- From: Ben Laurie <ben@algroup.co.uk>
- Date: Mon, 19 Jan 1998 19:42:04 +0000
- To: Dave Kristol <dmk@research.bell-labs.com>
- Cc: yarong@microsoft.com, http-wg@cuckoo.hpl.hp.com
Dave Kristol wrote: > > Yaron Goland <yarong@microsoft.com> wrote: > > > ASSUMPTION: Avoiding replay attacks is important enough to most implementers > > that either the standard will require or implementers will voluntarily > > refuse to accept the same nonce twice. > > > > GOAL OF THIS MESSAGE: To demonstrates that the current digest auth > > mechanism, from the point of view of performance in situations where we wish > > to prevent replay attacks, is unacceptably sub-optimal. > > Ah, excellent that you set those forth, because I disagree with the > assumption. > > The purpose of Digest is to replace Basic, with its cleartext > passwords. Basic is already subject to replay attacks. Digest should > be no more susceptible, and it isn't more susceptible. By clever > choice of time-limited nonces, it can easily be less so. But it isn't > perfect. We've known that for a long time. Agreed. Another way of saying much the same thing is that HTTP is stateless by design. Strictly avoiding the reuse of nonces makes it stateful (at least, I can't see a way of doing it that doesn't). However, we can get a very similar effect by time-limiting nonces, without changing the nature of HTTP. > So let me hark back to the discussion of a few weeks ago. Let's not > try to make Digest do something it was not intended to do. Let's > hold replay-proof Digest for digest-ng discussions. Exactly. Also remember that for those cases where Digest is insufficient, there is always SSL/TLS. Cheers, Ben. -- Ben Laurie |Phone: +44 (181) 735 0686|Apache Group member Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org and Technical Director|Email: ben@algroup.co.uk |Apache-SSL author A.L. Digital Ltd, |http://www.algroup.co.uk/Apache-SSL London, England. |"Apache: TDG" http://www.ora.com/catalog/apache
Received on Monday, 19 January 1998 11:44:00 UTC