W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Re: v11-03 COMMENT: (following) 19.1 Authentication of Clients

From: Bob Denny <rdenny@dc3.com>
Date: Fri, 24 May 1996 06:57:25 -0700
Message-Id: <9605240657.ZM1287@solo.dc3.com>
To: Dave Kristol <dmk@allegra.att.com>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/540
Dave, et.al --

I've been 100% silent (workload issue) so pardon my intrusion at this late 
date. However, the following is unsettling to me:

> An even better MITM attack would be to remove all offered choices, and
> to insert a challenge that requests Basic authentication. For this
> reason, user agents that are concerned about this kind of attack could
> remember the strongest authentication scheme ever requested by a
> server and produce a warning message that requires user confirmation
> before using a weaker one.

What if this MITM attack begins at the first transaction between the client 
and server? What's to remember?

I consider this to be a serious flaw in offering a choice of authentication 
methods. Why do it at all? If the user EVER uses the weaker choice, his 
credentials have been exposed at that (lowest) strength. As you pointed out, 
offering stronger choices serves only to protect credentials anyway.

Furthermore, if the same user authenticates at varying strengths, and the 
attacker solves the problem at the lowest strength, he may be in a position to 
mount a known ciphertext attack against the stronger ones. So the presence of 
the weaker choices serves to weaken the stronger choices.

I believe that the server should require authentication at one strength only, 
as configured for the target object by the server or content administrator. 
This of course puts a roadblock in the way of implementing stronger methods 
(e.g., Simple MD5). If the server requires strong authentication and the 
browser doesn't support it, the user can't use the target object. 

> A particularly insidious way to mount such a MITM attack would be to offer a
> "free" proxy caching service to gullible users.

Yeah, just sit there and wait for the access restricted documents to land in 
your cache.

  -- Bob
Received on Friday, 24 May 1996 06:59:34 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:17 UTC