RE: Repost of CompuServe Position on Passphrases from Don Schmidt on 1996-08-01 (ietf-tls@w3.org from July to September 1996)

From: Don Schmidt <donsch@microsoft.com>
Date: Wed, 31 Jul 1996 17:46:07 -0700
To: "'Keith Ball'" <Keith_Ball@novell.com>, "'Christopher Allen'" <ChristopherA@consensus.com>
Cc: "'ietf-tls@w3.org'" <ietf-tls@w3.org>, Jeff Teper <jeffte@microsoft.com>, "'jmacko'" <jmacko@csi.compuserve.com>
Message-ID: <c=US%a=_%p=msft%l=RED-86-MSG-960801004607Z-26509@tide21.microsoft.com>

The solution suggested below 

>>use use FTP's current password methods to authenticate the client.
>>Same can be done with HTTP using it's current auth structure,
>and most every other protocol over SSL.

is precisely one of the problems that including a standard shared-secret
auth mechanism in TLS is designed to solve.  Each one of these protocols
does password auth in an app specific manner.  It would greatly simplify
the development, deployment and administration of secured apps if there
is was one system-level protocol and I/F for security.  This is a
benefit of TLS for certificate-based auth.  When it is within our grasp,
who are we to deny the same benefit to  applications or service
providers that have reasons to continue to use shared-secret based auth?

Don Schmidt
donsch@microsoft.com
Program Manager
Microsoft Corp.

>----------
>From: 	Christopher Allen[SMTP:ChristopherA@consensus.com]
>Sent: 	Friday, July 26, 1996 4:46 PM
>To: 	Keith Ball
>Cc: 	ietf-tls@w3.org
>Subject: 	RE: Repost of CompuServe Position on Passphrases
>
>At 3:49 PM -0700 7/26/96, Keith Ball wrote:
>>Issues:
>>Against:
>>1) scalability: the user's ability to remember a different password for
>>every
>>service and that that simply doesn't scale because a person has a finite
>>number of things that he can remember.
>>2) symmetric: both sides must know the secret.
>>3) dictionary attack possible if use human-simple passphrase (even though
>>can
>>reduce this if require multiple words and non-alpha characters, e.g.
>>1toad$frog2, and the same format is not required on all passphrases)
>
>I'd like to to the Against:
>
>You can still have password security at the application protocol level.
>Nothing in the current protocol prevents this. For instance, right now you
>can add SSL under ftp, use SSL's server-only authentication or
>diffie-helman anonymous to secure the channel, and then use use FTP's
>current password methods to authenticate the client. Same can be done with
>HTTP using it's current auth structure, and most every other protocol over
>SSL.
>
>It's not elegant, but neither is shoehorning passwords into TLS, and it has
>the advantage of working now.
>
>------------------------------------------------------------------------
>..Christopher Allen                  Consensus Development Corporation..
>..<ChristopherA@consensus.com>                 1563 Solano Avenue #355..
>..                                             Berkeley, CA 94707-2116..
>..Home of "SSL Plus:                      o510/559-1500  f510/559-1505..
>..  Security Integration Suite(tm)" <http://www.consensus.com/SSLPlus>..
>
>
>

Received on Wednesday, 31 July 1996 20:46:28 UTC