[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Digest Authentication over TLS

To: Mark C Smith <mcs@netscape.com>
Subject: Re: Digest Authentication over TLS
From: Frank Siebenlist <frank@dascom.com>
Date: Tue, 06 Oct 1998 22:31:25 -0800
Cc: IETF LDAP Extensions WG <ietf-ldapext@netscape.com>
Organization: DASCOM, Inc.
References: <361A8DBD.FA4B9DD2@dascom.com> <361AC0F3.50BB7773@netscape.com>
Resent-date: Tue, 06 Oct 1998 22:29:12 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"ALc4l2.0.gd6.cml6s"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Mark C Smith wrote:
> Frank Siebenlist wrote:
> > ...
> > If Digest/SASL is to be the Mandatory-to-Implement non-plaintext password
> > mechanism, why do we need any plaintext password mechanism at all?
> >
> > Guess that most will agree that it's not a good idea to send out passwords
> > at all, even if they are encrypted going through the SSL channel.
> >
> > The idea is to use the same Digest Authentication scheme instead of
> > plaintext passwords over TLS as the more secure, heavy-weight authentication
> > scheme.
> 
> Sending clear text passwords over TLS has some advantages:
> 
> 1) Servers can store a true, non-reversible one-way hash of just the
> password instead of storing the password in the clear or something
> nearly equivalent (as required by SASL/Digest).

Still the password goes all the way to the server...and that is bad.
Also, with digest authentication it is easier to securely proxy the actual
authentication to authentication servers at the back end. Your alternative is
to keep moving the clear-text password...

And why would you implement an additional authentication protocol, no matter
how easy, if you have a more secure one available already?

> 2) Fewer protocol exchanges are needed.

When the password or digest protocol are both added to the setup of the
expensive TLS pk-authentication, that the difference of one extra exchange is
negligible, a non-issue...

> > Furthermore, if there is that mandatory Digest/SASL implementation, with
> > all its algorithms and password-file equivalent table of hashed user info,
> > then the additional implementation of a table with plain-text passwords
> > does seem double work and maintenance.
> > Especially when you will allow users to come in through both mechanisms.
> > How are these accounts and passwords synchronized?
> 
> This is definitely an issue, but we have a lot of authentication schemes
> and not all of them play well together.  

My point is that you have a chance to make them play together. Even better,
you can reuse what is already there.

> If a server stores the clear
> text password it can support both clear over TLS and SASL/Digest without
> any problem.  If it stores a one-way hash of just the password, that
> same value can't be used to support SASL/Digest.  If it stores the MD5
> hash of user/realm/password suggested by the SASL/Digest draft, clear
> text over TLS will still work since the server can perform the
> appropriate check (the hash only includes information the server
> presumably knows already).

It is clear to me that the clear-text password and digest scheme can be
implemented more or less concurrently, but why would you....?

Again, sending actual passwords over the wire, even if it is encrypted, is
unnecessary, less secure, more evil, and we should try to eradicate its necessity.

-Frank.

-- 
Frank Siebenlist              DASCOM, Inc. 
Chief Architect               3004 Mission Street
Email: frank@dascom.com       Santa Cruz, CA 95060, USA
Phone: +1 831/460-3600        Fax: +1 831/460-0255

References:
- Digest Authentication over TLS
  - From: Frank Siebenlist <frank@dascom.com>
- Re: Digest Authentication over TLS
  - From: mcs@netscape.com (Mark C Smith)

Prev by Date: RE: Compromise Authentication Proposal
Next by Date: Re: Compromise Authentication Proposal
Index(es):
- Chronological
- Thread