[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: active attacks (Was: Applicability (Was: authmeth review notes [long]))

Kurt D. Zeilenga writes:
>At 01:42 PM 3/9/2004, Hallvard B Furuseth wrote:
>>I wrote:
>>> DIGEST-MD5...
>> ... is also vulnerable to active intermediary attacks ([Authmeth]
>> section 10).
> So is TLS (version downgrade attack), see RFC 2246.

I couldn't find that, but I found 'version rollback attack'.  Then
[Authmeth] should mention that TLS is vulnerable too.  However, an
unqualified statement that it is vulnerable seems wrong.  As far as I
can tell from RFC 2246, TLS is 'reasonably secure' if one uses version
3.0+ and addresses the attack properly.  Should be added to Section
3.1.4 (Discovery of Resultant Security Level), which will then need to
be renamed a bit.

> DIGEST-MD5 addresses the known active intermediate vulnerability
> (the layer downgrade attack) of the authentication exchange by
> stating that both peers must ensure that adequate protections have
> been established before transferring any application-protocol data.
> Likewise, [Authmeth] must say this for its use of SASL as LDAP's
> SASL mechanism discovery facility is also subject to downgrade
> attacks (unless protected by other means).

Um... that "also" confuses me.  Are you talking about two different
attacks on DIGEST-MD5, or is it one attack and DIGEST-MD5 is secure
(as far as we know) if one addresses this attack?