W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

Re: Last Call: draft-bryan-http-digest-algorithm-values-update (Additional Hash Algorithms for HTTP Instance Digests) to Informational RFC

From: Phillip Hallam-Baker <hallam@gmail.com>
Date: Wed, 9 Dec 2009 22:11:39 -0500
Message-ID: <a123a5d60912091911l4a5e17efs753494daa8cb6d5@mail.gmail.com>
To: Anthony Bryan <anthonybryan@gmail.com>
Cc: Eran Hammer-Lahav <eran@hueniverse.com>, "ietf@ietf.org" <ietf@ietf.org>, "HTTP Working Group (ietf-http-wg@w3.org)" <ietf-http-wg@w3.org>
Changing the digest algorithm in DIGEST is pointless.

If you are going to make changes to align the scheme with modern
practice you would replace the digest function with a MAC such as

But there really is no point in doing that because

1) Implementations would still be vulnerable to downgrade attacks.
This is actually a problem with BASIC continuing to exist.

2) The on-the wire protocol is subject to a brute force attack over
the space of possible passwords. Unless we can persuade people to use
passwords longer than 25 characters that is going to be the weakest
point in the system no matter what the algorithm is.

3) RSA is now out of patent, that was the main constraint on DIGEST,
the algorithms had to be unencumbered.

I would be more interested in doing something like using self signed
SSL certs, putting a digest of the cert into the DNS and hoping that
DNSSEC is un-doofused some time this century.
Received on Thursday, 10 December 2009 03:12:12 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:52 UTC