeah. How did the user select their password for the website in the first place, if not by an HTML form POST? If it was good enough for the initial sign up, why should the web designer use something other than HTML form POST for the regular login? (These are rhetorical questions.) > HTML/CSS/JS lends itself > well to providing such a friendly user interface. > > As a security geek, I recognize this as exactly the problem that > creates the potential for phishing. Having the user type > credentials into a random form is never going to be secure, HSTS > notwithstanding. Right. Any time there's an untrusted app painting into a rectangle (e.g. the browser window) the only ways to communicate with the user securely is outside of that rectangle. Which is why the URL and lock icon are in the browser chrome (and why we're in the out-of-band authentication business). As people use more mobile devices with smaller screens, this chrome gets mostly optimized away (and may confuse the degree to which the phone is truly out-of-band). There's clearly a large set of users for whom this "rectangle" principle is too complicated. (It probably doesn't help that browsers allow web pages to open new windows, set the title bar and icon, and that they repurpose the untrusted rectangle to discuss certificate errors.) The most secure way I've seen to handle password entry is (don't laugh) MS Windows NT through Vista. Windows NT implemented Orange Book security and required a "secure attention key" sequence (ctrl+alt+del) before every password request. Vista UAC, though a failure in many ways, would switch the entire console session, going so far as to reinitializing hardware drivers in the process. It performs a whole-screen dimming effect which was said to be difficult to duplicate (I'm not sure in practice). So IMHO, significant improvements in web authentication would be greatly beneficial. But they will have to: * Require connection integrity. This probably means mandatory TLS. * Require a user interaction that takes place outside the insecure browser rectangle and feels different enough that it's easy to explain the difference. * Not leak info to untrusted parties. These days privacy is often more important than traditional security. * Support browser vendors in making a UI that "sucks less" to have to use, or possibly have to use it less. Put users in control of their identity and auth credentials without nagging them repeatedly until they give in and click the "Yes to all" button. * Represent an actual improvement in security over the current standard of HTML form POST password and secret HTTP session cookie. - Marsh From hotz@jpl.nasa.gov Mon Dec 13 14:59:22 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9B02E3A6E17; Mon, 13 Dec 2010 14:59:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aUbgw5CTrroQ; Mon, 13 Dec 2010 14:59:21 -0800 (PST) Received: from mail.jpl.nasa.gov (sentrion1.jpl.nasa.gov [128.149.139.105]) by core3.amsl.com (Postfix) with ESMTP id 74E583A6E08; Mon, 13 Dec 2010 14:59:21 -0800 (PST) Received: from laphotz.jpl.nasa.gov (laphotz.jpl.nasa.gov [128.149.133.44]) (authenticated (0 bits)) by smtp.jpl.nasa.gov (Switch-3.4.3/Switch-3.4.3) with ESMTP id oBDN0lTC010816 (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits) verified NO); Mon, 13 Dec 2010 15:00:48 -0800 Mime-Version: 1.0 (Apple Message framework v1081) Content-Type: text/plain; charset=us-ascii From: "Henry B. Hotz" In-Reply-To: <4D0672F2.4070600@extendedsubset.com> Date: Mon, 13 Dec 2010 15:00:46 -0800 Content-Transfer-Encoding: 7bit Message-Id: References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <5D5AF795-22AB-4726-B791-3706693466C3@checkpoint.com> <4D063CA5.8060907@gmail.com> <878FA115-D801-4063-AD87-DB2C2B2DE0D1@checkpoint.com> <4D0672F2.4070600@extendedsubset.com> To: Marsh Ray X-Mailer: Apple Mail (2.1081) X-Source-IP: laphotz.jpl.nasa.gov [128.149.133.44] X-Source-Sender: hotz@jpl.nasa.gov X-AUTH: Authorized X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "Common@core3.amsl.com" , protocols , websec , "General@core3.amsl.com" , Generation , "http-auth@ietf.org" , "ietf-http-wg@w3.org Group" , "saag@ietf.org" Subject: Re: [saag] [http-auth] [websec] [kitten] [apps-discuss] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 22:59:22 -0000 On Dec 13, 2010, at 11:24 AM, Marsh Ray wrote: > So IMHO, significant improvements in web authentication would be greatly > beneficial. But they will have to: > > * Require connection integrity. This probably means mandatory TLS. > > * Require a user interaction that takes place outside the insecure > browser rectangle and feels different enough that it's easy to explain > the difference. > > * Not leak info to untrusted parties. These days privacy is often more > important than traditional security. > > * Support browser vendors in making a UI that "sucks less" to have to > use, or possibly have to use it less. Put users in control of their > identity and auth credentials without nagging them repeatedly until they > give in and click the "Yes to all" button. > > * Represent an actual improvement in security over the current standard > of HTML form POST password and secret HTTP session cookie. > > - Marsh +1 ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu From hotz@jpl.nasa.gov Mon Dec 13 15:02:10 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2B3B028C0D8; Mon, 13 Dec 2010 15:02:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NaTpeSJZroRq; Mon, 13 Dec 2010 15:02:08 -0800 (PST) Received: from mail.jpl.nasa.gov (mailhost.jpl.nasa.gov [128.149.139.105]) by core3.amsl.com (Postfix) with ESMTP id D13563A6E1A; Mon, 13 Dec 2010 15:02:08 -0800 (PST) Received: from laphotz.jpl.nasa.gov (laphotz.jpl.nasa.gov [128.149.133.44]) (authenticated (0 bits)) by smtp.jpl.nasa.gov (Switch-3.4.3/Switch-3.4.3) with ESMTP id oBDN3T2I012748 (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits) verified NO); Mon, 13 Dec 2010 15:03:30 -0800 Mime-Version: 1.0 (Apple Message framework v1081) Content-Type: text/plain; charset=us-ascii From: "Henry B. Hotz" In-Reply-To: Date: Mon, 13 Dec 2010 15:03:29 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: <5649AF9C-AEF5-401C-AE45-85D361743D2E@jpl.nasa.gov> References: <4D02AF81.6000907@stpeter.im> To: Ben Laurie X-Mailer: Apple Mail (2.1081) X-Source-IP: laphotz.jpl.nasa.gov [128.149.133.44] X-Source-Sender: hotz@jpl.nasa.gov X-AUTH: Authorized X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "apps-discuss@ietf.org" , websec , Paul Hoffman , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , Hannes Tschofenig , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [http-auth] [websec] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 23:02:10 -0000 On Dec 13, 2010, at 4:08 AM, Ben Laurie wrote: > On 11 December 2010 23:10, Yoav Nir wrote: >> TLS client certificates work, but as we've learned both with the web = and with IPsec clients, people would much rather not use them. A few = IETFs ago (Chicago?), a bunch of us tried to push the idea of TLS with = EAP authentication. >=20 > I think what we've learnt is that we need to provide good UI and > portability if we want people to use them. I think it's a "complete system" problem. You need a decent UI paradigm (not just a GUI), a respectable means of = issuing/deploying them, a respectable means of storing them for use by = multiple applications, and APIs and hooks that make them as easy to = develop with as cookies. Also all the capability needs to already be in = place, so there's no "plug-in installation" or equivalent. By "respectable" I mean something a security expert won't laugh at, = which doesn't also violate the UI paradigm. For all the people who say that we don't have to have perfect security, = or we need to support http:, not just https:, I respectfully claim that = you're off base. We don't need *more* less-than-secure mechanisms. We = need actually-secure mechanisms that real people can actually use. TLS with client certs qualifies as "actually-secure" (as would TLS with = draft-williams..sasl..04). Wouldn't we be better off putting our energy = into making it actually-usable, than in starting from scratch? ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu From Nicolas.Williams@oracle.com Mon Dec 13 15:16:45 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BAB6E28C122; Mon, 13 Dec 2010 15:16:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.539 X-Spam-Level: X-Spam-Status: No, score=-6.539 tagged_above=-999 required=5 tests=[AWL=0.059, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ElC+7mJvPtgK; Mon, 13 Dec 2010 15:16:44 -0800 (PST) Received: from rcsinet10.oracle.com (rcsinet10.oracle.com [148.87.113.121]) by core3.amsl.com (Postfix) with ESMTP id 2EE153A6E22; Mon, 13 Dec 2010 15:16:36 -0800 (PST) Received: from rcsinet13.oracle.com (rcsinet13.oracle.com [148.87.113.125]) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.2) with ESMTP id oBDNI0IX021792 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 13 Dec 2010 23:18:01 GMT Received: from acsmt353.oracle.com (acsmt353.oracle.com [141.146.40.153]) by rcsinet13.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id oBDNFlHt003010; Mon, 13 Dec 2010 23:17:59 GMT Received: from abhmt004.oracle.com by acsmt354.oracle.com with ESMTP id 870944751292282232; Mon, 13 Dec 2010 15:17:12 -0800 Received: from oracle.com (/10.135.188.51) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 13 Dec 2010 15:17:10 -0800 Date: Mon, 13 Dec 2010 17:17:08 -0600 From: Nicolas Williams To: Luke Howard Message-ID: <20101213231708.GB1091@oracle.com> References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> User-Agent: Mutt/1.5.20 (2010-03-02) X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "apps-discuss@ietf.org" , websec , Paul Hoffman , "kitten@ietf.org" , "http-auth@ietf.org" , "saag@ietf.org" , Hannes Tschofenig , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 23:16:45 -0000 On Sun, Dec 12, 2010 at 12:38:07PM +1100, Luke Howard wrote: > > On 12/12/2010, at 10:10 AM, Yoav Nir wrote: > > > > > On Dec 11, 2010, at 1:09 AM, Paul Hoffman wrote: > > > >> At 3:53 PM -0700 12/10/10, Peter Saint-Andre wrote: > >>> Other than that, I'm not aware of much activity. What have I missed? > >> > >> TLS client certificates. > > > > TLS client certificates work, but as we've learned both with the web and with IPsec clients, people would much rather not use them. A few IETFs ago (Chicago?), a bunch of us tried to push the idea of TLS with EAP authentication. > > > > http://tools.ietf.org/html/draft-nir-tls-eap > > Does draft-williams-tls-app-sasl-opt-04.txt + abfab get you the moral equivalent? _I_ believe it does :) From Nicolas.Williams@oracle.com Mon Dec 13 15:18:46 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 048B53A6E08; Mon, 13 Dec 2010 15:18:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.54 X-Spam-Level: X-Spam-Status: No, score=-6.54 tagged_above=-999 required=5 tests=[AWL=0.058, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6sxbTWuIL3ji; Mon, 13 Dec 2010 15:18:45 -0800 (PST) Received: from rcsinet10.oracle.com (rcsinet10.oracle.com [148.87.113.121]) by core3.amsl.com (Postfix) with ESMTP id E7FC23A6D4A; Mon, 13 Dec 2010 15:18:44 -0800 (PST) Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.2) with ESMTP id oBDNK9sd024453 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 13 Dec 2010 23:20:10 GMT Received: from acsmt355.oracle.com (acsmt355.oracle.com [141.146.40.155]) by acsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id oBDNDrdP001633; Mon, 13 Dec 2010 23:20:05 GMT Received: from abhmt005.oracle.com by acsmt355.oracle.com with ESMTP id 870947501292282318; Mon, 13 Dec 2010 15:18:38 -0800 Received: from oracle.com (/10.135.188.51) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 13 Dec 2010 15:18:37 -0800 Date: Mon, 13 Dec 2010 17:18:36 -0600 From: Nicolas Williams To: Yaron Sheffer Message-ID: <20101213231836.GC1091@oracle.com> References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4D0479E3.4050508@gmail.com> User-Agent: Mutt/1.5.20 (2010-03-02) X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "apps-discuss@ietf.org" , websec , Paul Hoffman , "kitten@ietf.org" , "http-auth@ietf.org" , Luke Howard , "saag@ietf.org" , Hannes Tschofenig , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 23:18:46 -0000 On Sun, Dec 12, 2010 at 09:29:39AM +0200, Yaron Sheffer wrote: > I am not a big fan of EAP myself (although I am a co-author on > Yoav's TLS-EAP), but no, for pragmatic reasons SASL is not the moral > equivalent. > > There is a number of EAP methods that provide zero-knowledge > password based mutual authentication (i.e. password based auth > that's *not* susceptible to dictionary attacks). These include (see http://www.iana.org/assignments/eap-numbers/eap-numbers.xml#eap-numbers-3): > EAP-SRP-SHA1, EAP-pwd, EAP-EKE and EAP-SPEKE. You missed the ABFAB thing... ABFAB WG is producing [drumroll please] a GSS-API mechanism that uses EAP. And SASL can use GSS mechanisms (via "GS2" [RFC5801]). So, I believe that the answer is "yes". Nico -- From y.oiwa@aist.go.jp Mon Dec 13 22:24:41 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4EEE13A6E3A; Mon, 13 Dec 2010 22:24:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.345 X-Spam-Level: X-Spam-Status: No, score=-5.345 tagged_above=-999 required=5 tests=[AWL=-5.255, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QB+AzlpHWPT6; Mon, 13 Dec 2010 22:24:39 -0800 (PST) Received: from faust.rcis.jp (faust.rcis.jp [61.194.89.210]) by core3.amsl.com (Postfix) with ESMTP id DAB4E3A6E3C; Mon, 13 Dec 2010 22:24:38 -0800 (PST) Received: from [192.168.58.137] (pl432.nas936.p-tokyo.nttpc.ne.jp [219.102.56.176]) (authenticated bits=0) by faust.rcis.jp (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id oBE6PkkY015716 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Tue, 14 Dec 2010 15:25:49 +0900 Message-ID: <4D070DEC.707@aist.go.jp> Date: Tue, 14 Dec 2010 15:25:48 +0900 From: Yutaka OIWA Organization: RCIS, AIST User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: Yoav Nir References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <2230EA03-32C5-4D34-BC6B-304E813BE3A7@gbiv.com> <4D056D83.2020704@extendedsubset.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "ietf-http-wg@w3.org Group" , "http-auth@ietf.org" , websec , "saag@ietf.org" , Marsh Ray Subject: Re: [saag] [http-auth] [websec] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: http-auth@ietf.org List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 06:24:41 -0000 Dear Yoav, [notice: Reply-to limited] (1) I largely agree with your view on Cookie and Client certificates. Client certificates are only useful for Web world in very limited cases. In reality, many banks in Japan (may be in US too?) introduce cert authentication for corporate-account on-line banking but not for personal account counterparts. It introduce heavy burden for both server and client sides, which cannot be justified for required security. Also, use cases of Web authentication is not limited to the "strong identity" which usually tied with the client certificates and CA hierarchies. In many use-cases sites introduce simple interfaces accepting "almost anonymous" registrations. Issuing a certificate for every user of every such services is unlikely, and tieing those accounts with existing client certificates introduces serious privacy concerns. (2) However, I am not agreeing with putting the authentication in the layer lower than HTTP. TLS authentication will only work for site-wide fixed setting of authentications, which is not deployable for large numbers of websites. See how Yahoo serves for both unauthenticated and authenticated users, and how Google implements their "GMail for your domains" (log in/out control is independent for each domain-account, hosted on the single server). More technically, It is semantically wrong. HTTP has two layers of "messaging channels" inside it: the lower level is a "keep-alive" stream transport (TCP and TLS), and the higher level is a packet interface made by pairs of a request and a response. From the application point of view, the authorization happens on the higher level. For each resources the server may either request or not request the authentication, and the clients respond with that. The resources on a single server may belong to several separate "authentication realms", including special "unauthenticated" one. For such settings, authentication should be tied to the "higher level" in whatever way. If you put authentication in the lower level, requests for the different realms wil mix up in the inappropriate lower channel. Changing those semantics is too hard and seems inappropriate for any deployments. This gives an answer for the reason that *for some Web/HTTP application* TLS auth works: each of these is so simple enough that it only have a one "authentication realm" inside it. The corporate banking is so, and so is IPP. It is also true for many non-HTTP TLS applications such as POP3 and IMAP. But it is not true for general Web applications, end we cannot enforce such design restrictions for Web services. People often concern about the security impact which arise from putting auth in the higher layer. Such a problem can be solved technically, for example by using channel bindings. Careful designs of protocols can gives even better operational properties than TLS-based authentications. For example, our Mutual auth proposal can be used securely on HTTPS, preventing man-in-the-middle credential forwarding attacks, while allowing off-loading of TLS overhead to existing hardware TLS accelerators without any changes. (4) For non-TLS applications: in the real world I've heard too much voices about inapplicabilities of HTTPS in the real systems. I think that authentication in the non-HTTPS world MUST be improved, too. In fact, not a single person asked (requested) me whether our Mutual authentication can be used for integrity protection on non-HTTPS responces, as HTTPS is not deployable for whole their services, and they need to improve authentication (and integrity). On 2010/12/13 17:49, Yoav Nir wrote: > > On Dec 13, 2010, at 2:49 AM, Marsh Ray wrote: > >> On 12/12/2010 04:39 PM, Roy T. Fielding wrote: >>> >>> Define them all and let's have a bake-off. It has been 16 years >>> since HTTP auth was taken out of our hands so that the security >>> experts could define something perfect. Zero progress so far. >> >> Perhaps it's a bad idea? > > Disagree. Authentication is very much needed in the web. The current state is that websites have you fill in a form, and store a session cookie. We all know how this fails. An attacker can make a login page that looks like google's or paypal's or bankleumi.co.il just as easily as the respective organizations, and gain access to their credentials. > > This is good enough for Google, who need the cookies to track your searches and emails so as to match them to ads. A little bit of someone searching the web with someone else's userid doesn't make much difference to them. But if I have some important information in my gmail account, or money in bankleumi, I would like to avoid sending my password in the clear to an attacker's site. And things like SRP can do this. If SRP succeeds with a remote server, I know that it's the right server. > > Client certificates would work even better, but client certificates have their own set of problems, which is why they're not widely used. > > I agree with you that layering whatever authentication on top of HTTP without at least message authentication is not a good idea, so TLS seems like the right choice - all those bank and email sites are already doing it. But we do need something more useable than certificates, and for now, this means passwords. > >> >>> We >>> should just define everything and let the security experts do what >>> they do best -- find the holes and tell us what not to implement. >> >> I know some professional pen-testers who would love that! >> >> Check out these videos. This is what happens when you take a >> general-purpose authentication protocol and repurpose it for use across >> the internet for an insecure application protocol: >> >> http://extendedsubset.com/smb_relay_fully_patched.wmv >> http://extendedsubset.com/smb_reflection_arp_poisoning.wmv >> http://extendedsubset.com/?p=36 >> >> This case is NTLMv2, but the phenomenon is not limited to that. >> >> The problem is that most general-purpose authentication protocols do not >> require enough specificity about the context of the authentication: who >> and what are you authenticating, to whom, and how does each side know >> it's operating under the same beliefs as the other? >> >> This means that even if the client wants to be careful and authenticate >> only for the purpose of setting up a secure connection, the attacker can >> possibly forward that authentication to auth his own connection or >> transaction on some other service (on the same or even a different server). >> >> Most auth protocols don't let the client strongly verify the server's >> identity before the client has to authenticate with his own. This is >> probably at least in part because it requires some common infrastructure >> to do this. So Kerberos and x509 PKI systems can authenticate the server >> (and sometimes even the target service), but most others do not. >> >> Since HTTP lacks connection integrity, it's meaningless to speak of "an >> authenticated client". Perhaps the only thing that could be meaningfully >> authenticated is the request data itself. But auth protocols designed >> for setting up persistent connections typically don't have defined >> inputs for the message data/digest being signed, so it's often >> impractical to reuse them for that purpose. >> >> These issues have been mostly addressed at the protocol level for TLS >> client cert authentication. If it really just comes down to deployment >> and client usability issues, it's hard to imagine coming up with >> something at another layer which would have less risk than building on >> top of that. >> >> Deploying new uses of compatible, standard authentication protocols over >> insecure application protocols can be bad for the greater security >> ecosystem because it widens the field for cross-protocol attacks. >> >> - Marsh >> _______________________________________________ >> websec mailing list >> websec@ietf.org >> https://www.ietf.org/mailman/listinfo/websec >> >> Scanned by Check Point Total Security Gateway. > > _______________________________________________ > http-auth mailing list > http-auth@ietf.org > https://www.ietf.org/mailman/listinfo/http-auth -- 大岩 寛 Yutaka Oiwa 独立行政法人 産業技術総合研究所 情報セキュリティ研究センター ソフトウェアセキュリティ研究チーム , OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D 3139 8677 9BD2 4405 46B5] From tim-research@sentinelchicken.org Tue Dec 14 09:17:51 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7CE0F28C0E6 for ; Tue, 14 Dec 2010 09:17:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.265 X-Spam-Level: X-Spam-Status: No, score=-2.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mM2yNI5Lr50y for ; Tue, 14 Dec 2010 09:17:51 -0800 (PST) Received: from sentinelchicken.org (mail.sentinelchicken.org [69.168.48.72]) by core3.amsl.com (Postfix) with ESMTP id 1EACE3A6D44 for ; Tue, 14 Dec 2010 09:17:51 -0800 (PST) Received: (qmail 10550 invoked from network); 14 Dec 2010 17:23:07 -0000 Received: from unknown (HELO pascal.sentinelchicken.org) (10.81.64.2) by feynman.sentinelchicken.org with ESMTPS (DHE-RSA-AES256-SHA encrypted); 14 Dec 2010 17:23:07 -0000 Received: (qmail 24957 invoked from network); 14 Dec 2010 17:16:30 -0000 Received: from shannon.sentinelchicken.org (10.81.64.4) by pascal.sentinelchicken.org with SMTP; 14 Dec 2010 17:16:30 -0000 Received: (nullmailer pid 6184 invoked by uid 1000); Tue, 14 Dec 2010 17:12:50 -0000 Date: Tue, 14 Dec 2010 09:12:50 -0800 From: Tim Morgan To: Marsh Ray Message-ID: <20101214171250.GB5009@sentinelchicken.org> References: <4D02AF81.6000907@stpeter.im> <4D02BDB3.7060801@extendedsubset.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4D02BDB3.7060801@extendedsubset.com> User-Agent: Mutt/1.5.20 (2009-06-14) X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: "apps-discuss@ietf.org" , websec@ietf.org, "kitten@ietf.org" , http-auth@ietf.org, saag@ietf.org, "ietf-http-wg@w3.org Group" Subject: Re: [saag] [http-auth] [websec] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 17:17:51 -0000 Hi Marsh, > IMHO, authentication just doesn't belong at the HTTP layer. Hmm, can't necessarily disagree there... However, I think having it in the next layer up (POST requests/cookies) is even worse. > HTTP is inherently bad at being stateful. Stateless interfaces can > be fantastic, but it doesn't support the "login session" concept > that most people have in mind when they talk about authentication. HTTP isn't good at being stateful, but it is. One could argue that even just Basic auth alone adds state. Cookies add state, and we have connection state. Ultimately, a non-security form of state management buys a security protocol nothing. I think time and again we have found that relying on insecure underlying state mechanisms in a secure protocol will bring about insecurities. Secure protocols need their own state management independent of the underlying layers. > Unless you're properly using TLS, you have no reason to believe that > the byte you just received is from the same party as the previous > byte you received. So under those circumstances, what exactly are > you authenticating, and to whom? Agreed. > I use a lot of web sites and none of them do authentication via > HTTP. Every single one of them expects a username/password via > HTTP(s) POST variables and returns a cookie of varying duration. Right, and this needs to change, IMHO. While I'd love to see lots more adoption of TLS client certificates, I don't think it will ever completely supplant username/password pairs. This is because most people don't understand certificates while everyone understands usernames and passwords. Also, there are some real differences in use cases which will create problems for some sites. > But what could we possibly do for a stateless, unMACed protocol like > HTTP, except integrate and bind it better with a lower layer > providing real integrity? That's pretty much the solution that Yutaka OIWA and the other Mutual auth folks have come up with. You have a protocol over HTTP which mutually guarantees the server and client have the same password without leaking the password (this prevents phishing even if users don't look at the domain name) and this cryptographic process is tied to the TLS server certificate to prevent MitM. Could the same security properties be achieved with TLS and say, SRP? Probably. The hurdle that SRP has is the user interface. Users and web developers are accustomed to being able to build their own login forms. Now that we (the security community) let them get away with this foolishness, we can't really take it away from them again. Very few web developers will give up the ability to build a branded, custom login form just to use something more secure like SRP over TLS. So, how would you go about making it usable with HTML login forms? I'm not sure. What I *have* investigated in the past is the ability to do HTTP authentication with custom HTML login forms. I've found it's not only possible right now, but the tools to do it (XMLHttpRequest, mostly) are becoming standardized in a way that makes it well-defined. So, there we could have a reasonable tradeoff between usability and improved security if we pushed for HTML login forms with Mutual auth. > I think what the world needs are ways for web apps (literally, the > Ruby code) to easily work with the strongly-authenticated identities > which are supported at the TLS layer. TLS already supports > "sessions" and "client authentication", but for whatever reasons > they're not being utilized. We should make using those facilities as > easy for web developers as doing cookie-based logins. Yes, exactly. So we've already covered how there are many protocols and protocol frameworks which are secure and integrate well with this, that, or the other backend system. Why aren't these adopted already? It all comes down to how easy it is for web developers to present a "user friendly" login process. I think we have enough good crypto out there. We should focus on how to make that crypto easier to deploy. Regards, tim From john-ietf@jck.com Tue Dec 14 11:22:14 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 345883A6EBD; Tue, 14 Dec 2010 11:22:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.587 X-Spam-Level: X-Spam-Status: No, score=-102.587 tagged_above=-999 required=5 tests=[AWL=0.012, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gpbgKEsWC2f5; Tue, 14 Dec 2010 11:22:12 -0800 (PST) Received: from bs.jck.com (ns.jck.com [209.187.148.211]) by core3.amsl.com (Postfix) with ESMTP id 7A8CE3A6EA8; Tue, 14 Dec 2010 11:22:11 -0800 (PST) Received: from [127.0.0.1] (helo=localhost) by bs.jck.com with esmtp (Exim 4.34) id 1PSaTT-00003D-Bz; Tue, 14 Dec 2010 14:23:47 -0500 Date: Tue, 14 Dec 2010 14:23:45 -0500 From: John C Klensin To: Steven Bellovin Message-ID: <9EC2FC766CCD8D29F96C688A@PST.JCK.COM> In-Reply-To: References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <5D5AF795-22AB-4726-B791-3706693466C3@checkpoint.com> <4D063CA5.8060907@gmail.com> X-Mailer: Mulberry/4.0.8 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Mailman-Approved-At: Thu, 16 Dec 2010 08:07:26 -0800 Cc: Common@core3.amsl.com, General discussion of application-layer protocols , websec , - Next Generation , http-auth@ietf.org, "ietf-http-wg@w3.org Group" , saag@ietf.org Subject: Re: [saag] [apps-discuss] [websec] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 19:22:14 -0000 --On Monday, December 13, 2010 13:57 -0500 Steven Bellovin wrote: >... >> Just like the phrase "I am not a lawyer" is always followed >> by amateur legal advice (I know that for sure, I've done it >> myself), the same goes for "I am not a UI expert". >> >> Two comments: >> >> - There are in fact a few security-usability experts. I don't >> know if any of them participate in the IETF. This is an >> emerging research field, see e.g. >> http://oreilly.com/catalog/9780596008277. >> >> - (I am not a UI expert, but...) Devising UI cues is >> extremely difficult. People will gladly enter their password >> when the web site displays a JPEG-rendered padlock icon. In >> fact *legitimate* sites have been known to display such >> icons, strange as it may sound. > > Security and usability *is* one of my research areas. I agree > with Yoav: there are many problems with use of client-side > certificates. In general, I like them -- the only way to log > in to the computers I control is with public-key authenticated > SSH -- but there are very good reasons why they are seldom > used. Private key storage and transport is the major one, but > key issuance and recovery from lost or stolen keys are serious > issues as well. The security community has made that worse by > layering heavyweight policies and procedures on top of the > certificate issuance process, even when the value of the > resource being protected isn't high enough to justify it. > > (I've been worrying about usability issues for a long time. > There was one I-D that I dealt with as AD that I abstained on > -- I wouldn't vote "no-ob" because I did object, but I had no > better suggestion than "go back and start over". While > dealing with that document, I emailed one of the top usability > people and asked > > Do you know of papers on the difficulty of administering > complex access control lists? I'm trying to convince people > that a seriously-complex scheme will lead to massive > security failures, because no one will be able to get the > ACLs right. > > So yes, there are people in the IETF who worry about UI > issues.) Steve, I worry too. And, while I effectively dropped out of the field --in terms of making any useful contributions-- about 25 years ago, I do try to track the literature (without great success). Observations: (1) The folks who taught me about what was then called "human factors in computing" in the 70s suggested that one key issue was to design from error/failure states backwards to both detailed system design and UI. If one could not do an analysis of failure states, then one wasn't ready to design the interfaces of the system. If the right information is not available in the right place to produce a coherent message and make it actionable, patching things on just don't work. From that perspective, it is as hard or harder to graft a good UI onto a system that wasn't designed with UIs in mind as it is to graft good security onto a system that wasn't designed for that. A large number of modern systems --and IETF protocols-- fail on both dimensions. (2) Even without any research, it should be obvious to us all that presenting a user with a dialog box with a string of text that might be informative to an expert but is pure gibberish to the user, followed by some choice, is not going to produce good results. The question of whether the choice in that situation should be a pair of boxes labeled "yes" or "no" (or equivalent) or a single box labeled "ok" (or equivalent) is, IMO, of purely academic concern. Unless the user can make an informed decision, decision/dialog boxes or other types of questions aren't about UIs but about attempted sops for the conscience of the implementer. Almost everything I've seen that attempts to deal with certificate validation failures falls into that general category. Things would be considerable better if we never had a false negative (bad certs could just be rejected, action dependent on them stopped, and the user informed, not asked), but that seems unlikely at least as long as we have relatively simple cases like administrative failures to install new certs before old ones expire. (3) I think the above suggests that your "seriously complex scheme" criterion is much too high a bar. Even a moderately complex scheme that depends on lots of factors or subtle interactions will fail. If the ACLs don't get people, then user inability to deal with explanations of the failures will. (4) The problem with your comments, and even more so the problem with mine above, is that they are not usefully actionable in the IETF. We could round up a collection of UI experts to look at some of these things and have them shake their heads and say "royal mess you have gotten yourselves into". That, like your comments and I hope mine, would be true... and equally useless vis-a-vis digging ourselves out. I hope this isn't as hopeless as it feels to me sometimes, but... do you have suggestions? john From mouse@Sparkle.Rodents-Montreal.ORG Thu Dec 16 10:25:55 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B1FE73A695C; Thu, 16 Dec 2010 10:25:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -8.592 X-Spam-Level: X-Spam-Status: No, score=-8.592 tagged_above=-999 required=5 tests=[AWL=1.396, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x+kGeUEiyEFF; Thu, 16 Dec 2010 10:25:54 -0800 (PST) Received: from Sparkle.Rodents-Montreal.ORG (Sparkle.Rodents-Montreal.ORG [216.46.5.7]) by core3.amsl.com (Postfix) with ESMTP id 156FD3A6953; Thu, 16 Dec 2010 10:25:53 -0800 (PST) Received: (from mouse@localhost) by Sparkle.Rodents-Montreal.ORG (8.8.8/8.8.8) id NAA03511; Thu, 16 Dec 2010 13:27:37 -0500 (EST) Date: Thu, 16 Dec 2010 13:27:37 -0500 (EST) From: der Mouse Message-Id: <201012161827.NAA03511@Sparkle.Rodents-Montreal.ORG> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway. X-Message-Flag: Microsoft: the company who gave us the botnet zombies. X-Composition-Start-Date: Thu, 16 Dec 2010 12:54:01 -0500 (EST) To: apps-discuss@ietf.org, websec@ietf.org, kitten@ietf.org, http-auth@ietf.org, ietf-http-wg@w3.org, saag@ietf.org In-Reply-To: <4D0672F2.4070600@extendedsubset.com> References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <5D5AF795-22AB-4726-B791-3706693466C3@checkpoint.com> <4D063CA5.8060907@gmail.com> <878FA115-D801-4063-AD87-DB2C2B2DE0D1@checkpoint.com> <4D0672F2.4070600@extendedsubset.com> Subject: Re: [saag] [websec] [kitten] [apps-discuss] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Dec 2010 18:25:55 -0000 >> * Certificates do not authenticate the user. They authenticate a >> device. > I don't think they do that exactly either. The client cert is > generally public, its private key is a secret like a password, but > one that's too hard to memorize. Quite aside from memorizability, few-to-no humans are capable of performing the cryptographic operations (large-number arithmetic, usually) necessary to carry out certificate operations, at least not with the required levels of reliability. (I can do multi-hundred-digit arithmetic, yes, but not nearly either fast enough or free enough of mistakes to be useful for the purpose.) Certificates, at best, determine that some device which is capable of performing the cryptographic operations has been given access to the corresponding private data. This is close enough to authenticating a user to be useful for many purposes, but it is not the same thing. Of course, the same is true of passwords. All passwords demonstrate is that some device capable of injecting data into the comm channel in question knows the password. But passwords rarely lull people into forgetting the difference. > For most systems, the vast majority of 'no's are not actual attacks. Are you sure of that? There are an awful lot of doorknob-rattlers out there. Most of the login failures I see on my machines actually _are_ attackers poking to see if I've made stupid mistakes. > Yeah. How did the user select their password for the website in the > first place, if not by an HTML form POST? > If it was good enough for the initial sign up, why should the web > designer use something other than HTML form POST for the regular > login? For all that that's rhetorical, there is an answer: because one occurs only once while the other occurs many times. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mouse@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B From mouse@Sparkle.Rodents-Montreal.ORG Thu Dec 16 12:00:31 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0DC0A3A69C5; Thu, 16 Dec 2010 12:00:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -8.7 X-Spam-Level: X-Spam-Status: No, score=-8.7 tagged_above=-999 required=5 tests=[AWL=1.288, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xuSzAo7VvG49; Thu, 16 Dec 2010 12:00:29 -0800 (PST) Received: from Sparkle.Rodents-Montreal.ORG (Sparkle.Rodents-Montreal.ORG [216.46.5.7]) by core3.amsl.com (Postfix) with ESMTP id 2665E3A6A61; Thu, 16 Dec 2010 12:00:20 -0800 (PST) Received: (from mouse@localhost) by Sparkle.Rodents-Montreal.ORG (8.8.8/8.8.8) id PAA04308; Thu, 16 Dec 2010 15:02:04 -0500 (EST) Date: Thu, 16 Dec 2010 15:02:04 -0500 (EST) From: der Mouse Message-Id: <201012162002.PAA04308@Sparkle.Rodents-Montreal.ORG> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway. X-Message-Flag: Microsoft: the company who gave us the botnet zombies. X-Composition-Start-Date: Thu, 16 Dec 2010 14:44:07 -0500 (EST) To: Marsh Ray , apps-discuss@ietf.org, websec@ietf.org, kitten@ietf.org, http-auth@ietf.org, ietf-http-wg@w3.org, saag@ietf.org In-Reply-To: <4D0A6969.7010309@extendedsubset.com> References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <5D5AF795-22AB-4726-B791-3706693466C3@checkpoint.com> <4D063CA5.8060907@gmail.com> <878FA115-D801-4063-AD87-DB2C2B2DE0D1@checkpoint.com> <4D0672F2.4070600@extendedsubset.com> <201012161827.NAA03511@Sparkle.Rodents-Montreal.ORG> <4D0A6969.7010309@extendedsubset.com> Subject: Re: [saag] [http-auth] [websec] [kitten] [apps-discuss] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Dec 2010 20:00:31 -0000 > You've never signed up for a new account from a hotel or a public > wifi? I don't think so. Most certainly not for an account of nontrivial value (see below) without something at least as strong as ssh securing the channel from a computer I trust (which is a subset of computers I own and administer). >> For all that that's rhetorical, there is an answer: because [initial >> signup] occurs only once while [login] occurs many times. > I bet for a lot of systems, people sign up once and try it out then > go away and leave their accounts dormant. You quite likely are right. But in that case the account clearly is of little value to the holder, so I have trouble getting too worried. :) > Even still, how do you convince a web designer that they must give up > their HTML login form for security when they have an HTML login form > to choose the password in the first place? Personally, I don't. I mostly don't bother with Web stuff at all - you may note that what I've said here is almost entirely non-Web-specific - and _never_ do anything involving signups or the like "online" (meaning, on the Web; I have done such things unsecured over the Internet, such as creating a login on nethack.alt.org or creating characters on muds - these are examples of accounts of trivial value). But if someone were to argue that way with me, I'd basically just shrug and let it go as "I pointed out the issues; if you want to ignore them you may be right or you may get burned, and, if the latter, I feel no responsibility for it". /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mouse@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B From joelja@bogus.com Thu Dec 16 16:29:39 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A17AD3A6A3E; Thu, 16 Dec 2010 16:29:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.277 X-Spam-Level: X-Spam-Status: No, score=-102.277 tagged_above=-999 required=5 tests=[AWL=0.278, BAYES_00=-2.599, DATE_IN_PAST_03_06=0.044, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JXphg1ZS4Rod; Thu, 16 Dec 2010 16:29:39 -0800 (PST) Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id 8B3063A6A25; Thu, 16 Dec 2010 16:29:38 -0800 (PST) Received: from dhcp-176.nokia.net (dhcp-176.nokia.net [192.103.16.176] (may be forged)) (authenticated bits=0) by nagasaki.bogus.com (8.14.4/8.14.4) with ESMTP id oBH0UpdV066899 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT); Fri, 17 Dec 2010 00:30:52 GMT (envelope-from joelja@bogus.com) Message-ID: <4D0A5CA1.2090004@bogus.com> Date: Thu, 16 Dec 2010 10:38:25 -0800 From: Joel Jaeggli User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: Eliot Lear References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <4D06239A.60208@cisco.com> In-Reply-To: <4D06239A.60208@cisco.com> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: General discussion of application-layer protocols , websec , Common Authentication Technologies - Next Generation , http-auth@ietf.org, saag@ietf.org, Carsten Bormann , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [apps-discuss] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Dec 2010 00:29:39 -0000 On 12/13/10 5:46 AM, Eliot Lear wrote: > > > On 12/13/10 1:14 PM, Carsten Bormann wrote: >> As a webapp developer, I want to control the user interface during authentication. >> Leaving the user alone with the bland and unforgiving browser user interface for HTTP auth is suicide. >> I want to provide extra buttons for forgotten passwords, maybe even password hints, and a "sign up" method. >> HTML/CSS/JS lends itself well to providing such a friendly user interface. > > On the other hand, that's what you have today. What is it you want for > tomorrow? A picture of a monopoly boot everytime I long into bank of america. Nah that's what happens today, I'd like something a lot stonger that 50 odd mostly similar passwords and some inane questions about what school I went to and what my pet rat's name was. > Eliot > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag > From marsh@extendedsubset.com Thu Dec 16 11:31:19 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0E5B93A69C8; Thu, 16 Dec 2010 11:31:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.591 X-Spam-Level: X-Spam-Status: No, score=-2.591 tagged_above=-999 required=5 tests=[AWL=0.008, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PaS+aehBc6ck; Thu, 16 Dec 2010 11:31:18 -0800 (PST) Received: from mho-02-ewr.mailhop.org (mho-02-ewr.mailhop.org [204.13.248.72]) by core3.amsl.com (Postfix) with ESMTP id 435043A69C7; Thu, 16 Dec 2010 11:31:17 -0800 (PST) Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-02-ewr.mailhop.org with esmtpa (Exim 4.72) (envelope-from ) id 1PTJZW-000DRV-CF; Thu, 16 Dec 2010 19:33:02 +0000 Received: from [192.168.1.15] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id 8B07360C6; Thu, 16 Dec 2010 19:32:58 +0000 (UTC) X-Mail-Handler: MailHop Outbound by DynDNS X-Originating-IP: 69.164.193.58 X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information) X-MHO-User: U2FsdGVkX1/FJrTY9uCYiXUNsZ5gCCuFYP7jyQqh5RI= Message-ID: <4D0A6969.7010309@extendedsubset.com> Date: Thu, 16 Dec 2010 13:32:57 -0600 From: Marsh Ray User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 MIME-Version: 1.0 To: der Mouse References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <5D5AF795-22AB-4726-B791-3706693466C3@checkpoint.com> <4D063CA5.8060907@gmail.com> <878FA115-D801-4063-AD87-DB2C2B2DE0D1@checkpoint.com> <4D0672F2.4070600@extendedsubset.com> <201012161827.NAA03511@Sparkle.Rodents-Montreal.ORG> In-Reply-To: <201012161827.NAA03511@Sparkle.Rodents-Montreal.ORG> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Fri, 17 Dec 2010 12:01:31 -0800 Cc: apps-discuss@ietf.org, websec@ietf.org, kitten@ietf.org, http-auth@ietf.org, ietf-http-wg@w3.org, saag@ietf.org Subject: Re: [saag] [http-auth] [websec] [kitten] [apps-discuss] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Dec 2010 19:31:19 -0000 On 12/16/2010 12:27 PM, der Mouse wrote: > > Quite aside from memorizability, few-to-no humans are capable of > performing the cryptographic operations (large-number arithmetic, > usually) necessary to carry out certificate operations, at least not > with the required levels of reliability. (I can do multi-hundred-digit > arithmetic, yes, but not nearly either fast enough or free enough of > mistakes to be useful for the purpose.) Which is a good argument for it being an example of something a computer is better at. Many auth systems have a component which involves something humans are good at and computers are lousy at. > Certificates, at best, determine that some device which is capable of > performing the cryptographic operations has been given access to the > corresponding private data.... All passwords demonstrate is > that some device capable of injecting data into the comm channel in > question knows the password. That's a good way to describe it. > But passwords rarely lull people into > forgetting the difference. Pen-and-paper signatures work because people have thousands of years of history behind pen technology. It fits well the courtroom test "did you or did you not sign that document". It surely happens, but is extremely rare that someone who actually signed a contract would later claim that it was a forgery, or that their pen and paper were compromised by an attacker. >> For most systems, the vast majority of 'no's are not actual attacks. > > Are you sure of that? There are an awful lot of doorknob-rattlers out > there. Most of the login failures I see on my machines actually _are_ > attackers poking to see if I've made stupid mistakes. OK so there's a baseline attack rate for any given port number. If you use the system infrequently enough, attackers outweigh the legitimate users. But, for example, I personally mistype my password about 10 to 25% of the time. That's a correct 'authentication denied' scenario but it's not an attack. Systems with a meaningful amount of legitimate activity, and are not specially targeted for some reason, are going to have many more mistyped passwords than credible attacks. >> Yeah. How did the user select their password for the website in the >> first place, if not by an HTML form POST? > >> If it was good enough for the initial sign up, why should the web >> designer use something other than HTML form POST for the regular >> login? > > For all that that's rhetorical, there is an answer: because one occurs > only once while the other occurs many times. I bet for a lot of systems, people sign up once and try it out then go away and leave their accounts dormant. E.g., I might create an account to buy tickets for something and never go back. So why can't the attacker attack it that one time then? You've never signed up for a new account from a hotel or a public wifi? Even still, how do you convince a web designer that they must give up their HTML login form for security when they have an HTML login form to choose the password in the first place? - Marsh From tim-research@sentinelchicken.org Thu Dec 16 12:47:07 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BBC6C3A69CA for ; Thu, 16 Dec 2010 12:47:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.921 X-Spam-Level: X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[AWL=-0.256, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_46=0.6] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AiTZC2wjrqnt for ; Thu, 16 Dec 2010 12:47:07 -0800 (PST) Received: from sentinelchicken.org (mail.sentinelchicken.org [69.168.48.72]) by core3.amsl.com (Postfix) with ESMTP id 6BC583A696C for ; Thu, 16 Dec 2010 12:47:07 -0800 (PST) Received: (qmail 6689 invoked from network); 16 Dec 2010 20:58:24 -0000 Received: from unknown (HELO pascal.sentinelchicken.org) (10.81.64.2) by feynman.sentinelchicken.org with ESMTPS (DHE-RSA-AES256-SHA encrypted); 16 Dec 2010 20:58:24 -0000 Received: (qmail 17024 invoked from network); 16 Dec 2010 20:52:27 -0000 Received: from shannon.sentinelchicken.org (10.81.64.4) by pascal.sentinelchicken.org with SMTP; 16 Dec 2010 20:52:27 -0000 Received: (nullmailer pid 10758 invoked by uid 1000); Thu, 16 Dec 2010 20:48:49 -0000 Date: Thu, 16 Dec 2010 12:48:49 -0800 From: Tim To: Marsh Ray Message-ID: <20101216204849.GX5009@sentinelchicken.org> References: <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <5D5AF795-22AB-4726-B791-3706693466C3@checkpoint.com> <4D063CA5.8060907@gmail.com> <878FA115-D801-4063-AD87-DB2C2B2DE0D1@checkpoint.com> <4D0672F2.4070600@extendedsubset.com> <201012161827.NAA03511@Sparkle.Rodents-Montreal.ORG> <4D0A6969.7010309@extendedsubset.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4D0A6969.7010309@extendedsubset.com> User-Agent: Mutt/1.5.20 (2009-06-14) X-Mailman-Approved-At: Fri, 17 Dec 2010 12:01:31 -0800 Cc: apps-discuss@ietf.org, websec@ietf.org, kitten@ietf.org, http-auth@ietf.org, der Mouse , saag@ietf.org, ietf-http-wg@w3.org Subject: Re: [saag] [http-auth] [websec] [kitten] [apps-discuss] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Dec 2010 20:47:07 -0000 > Even still, how do you convince a web designer that they must give > up their HTML login form for security when they have an HTML login > form to choose the password in the first place? This is a good point. Something that may need to be considered in any transition plan away from form+cookie auth. Should some HTTP Authentication mechanism to sign up for new accounts and change passwords? tim From john-ietf@jck.com Fri Dec 17 03:09:35 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1C3F23A6AE1; Fri, 17 Dec 2010 03:09:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.874 X-Spam-Level: X-Spam-Status: No, score=-102.874 tagged_above=-999 required=5 tests=[AWL=-0.275, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lDpbY0xUl6Tg; Fri, 17 Dec 2010 03:09:34 -0800 (PST) Received: from bs.jck.com (ns.jck.com [209.187.148.211]) by core3.amsl.com (Postfix) with ESMTP id 103673A6AE0; Fri, 17 Dec 2010 03:09:34 -0800 (PST) Received: from [127.0.0.1] (helo=localhost) by bs.jck.com with esmtp (Exim 4.34) id 1PTYDQ-0004Hs-Dd; Fri, 17 Dec 2010 06:11:12 -0500 X-Vipre-Scanned: 07A7194C001DEB07A71A99-TDI Date: Fri, 17 Dec 2010 06:11:11 -0500 From: John C Klensin To: Peter Gutmann Message-ID: <97844CCF96DABB3B5F2A976F@[192.168.1.128]> In-Reply-To: References: X-Mailer: Mulberry/4.0.8 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Mailman-Approved-At: Fri, 17 Dec 2010 12:01:31 -0800 Cc: Common@core3.amsl.com, apps-discuss@ietf.org, websec@ietf.org, kitten@ietf.org, http-auth@ietf.org, ietf-http-wg@w3.org, saag@ietf.org Subject: Re: [saag] [apps-discuss] [websec] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Dec 2010 11:09:35 -0000 --On Friday, December 17, 2010 6:18 PM +1300 Peter Gutmann wrote: > John C Klensin writes: > >> We could round up a collection of UI experts to look at some >> of these things and have them shake their heads and say >> "royal mess you have gotten yourselves into". > > The problem isn't that UI experts haven't looked at this, > there have been a large number of papers published on this > problem over the last decade or so, it's that it's proven > pretty much impossible to get any action taken over it. The > browser approach is "PKI isn't working, so we'll respond with > even more PKI (EV certs) while stridently ignoring any > workable alternatives (TLS-SRP and -PSK)", and there's no > sign that this will ever change. There simply isn't a hammer > big enough to force a change here (or, if there is, no-one's > managed to identify it yet). I perhaps should have said "...yet another collection of UI experts..." and "shake their heads again...". But I don't think we disagree: from my point of view, you are just describing some aspects of what I tried to summarize as "royal mess". I do think there is at least one big enough hammer although I'm not predicting we will get there soon and really don't like seeing protocols designed by a sequence of disaster, legal action, and legislation. And, I am not, for the record, offering an opinion as to whether the approaches you suggest are workable and/or the right answers. john From hallam@gmail.com Sat Dec 18 08:46:57 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 60F373A6B32; Sat, 18 Dec 2010 08:46:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.351 X-Spam-Level: X-Spam-Status: No, score=-3.351 tagged_above=-999 required=5 tests=[AWL=0.247, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sV17309iSGMG; Sat, 18 Dec 2010 08:46:56 -0800 (PST) Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by core3.amsl.com (Postfix) with ESMTP id 6A1333A6B31; Sat, 18 Dec 2010 08:46:55 -0800 (PST) Received: by ywk9 with SMTP id 9so813314ywk.31 for ; Sat, 18 Dec 2010 08:48:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=ijwI0GcNw4czVPTgUUhQd5LnD/RhxnVpgX9bs7S46fo=; b=f96paZmYl+d36RVMk/yETNHaI+A0ENWSmj9gEcmHadBN3MOj2LNYl7KGFFCjRSpSZl qzAVYfc3oq62xCBzMEpSAqxmVjTbNL8qfBAuJIwDLwT9JR+FkXDZEHKr8uuAO/foYCMT uK8nrOVgxXkHnHcly1gWX0vlutoC5GSyY4nQs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=W15I6zVxvEU7S1jlvsHCHLRXhE4NgdTTYqYbij3m0QzKNxBHgjmx+2rjdXGf4nkr1H VxhhU7heQRETf1mM/zhx2oVrjmblBwQgMTEz4MPWcVnuz0oBbUUzN02nTGeP11GS4djp 4xqDuMZueByWSToL4nYZwhauFryx8cPJdLEUc= MIME-Version: 1.0 Received: by 10.101.67.16 with SMTP id u16mr1380812ank.1.1292690922503; Sat, 18 Dec 2010 08:48:42 -0800 (PST) Received: by 10.100.31.8 with HTTP; Sat, 18 Dec 2010 08:48:42 -0800 (PST) In-Reply-To: <2229.1292253372.639419@puncture> References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <2229.1292253372.639419@puncture> Date: Sat, 18 Dec 2010 16:48:42 +0000 Message-ID: From: Phillip Hallam-Baker To: Common Authentication Technologies - Next Generation , websec , "saag@ietf.org" , "ietf-http-wg@w3.org Group" , General discussion of application-layer protocols , "http-auth@ietf.org" Content-Type: multipart/alternative; boundary=00163662e65b3d7fce0497b20fd7 X-Mailman-Approved-At: Sun, 19 Dec 2010 12:58:58 -0800 Subject: Re: [saag] [websec] [apps-discuss] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Dec 2010 16:46:57 -0000 --00163662e65b3d7fce0497b20fd7 Content-Type: text/plain; charset=ISO-8859-1 I think that we need to distinguish between an authentication mechanism and an authentication infrastructure. Part of the problem with HTTP authentication is that it was quickly superseded by HTML based authentication mechanisms. And these in turn suffer from the problem that password authentication fails when people share their passwords across sites, which of course they have no choice but to do when every stupid web site requires them to create yet another stupid account. Since Digest Authentication became an RFC, I don't think there has ever been more than about 6 weeks elapsed without someone suggesting to me that we include SHA1 or SHA2 as a digest algorithm. Which is of course pointless when the major flaw in the authentication infrastructure is the lack of an authentication infrastructure. The original reason for designing Digest the way that I did was that public key cryptography was encumbered. Had public key cryptography been available, I would have used it. By authentication infrastructure, I mean an infrastructure that allows the user to employ the same credentials at multiple sites with minimal or no user interaction. I do not mean a framework that allows for the use of 20 different protocols for verifying a username and password. We do have almost as many proposals for federated authentication as authentication schemes of course. But each time there seems to be an obsession with things that technocrats obsess about and at best contempt for the actual user. OpenID almost succeeded. But why on earth did we have to adopt URIs as the means of representing a user account? And why was it necessary to design a spec around the notion that what mattered most in the design of the spec was the ability to hack together an account manager using obsolete versions of common scripting languages? Another feature of that debate I cannot understand is why we had to start talking about 'identity' as if it was some new and somehow profound problem that had only just been discovered. There is of course a standard for representing federated user accounts that has already emerged on the net. And once that is realized, the technical requirements of a solution become rather obvious. As Web sites discover that their account holders cannot remember their username, most have adopted email addresses as account identifiers. That is what we should use as the basis for federated web authentication. So if the user account identifier looks like username@example.com, how does an entity verify that a purported user has a valid claim to that account? The obvious mechanism in my view is to use DNS based discovery of an authentication service. For example, we might use the ESRV scheme I have been working on: _auth._ws.example.com ESRV 0 prot "_saml._ws" _auth._ws.example.com ESRV 0 prot "_xcat._ws" Which declares that the SAML and 'XCAT' (presumably kitten in XML) protocols may be used to resolve authentication requests. One major advantage of this approach is that it makes it easy for sites to move to using the new federated auth scheme. Most sites already store an email address that is used to validate the account. The actual mechanism by which the authentication claim is verified is not very interesting, nor does it particularly need to be standardized. What does require standardization is the ability to embed the protocol in 'the Web' in a fluent and secure manner. Here is how I suggest this be achieved: 1) HTTP header The Web browser attaches an offer of authentication by means of an account attached to a specific domain to (potentially) every request: Auth-N: domain=example.com If the server does not support Auth-N, the header will simply be ignored. Otherwise the server can ask for automated authentication. 2) HTTP Response If the server decides to use the authentication mechanism, it responds with information that tells the client what level of authentication is required. For example, a bank might require a 2 factor scheme. There is going to be at a minimum a nonce. Auth-N: snonce=<128bits> 3) HTTP Request It should be possible for the client to prove that it has ownership of the authentication token corresponding to the account. It is not necessarily the case that the account owner wants to reveal to the site all their information. For example, it may not even want the site to know the account name. This is all fairly easy to set up using symmetric techniques. Auth-N: domain=example.com; blindedaccount=<> snonce=<128bits>; cnonce=<128bits> One feature that the OpenID work has highlighted the need for is some form of user directed account manager. If the user is going to be in control of this process, they need to be able to specify what information is made available to specific sites. Conclusion: I think that what we require here is not yet another authentication framework or protocol. What we need is the glue to bind it into an infrastructure that makes it useful. The most important design decision is to make use of RFC822 email address format as the format for federated authentication accounts. Once that decision is made, the rest will simply fall out of stating the requirements precisely. The risk here is that yet again we end up redo-ing the parts that we know how to build rather than focus on the real problem which is fitting them together. Above all, the user has to be the first priority in any design. --00163662e65b3d7fce0497b20fd7 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I think that we need to distinguish between an authentication mechanism and= an authentication infrastructure.

Part of the problem with HTTP authentication is that it= was quickly=A0superseded by HTML based authentication mechanisms. And thes= e in turn suffer from the problem that password authentication fails when p= eople share their passwords across sites, which of course they have no choi= ce but to do when every stupid web site requires them to create yet another= stupid account.=A0

Since Digest Authentication became an RFC, I don't = think there has ever been more than about 6 weeks elapsed without someone s= uggesting to me that we include SHA1 or SHA2 as a digest algorithm. Which i= s of course pointless when the major flaw in the authentication infrastruct= ure is the lack of an authentication infrastructure. The original reason fo= r designing Digest the way that I did was that public key cryptography was = encumbered. Had public key cryptography been available, I would have used i= t.

By authentication infrastructure, I mean an infrastruct= ure that allows the user to employ the same credentials at multiple sites w= ith minimal or no user interaction. I do not mean a framework that allows f= or the use of 20 different protocols for verifying a username and password.=


We do have almost as many proposals for = federated authentication as authentication schemes of course. But each time= there seems to be an obsession with things that technocrats obsess about a= nd at best contempt for the actual user.

OpenID almost succeeded. But why on earth did we have t= o adopt URIs as the means of representing a user account? And why was it ne= cessary to design a spec around the notion that what mattered most in the d= esign of the spec was the ability to hack together an account manager using= obsolete versions of common scripting languages?

Another feature of that debate I cannot understand is w= hy we had to start talking about 'identity' as if it was some new a= nd somehow profound problem that had only just been discovered.


There is of course a standard for representin= g federated user accounts that has already emerged on the net. And once tha= t is realized, the technical requirements of a solution become rather obvio= us.

As Web sites discover that their account holders cannot= remember their username, most have adopted email addresses as account iden= tifiers. That is what we should use as the basis for federated web authenti= cation.=A0


So if the user account identifier looks = like username@example.com, how = does an entity verify that a purported user has a valid claim to that accou= nt?

The obvious mechanism in my view is to use DNS based di= scovery of an authentication service. For example, we might use the ESRV sc= heme I have been working on:

_auth._ws.example.com =A0ESRV 0 prot "_saml._ws"=
_auth._ws.ex= ample.com =A0ESRV 0 prot "_xcat._ws"

Which declares that the SAML and 'XCAT' (presumably kitten in XML)= protocols may be used to resolve authentication requests.


One major advantage of this approach is = that it makes it easy for sites to move to using the new federated auth sch= eme. Most sites already store an email address that is used to validate the= account.=A0


The actual mechanism by which the authen= tication claim is verified is not very interesting, nor does it particularl= y need to be standardized. What does require standardization is the ability= to embed the protocol in 'the Web' in a fluent and secure manner.<= /div>

Here is how I suggest this be achieved:

<= /div>
1) HTTP header

The Web browser attaches = an offer of authentication by means =A0of an account attached to a specific= domain to (potentially) every request:

Auth-N: domain=3Dexample= .com

If the server does not support Auth-N, th= e header will simply be ignored. Otherwise =A0the server can ask for automa= ted authentication.


2) HTTP Response

If the server decides to use the authentication mechanism, it responds wi= th information that tells the client what level of authentication is requir= ed. For example, a bank might require a 2 factor scheme. There is going to = be at a minimum a nonce.

Auth-N: snonce=3D<128bits>= ;



3) HTTP Request

It should be possible for the client to prove that i= t has ownership of the authentication token corresponding to the account.= =A0

It is not necessarily the case that the account owner w= ants to reveal to the site all their information. For example, it may not e= ven want the site to know the account name. This is all fairly easy to set = up using symmetric techniques.

Auth-N: domain=3Dexample.com; blindedaccount=3D<> snonce=3D<12= 8bits>; cnonce=3D<128bits>


One feature that the OpenID work has highlighted the need for is some form= of user directed account manager. If the user is going to be in control of= this process, they need to be able to specify what information is made ava= ilable to specific sites.


Conclusion:

I t= hink that what we require here is not yet another authentication framework = or protocol. What we need is the glue to bind it into an infrastructure tha= t makes it useful.

The most important design decision is to make use of RF= C822 email address format as the format for federated authentication accoun= ts.=A0

Once that decision is made, the rest will s= imply fall out of stating the requirements precisely.=A0

The risk here is that yet again we end up redo-ing the = parts that we know how to build rather than focus on the real problem which= is fitting them together.=A0

Above all, the user = has to be the first priority in any design.=A0
--00163662e65b3d7fce0497b20fd7-- From adrien@qbik.com Sun Dec 19 03:10:18 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4D2EB3A6853; Sun, 19 Dec 2010 03:10:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.845 X-Spam-Level: X-Spam-Status: No, score=-4.845 tagged_above=-999 required=5 tests=[AWL=-3.704, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MCZWRmsCQ7a2; Sun, 19 Dec 2010 03:10:17 -0800 (PST) Received: from smtp.qbik.com (smtp.qbik.com [210.55.214.35]) by core3.amsl.com (Postfix) with ESMTP id 048063A6852; Sun, 19 Dec 2010 03:10:15 -0800 (PST) Received: From [192.168.1.10] (unverified [125.237.244.120]) by SMTP Server [210.55.214.35] (WinGate SMTP Receiver v7.0.0 (Build 3109)) with SMTP id <0017864197@smtp.qbik.com>; Mon, 20 Dec 2010 00:12:02 +1300 Message-ID: <4D0DE882.50201@qbik.com> Date: Mon, 20 Dec 2010 00:12:02 +1300 From: Adrien de Croy User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: Phillip Hallam-Baker References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <2229.1292253372.639419@puncture> In-Reply-To: Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Sun, 19 Dec 2010 12:58:58 -0800 Cc: General discussion of application-layer protocols , websec , Common Authentication Technologies - Next Generation , "http-auth@ietf.org" , "saag@ietf.org" , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [websec] [apps-discuss] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Dec 2010 11:10:18 -0000
I think we need to go a bit further and consider the issue of trust.

one problem with delegating account-holding back to a domain under the control of the account-holder, is you have no trust.  I could be hacker@hackyou.com or spammer@spamyou.com.  I can set up whatever account I like.  Websites have no information about whether I'm trustworthy or not, and have to build up their own individual profile of me.

To be really useful, the account-holding must be with a trusted independent organisation able to be relied on by other websites. 

The organisation then has the opportunity to add value by

a) verifying the true identity of the account holder
b) maintaining reputation information about the account holder
c) revoking abusive accounts.

Ends up looking a lot like X.509 certificate infrastructure.  Imagine if everyone needed a client certificate to send any mail.  We'd have no spam.

Of course these sorts of concepts are completely unpalatable to many people on account of privacy issues. Some of these activities are the sort of things that governments should really be doing (and already are in many cases).

Solving this problem has implications for all internet use, not just HTTP.

Regards

Adrien

On 19/12/2010 5:48 a.m., Phillip Hallam-Baker wrote:
I think that we need to distinguish between an authentication mechanism and an authentication infrastructure.

Part of the problem with HTTP authentication is that it was quickly superseded by HTML based authentication mechanisms. And these in turn suffer from the problem that password authentication fails when people share their passwords across sites, which of course they have no choice but to do when every stupid web site requires them to create yet another stupid account. 

Since Digest Authentication became an RFC, I don't think there has ever been more than about 6 weeks elapsed without someone suggesting to me that we include SHA1 or SHA2 as a digest algorithm. Which is of course pointless when the major flaw in the authentication infrastructure is the lack of an authentication infrastructure. The original reason for designing Digest the way that I did was that public key cryptography was encumbered. Had public key cryptography been available, I would have used it.

By authentication infrastructure, I mean an infrastructure that allows the user to employ the same credentials at multiple sites with minimal or no user interaction. I do not mean a framework that allows for the use of 20 different protocols for verifying a username and password.


We do have almost as many proposals for federated authentication as authentication schemes of course. But each time there seems to be an obsession with things that technocrats obsess about and at best contempt for the actual user.

OpenID almost succeeded. But why on earth did we have to adopt URIs as the means of representing a user account? And why was it necessary to design a spec around the notion that what mattered most in the design of the spec was the ability to hack together an account manager using obsolete versions of common scripting languages?

Another feature of that debate I cannot understand is why we had to start talking about 'identity' as if it was some new and somehow profound problem that had only just been discovered.


There is of course a standard for representing federated user accounts that has already emerged on the net. And once that is realized, the technical requirements of a solution become rather obvious.

As Web sites discover that their account holders cannot remember their username, most have adopted email addresses as account identifiers. That is what we should use as the basis for federated web authentication. 


So if the user account identifier looks like username@example.com, how does an entity verify that a purported user has a valid claim to that account?

The obvious mechanism in my view is to use DNS based discovery of an authentication service. For example, we might use the ESRV scheme I have been working on:

_auth._ws.example.com  ESRV 0 prot "_saml._ws"
_auth._ws.example.com  ESRV 0 prot "_xcat._ws"

Which declares that the SAML and 'XCAT' (presumably kitten in XML) protocols may be used to resolve authentication requests.


One major advantage of this approach is that it makes it easy for sites to move to using the new federated auth scheme. Most sites already store an email address that is used to validate the account. 


The actual mechanism by which the authentication claim is verified is not very interesting, nor does it particularly need to be standardized. What does require standardization is the ability to embed the protocol in 'the Web' in a fluent and secure manner.

Here is how I suggest this be achieved:

1) HTTP header

The Web browser attaches an offer of authentication by means  of an account attached to a specific domain to (potentially) every request:

Auth-N: domain=example.com

If the server does not support Auth-N, the header will simply be ignored. Otherwise  the server can ask for automated authentication.


2) HTTP Response

If the server decides to use the authentication mechanism, it responds with information that tells the client what level of authentication is required. For example, a bank might require a 2 factor scheme. There is going to be at a minimum a nonce.

Auth-N: snonce=<128bits>



3) HTTP Request

It should be possible for the client to prove that it has ownership of the authentication token corresponding to the account. 

It is not necessarily the case that the account owner wants to reveal to the site all their information. For example, it may not even want the site to know the account name. This is all fairly easy to set up using symmetric techniques.

Auth-N: domain=example.com; blindedaccount=<> snonce=<128bits>; cnonce=<128bits>


One feature that the OpenID work has highlighted the need for is some form of user directed account manager. If the user is going to be in control of this process, they need to be able to specify what information is made available to specific sites.


Conclusion:

I think that what we require here is not yet another authentication framework or protocol. What we need is the glue to bind it into an infrastructure that makes it useful.

The most important design decision is to make use of RFC822 email address format as the format for federated authentication accounts. 

Once that decision is made, the rest will simply fall out of stating the requirements precisely. 

The risk here is that yet again we end up redo-ing the parts that we know how to build rather than focus on the real problem which is fitting them together. 

Above all, the user has to be the first priority in any design. 

-- 
Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
From nathan@webr3.org Sun Dec 19 05:45:24 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ED69E3A68F5 for ; Sun, 19 Dec 2010 05:45:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zScBzYoHs4s0 for ; Sun, 19 Dec 2010 05:45:23 -0800 (PST) Received: from p3plsmtpa01-10.prod.phx3.secureserver.net (p3plsmtpa01-10.prod.phx3.secureserver.net [72.167.82.90]) by core3.amsl.com (Postfix) with SMTP id 4505C3A68F1 for ; Sun, 19 Dec 2010 05:45:23 -0800 (PST) Received: (qmail 8465 invoked from network); 19 Dec 2010 13:47:14 -0000 Received: from unknown (86.156.126.71) by p3plsmtpa01-10.prod.phx3.secureserver.net (72.167.82.90) with ESMTP; 19 Dec 2010 13:47:13 -0000 Message-ID: <4D0E0CDA.6030605@webr3.org> Date: Sun, 19 Dec 2010 13:47:06 +0000 From: Nathan Organization: webr3 User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Adrien de Croy References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <2229.1292253372.639419@puncture> <4D0DE882.50201@qbik.com> In-Reply-To: <4D0DE882.50201@qbik.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Sun, 19 Dec 2010 12:58:58 -0800 Cc: General discussion of application-layer protocols , websec , foaf-protocols , Common Authentication Technologies - Next Generation , "http-auth@ietf.org" , "saag@ietf.org" , Phillip Hallam-Baker , Story Henry , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [websec] [apps-discuss] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: nathan@webr3.org List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Dec 2010 13:45:25 -0000 Hi Adrien, All, What you describe sounds very much like WebID Protocol (formerly FOAF+SSL) - there's an incubator group just starting at the W3C [1] although the protocol [2] has been under development for some time. Essentially it leverages X509 certificates on the client side, which contains an identifier (in the form of a URI) which can then be dereferenced to machine readable data (containing the public key from the x509 and any other data the entity wishes to expose), it serves as decentralized stateless authentication / identification, compatible with and built on the deployed stack of internet technologies, and further enables all kinds of trust & reputation hooks. cc'd: Henry Story, foaf-protocols [1] http://bblfish.net/tmp/2010/12/15/webid-charter-draft.html [2] http://getwebid.org/spec/drafts/ED-webid-20100809/index.html Best, Nathan Adrien de Croy wrote: > I think we need to go a bit further and consider the issue of trust. > > one problem with delegating account-holding back to a domain under the control > of the account-holder, is you have no trust. I could be hacker@hackyou.com or > spammer@spamyou.com. I can set up whatever account I like. Websites have no > information about whether I'm trustworthy or not, and have to build up their own > individual profile of me. > > To be really useful, the account-holding must be with a trusted independent > organisation able to be relied on by other websites. > > The organisation then has the opportunity to add value by > > a) verifying the true identity of the account holder > b) maintaining reputation information about the account holder > c) revoking abusive accounts. > > Ends up looking a lot like X.509 certificate infrastructure. Imagine if > everyone needed a client certificate to send any mail. We'd have no spam. > > Of course these sorts of concepts are completely unpalatable to many people on > account of privacy issues. Some of these activities are the sort of things that > governments should really be doing (and already are in many cases). > > Solving this problem has implications for all internet use, not just HTTP. > > Regards > > Adrien > > On 19/12/2010 5:48 a.m., Phillip Hallam-Baker wrote: >> I think that we need to distinguish between an authentication mechanism and an >> authentication infrastructure. >> >> Part of the problem with HTTP authentication is that it was quickly superseded >> by HTML based authentication mechanisms. And these in turn suffer from the >> problem that password authentication fails when people share their passwords >> across sites, which of course they have no choice but to do when every stupid >> web site requires them to create yet another stupid account. >> >> Since Digest Authentication became an RFC, I don't think there has ever been >> more than about 6 weeks elapsed without someone suggesting to me that we >> include SHA1 or SHA2 as a digest algorithm. Which is of course pointless when >> the major flaw in the authentication infrastructure is the lack of an >> authentication infrastructure. The original reason for designing Digest the >> way that I did was that public key cryptography was encumbered. Had public key >> cryptography been available, I would have used it. >> >> By authentication infrastructure, I mean an infrastructure that allows the >> user to employ the same credentials at multiple sites with minimal or no user >> interaction. I do not mean a framework that allows for the use of 20 different >> protocols for verifying a username and password. >> >> >> We do have almost as many proposals for federated authentication as >> authentication schemes of course. But each time there seems to be an obsession >> with things that technocrats obsess about and at best contempt for the actual >> user. >> >> OpenID almost succeeded. But why on earth did we have to adopt URIs as the >> means of representing a user account? And why was it necessary to design a >> spec around the notion that what mattered most in the design of the spec was >> the ability to hack together an account manager using obsolete versions of >> common scripting languages? >> >> Another feature of that debate I cannot understand is why we had to start >> talking about 'identity' as if it was some new and somehow profound problem >> that had only just been discovered. >> >> >> There is of course a standard for representing federated user accounts that >> has already emerged on the net. And once that is realized, the technical >> requirements of a solution become rather obvious. >> >> As Web sites discover that their account holders cannot remember their >> username, most have adopted email addresses as account identifiers. That is >> what we should use as the basis for federated web authentication. >> >> >> So if the user account identifier looks like username@example.com >> , how does an entity verify that a purported user >> has a valid claim to that account? >> >> The obvious mechanism in my view is to use DNS based discovery of an >> authentication service. For example, we might use the ESRV scheme I have been >> working on: >> >> _auth._ws.example.com ESRV 0 prot "_saml._ws" >> _auth._ws.example.com ESRV 0 prot "_xcat._ws" >> >> Which declares that the SAML and 'XCAT' (presumably kitten in XML) protocols >> may be used to resolve authentication requests. >> >> >> One major advantage of this approach is that it makes it easy for sites to >> move to using the new federated auth scheme. Most sites already store an email >> address that is used to validate the account. >> >> >> The actual mechanism by which the authentication claim is verified is not very >> interesting, nor does it particularly need to be standardized. What does >> require standardization is the ability to embed the protocol in 'the Web' in a >> fluent and secure manner. >> >> Here is how I suggest this be achieved: >> >> 1) HTTP header >> >> The Web browser attaches an offer of authentication by means of an account >> attached to a specific domain to (potentially) every request: >> >> Auth-N: domain=example.com >> >> If the server does not support Auth-N, the header will simply be ignored. >> Otherwise the server can ask for automated authentication. >> >> >> 2) HTTP Response >> >> If the server decides to use the authentication mechanism, it responds with >> information that tells the client what level of authentication is required. >> For example, a bank might require a 2 factor scheme. There is going to be at a >> minimum a nonce. >> >> Auth-N: snonce=<128bits> >> >> >> >> 3) HTTP Request >> >> It should be possible for the client to prove that it has ownership of the >> authentication token corresponding to the account. >> >> It is not necessarily the case that the account owner wants to reveal to the >> site all their information. For example, it may not even want the site to know >> the account name. This is all fairly easy to set up using symmetric techniques. >> >> Auth-N: domain=example.com ; blindedaccount=<> >> snonce=<128bits>; cnonce=<128bits> >> >> >> One feature that the OpenID work has highlighted the need for is some form of >> user directed account manager. If the user is going to be in control of this >> process, they need to be able to specify what information is made available to >> specific sites. >> >> >> Conclusion: >> >> I think that what we require here is not yet another authentication framework >> or protocol. What we need is the glue to bind it into an infrastructure that >> makes it useful. >> >> The most important design decision is to make use of RFC822 email address >> format as the format for federated authentication accounts. >> >> Once that decision is made, the rest will simply fall out of stating the >> requirements precisely. >> >> The risk here is that yet again we end up redo-ing the parts that we know how >> to build rather than focus on the real problem which is fitting them together. >> >> Above all, the user has to be the first priority in any design. > > -- > Adrien de Croy - WinGate Proxy Server - http://www.wingate.com > From benl@google.com Sun Dec 19 14:28:00 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BD1D63A692F for ; Sun, 19 Dec 2010 14:28:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.552 X-Spam-Level: X-Spam-Status: No, score=-104.552 tagged_above=-999 required=5 tests=[AWL=-3.788, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, SARE_OBFU_MILLIONS=1.213, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GsaGuHEJ-BJw for ; Sun, 19 Dec 2010 14:28:00 -0800 (PST) Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.67]) by core3.amsl.com (Postfix) with ESMTP id 9F19D3A692E for ; Sun, 19 Dec 2010 14:27:58 -0800 (PST) Received: from kpbe13.cbf.corp.google.com (kpbe13.cbf.corp.google.com [172.25.105.77]) by smtp-out.google.com with ESMTP id oBJLnvQf011093 for ; Sun, 19 Dec 2010 13:49:58 -0800 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1292795398; bh=uWfAZT2M3FpdI4YhLUhCaX5+M+w=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type:Content-Transfer-Encoding; b=OD1uee4PbeTNIzspa9tXpfqfld3OoNVEeo9VJpa48wXtODEiONuRIfoOimAhPwD/q YndRSlESn9E7uh84txA4A== Received: from qwj9 (qwj9.prod.google.com [10.241.195.73]) by kpbe13.cbf.corp.google.com with ESMTP id oBJLnuPQ020480 for ; Sun, 19 Dec 2010 13:49:56 -0800 Received: by qwj9 with SMTP id 9so2150561qwj.8 for ; Sun, 19 Dec 2010 13:49:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=MfXLHtS0HhUmrdwYRuE7bZ/eaVoK3BSZWCEkYhNpwsM=; b=RS5mloI+ufvR0ZaoyqZrPac8GNuGrEPoI57fwDihC+87Dj4AEkALfT8JXCW5yfAdIp ccynlurtA78G5JQuY/Ww== DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=jEZ4eidTTY/ulcVKzn0G7Y5AUrzK1L8k2PDf1jp/J1txMZwtXuRzacanp9VZi89s0d NVl9hMudenCxuH3MfY+w== MIME-Version: 1.0 Received: by 10.229.81.12 with SMTP id v12mr3084026qck.35.1292795396286; Sun, 19 Dec 2010 13:49:56 -0800 (PST) Received: by 10.220.126.219 with HTTP; Sun, 19 Dec 2010 13:49:56 -0800 (PST) In-Reply-To: <4D0DE882.50201@qbik.com> References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <2229.1292253372.639419@puncture> <4D0DE882.50201@qbik.com> Date: Sun, 19 Dec 2010 21:49:56 +0000 Message-ID: From: Ben Laurie To: Adrien de Croy Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-System-Of-Record: true Cc: General discussion of application-layer protocols , websec , Common Authentication Technologies - Next Generation , "http-auth@ietf.org" , "saag@ietf.org" , Phillip Hallam-Baker , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [websec] [apps-discuss] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Dec 2010 22:28:00 -0000 On 19 December 2010 11:12, Adrien de Croy wrote: > Imagine if > everyone needed a client certificate to send any mail.=A0 We'd have no sp= am. Nonsense. We'd just restrict spam to owned machines, of which there are only a few tens or hundreds of milliions, if we're lucky. From Josh.Howlett@ja.net Mon Dec 20 01:24:14 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E86563A67C3; Mon, 20 Dec 2010 01:24:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.395 X-Spam-Level: X-Spam-Status: No, score=-102.395 tagged_above=-999 required=5 tests=[AWL=0.204, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FetjZtwnUIWE; Mon, 20 Dec 2010 01:24:14 -0800 (PST) Received: from har003676.ukerna.ac.uk (har003676.ukerna.ac.uk [194.82.140.75]) by core3.amsl.com (Postfix) with ESMTP id 135233A67C1; Mon, 20 Dec 2010 01:24:14 -0800 (PST) Received: from har003676.ukerna.ac.uk (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id E37B14A6B3C_D0F212DB; Mon, 20 Dec 2010 09:26:05 +0000 (GMT) Received: from EXC001.atlas.ukerna.ac.uk (exc001.atlas.ukerna.ac.uk [193.62.83.37]) by har003676.ukerna.ac.uk (Sophos Email Appliance) with ESMTP id C569B4A6BAA_D0F2127F; Mon, 20 Dec 2010 09:25:59 +0000 (GMT) Received: from EXC001.atlas.ukerna.ac.uk ([193.62.83.37]) by EXC001 ([193.62.83.37]) with mapi; Mon, 20 Dec 2010 09:26:17 +0000 From: Josh Howlett To: Phillip Hallam-Baker , Common Authentication Technologies - Next Generation , websec , "saag@ietf.org" , "ietf-http-wg@w3.org Group" , General discussion of application-layer protocols , "http-auth@ietf.org" Thread-Topic: [saag] [websec] [apps-discuss] [kitten] HTTP authentication: the next generation Thread-Index: AQHLn7/2OsTo+3NNpE6TpAWxmayn+pOpDfWQ Date: Mon, 20 Dec 2010 09:25:56 +0000 Message-ID: <55DC663C2F4F9F439F23543E0078E8B3046101@EXC001> References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <2229.1292253372.639419@puncture> In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: Josh Howlett Subject: Re: [saag] [websec] [apps-discuss] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Dec 2010 09:24:15 -0000 > As Web sites discover that their account holders cannot remember their > username, most have adopted email addresses as account identifiers. > That is what we should use as the basis for federated web > authentication. Unfortunately this approach transgresses the fourth Law of Identity: 'Direc= ted Identity'. "A universal system must support both omni-directional identifiers for use = by public entities and unidirectional identifiers for use by private entiti= es, thus facilitating discovery while preventing unnecessary release of cor= relation handles" Josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024=20 and whose Registered Office is at Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG From benl@google.com Mon Dec 20 03:26:51 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 818623A6A30 for ; Mon, 20 Dec 2010 03:26:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.482 X-Spam-Level: X-Spam-Status: No, score=-104.482 tagged_above=-999 required=5 tests=[AWL=-2.505, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vkbRaraNLsVL for ; Mon, 20 Dec 2010 03:26:51 -0800 (PST) Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.67]) by core3.amsl.com (Postfix) with ESMTP id 181C63A6A2B for ; Mon, 20 Dec 2010 03:26:50 -0800 (PST) Received: from hpaq7.eem.corp.google.com (hpaq7.eem.corp.google.com [172.25.149.7]) by smtp-out.google.com with ESMTP id oBKAoCHg025677 for ; Mon, 20 Dec 2010 02:50:12 -0800 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1292842212; bh=bajceOOo7ZhkMfCRIoZ6DZTpuHM=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type; b=wjs/qfOYP4SRFLXSpi5Qk4BY6dgSQE48/ETGb5ATcDra57cTTq3+EUGTZ6fs6MTJ3 S8OrcEjNnn0UmNWK0ZWIQ== Received: from pxi11 (pxi11.prod.google.com [10.243.27.11]) by hpaq7.eem.corp.google.com with ESMTP id oBKAoASj003921 for ; Mon, 20 Dec 2010 02:50:10 -0800 Received: by pxi11 with SMTP id 11so607235pxi.35 for ; Mon, 20 Dec 2010 02:50:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=ytdwEhHK3ZyxYn4/Tw7dUnwqK5e/li/rp4GY+cOWS1Y=; b=NwEscFDea7GxAdpdBM9LRj0d9drGhPtj57XvxnrZ8oBd7anConpwUxY7Qdi+O0oYSZ 7RQN4TPnn7hM5T3ma/ZA== DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=INUMAT+lgNGZT4lrzj+jY88/zZA0u1jobDAgnFBvlf3alLonE+1EccK7OldJfqU4fx vVZlQ7N0EUpDOJqgte/w== MIME-Version: 1.0 Received: by 10.142.229.8 with SMTP id b8mr3240793wfh.20.1292842209794; Mon, 20 Dec 2010 02:50:09 -0800 (PST) Received: by 10.142.47.14 with HTTP; Mon, 20 Dec 2010 02:50:09 -0800 (PST) In-Reply-To: <55DC663C2F4F9F439F23543E0078E8B3046101@EXC001> References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <2229.1292253372.639419@puncture> <55DC663C2F4F9F439F23543E0078E8B3046101@EXC001> Date: Mon, 20 Dec 2010 10:50:09 +0000 Message-ID: From: Ben Laurie To: Josh Howlett Content-Type: text/plain; charset=ISO-8859-1 X-System-Of-Record: true Cc: General discussion of application-layer protocols , websec , Common Authentication Technologies - Next Generation , "http-auth@ietf.org" , "saag@ietf.org" , Phillip Hallam-Baker , "ietf-http-wg@w3.org Group" Subject: Re: [saag] [websec] [apps-discuss] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Dec 2010 11:26:51 -0000 On 20 December 2010 09:25, Josh Howlett wrote: >> As Web sites discover that their account holders cannot remember their >> username, most have adopted email addresses as account identifiers. >> That is what we should use as the basis for federated web >> authentication. > > Unfortunately this approach transgresses the fourth Law of Identity: 'Directed Identity'. > > "A universal system must support both omni-directional identifiers for use by public entities and unidirectional identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles" Of course these are not actually laws, just good ideas. However: the core failing seems to be the requirement that users should remember any more than their one "master identity" which is used to store all the others (see my Nigori work for how). > > Josh. > > JANET(UK) is a trading name of The JNT Association, a company limited > by guarantee which is registered in England under No. 2881024 > and whose Registered Office is at Lumen House, Library Avenue, > Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag > From jhutz@cmu.edu Tue Dec 21 11:01:48 2010 Return-Path: X-Original-To: saag@core3.amsl.com Delivered-To: saag@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A30DA3A6AAA; Tue, 21 Dec 2010 11:01:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.599 X-Spam-Level: X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16h67Bq4jn5A; Tue, 21 Dec 2010 11:01:46 -0800 (PST) Received: from smtp03.srv.cs.cmu.edu (SMTP03.SRV.CS.CMU.EDU [128.2.217.198]) by core3.amsl.com (Postfix) with ESMTP id 703D63A6AF1; Tue, 21 Dec 2010 11:01:46 -0800 (PST) Received: from [192.168.1.111] (cpe-174-100-233-109.neo.res.rr.com [174.100.233.109]) (authenticated bits=0) by smtp03.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id oBLJ3ekW003791 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 21 Dec 2010 14:03:40 -0500 (EST) From: Jeffrey Hutzelman To: Phillip Hallam-Baker In-Reply-To: <11189_1292792454_oBJL0qAU019377_AANLkTi=iGWnBtOgPhN9tRtaJTxQhvRkjq3p0UCkRdT8=@mail.gmail.com> References: <4D02AF81.6000907@stpeter.im> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <2229.1292253372.639419@puncture> <11189_1292792454_oBJL0qAU019377_AANLkTi=iGWnBtOgPhN9tRtaJTxQhvRkjq3p0UCkRdT8=@mail.gmail.com> Content-Type: text/plain; charset="UTF-8" Date: Tue, 21 Dec 2010 14:03:39 -0500 Message-ID: <1292958219.2800.22.camel@destiny> Mime-Version: 1.0 X-Mailer: Evolution 2.30.3 Content-Transfer-Encoding: 7bit X-Scanned-By: mimedefang-cmuscs on 128.2.217.198 Cc: General discussion of application-layer protocols , websec , Common Authentication Technologies - Next Generation , "http-auth@ietf.org" , "ietf-http-wg@w3.org Group" , "saag@ietf.org" Subject: Re: [saag] [websec] [apps-discuss] [kitten] HTTP authentication: the next generation X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Dec 2010 19:01:48 -0000 On Sat, 2010-12-18 at 16:48 +0000, Phillip Hallam-Baker wrote: > > As Web sites discover that their account holders cannot remember their > username, most have adopted email addresses as account identifiers. > That is what we should use as the basis for federated web > authentication. > > > > > So if the user account identifier looks like username@example.com, how > does an entity verify that a purported user has a valid claim to that > account? > > > The obvious mechanism in my view is to use DNS based discovery of an > authentication service. For example, we might use the ESRV scheme I > have been working on: > > > _auth._ws.example.com ESRV 0 prot "_saml._ws" > _auth._ws.example.com ESRV 0 prot "_xcat._ws" > > > Which declares that the SAML and 'XCAT' (presumably kitten in XML) > protocols may be used to resolve authentication requests. > I see two fundamental technical problems with this approach: 1) It relies on unsecured DNS to be secure. Particularly, you suggest that, in order to discover a means to securely authenticate users associated with some entity with which I have no prior relationship, I should look up information about that entity in the DNS. But DNSSEC is not widely-deployed enough (yet) for that to be realistic. Further, I'm generally opposed to schemes that rely on the integrity of the DNS to secure applications, because, at the enterprise level and below, the operators of the DNS are frequently not entrusted with the security of applications. I mistrust any system which insists on forcing that to change, while providing no recourse to those for whom such a policy is unacceptable (and no, "advertise in the DNS whether to use the DNS" is not such a recourse!). 2) It makes the assumption that my email service provider is interested in providing authentication services to me, and that I'm interested in giving them the ability to impersonate me to my bank. > > I'd be much happier to see a model wherein, at registration time, I tell a service my public key, and then it uses public-key cryptography to authenticate me in the future. Unfortunately, there are a number of practical problems there, such as dealing with multiple clients per user, kiosks, reinstalling machines, stolen credentials, etc., and it's really preferable to avoid having every service provider deal with those issues, rather than a much smaller number of authentication providers.