pw-based mech options (Re: draft-josefsson-password-auth-00.txt)

Nicolas Williams Nicolas.Williams at sun.com
Thu Mar 29 15:42:56 CEST 2007 

On Thu, Mar 29, 2007 at 08:17:16AM -0500, Nicolas Williams wrote:
> Not another mailing list... :/  :)
> 
> >        http://josefsson.org/password-auth/

And moderated to boot.  I'd rather we first seek consensus on the SASL
list as to whether the WG should take on any new password-based
mechanisms, and if so whether to proceed as Sam suggested (spec the mech
as a SASL/GS2 mech without reference to the GSS-API and describe its GSS
bindings in a separate section/document).

Me, I'm all for doing this work in this WG.  Of course, there were
several options on the table, and we may want to pick one, or maybe two.

I volunteered to help with the GSS bits regardless of which options we
choose.

BTW, about YAP, I get it now: it uses unique channel bindings as a
standing for both, server challenge and client nonce.

Also, during SAAG EKR suggested to me (via jabber) doing a password-
based mechanism as a profile of TLS PSK.

Of course, doing password auth in TLS PSK can work and it can even
provide a measure of protection against off-line dictionary attacks, but
it does not provide for privacy protection of the client identity.  If
we really want the latter then YAP seems like a good choice for SASL
apps running over TLS, else a password-based profile of TLS PSK seems
like a better approach.  We'd still need a password-based GSS mechanism,
but if we push the SASL mechanism to TLS then we effectively wash SASL's
hands of a password-based GSS mech.

Our options so far:

 - TLS PSK profile
 - YAP (which, incidentally, it seems it can't be a GS2 mech, though it
        can be a SASL mech and it can be a GSS mech)
 - Traditional challenge/response mechanisms (Simon's, Hexa, etc...)

A TLS profile seems un-SASLish, but we (the IETF) could use that too.

YAP is neat (one round-trip!), but absolutely depends on an underlying
channel with unique channel bindings (else it's replayable).

A traditional challenge/response design is needed to have a well rounded
SASL/GSS mechanism story.

So, my tentative position:

 - pursue a traditional challenge/response mechanism as a WG item
 - pursue YAP as a WG item IFF the privacy protection angle is deemed
   important
 - pursue a TLS PSK profile as an individual submission or let the TLS
   WG take it

Comments?

Nico
--

More information about the Password-auth mailing list