Re: Proposed new authentication scheme for HTTP

( Note that the original message appears in www-talk.  I tried responding
there and the mail system failed, so I am sending my response directly to
Phillip, and
to http-wg ).

In www-talk, Phillip Hallam-Baker wrote:

>No, that is NOT what I was suggesting, I was suggesting that the digest
>algorithm should be a parameter.

(Yes, I realized later that I misquoted you.  My apologies.)

I humbly disagree.  If the digest algorithm is a parameter, then we might
have to rename the scheme to Complicated.  The proposal is aimed to create
one, simple access authentication scheme suitable for inclusion in
HTTP/1.1.

>This is what I was looking for as well, however I also want the maximum
>possible integration with Alan and Erics ideas at EIT. S-HTTP is NOT a
>separate protocol, it is a set of suggestions for a security extension. What
>we should be focusing on is the integration of these into a single coherent
>scheme such that the simple, exportable system is a coherent subset.

S-HTTP is one security scheme.  It happens to be a scheme which tries to
address far more issues than the Simple authentication scheme we are
proposing.  I think S-HTTP does its job quite well, and we as a company are
participating in the effort.  However, we believe that a single security
scheme is unlikely to please everyone.

>|>Please send comments or responses to the http-wg list.
>
>No, please direct to the security list because it is a security question and
>we have
>gone round the subject on this one already...

Respectfully, I disagree again.  While anyone's input is certainly welcome,
moving this discussion to the www-security list is surely the best way to
move the proposal farther into the realm of Complicated.  This is why we
initiated the discussion on the http-wg list.  I see www-security as the
appropriate place for discussions of hard questions.  There are no hard
security questions related to SimpleMD5, because it's, er... Simple. :-)

[ discussion of MOO, Mallet, and Alice deleted ]

[ discussion of Diffie-Helleman key exchange applications deleted ]

All of the issues raised above in the text I deleted are valid and
interesting questions regarding the big picture.  I have nothing against
progress and discussion of all security issues relevant to WWW.  I am
simply trying to make clear that the proposal for SimpleMD5 was intended to
be very focussed at solving the following problem:

The private key has already been exchanged between client and server in a
fashion we assume to be secure.  How can the client authenticate itself
without sending the password in the clear?

Solving this problem will benefit the web.  Solving it is easy, if we stay
focussed on keeping it Simple.

Clearly, solving the rest of the security problems benefits the web even more.
There appears to be no reason we can't do both.

Analogy: Basic Authentication is like a mailbox sitting on a wooden post.
It's not really attached, so if a decent wind comes up, it justs falls
down, probably resulting in the loss of some mail.  SimpleMD5 seeks a
workable solution by simply nailing the box to the post.  It would appear
that one nail, maybe two will do it.  S-HTTP replaces the post with a
larger capacity mailbox in a lovely brick enclosure with brass trim.


--
Eric W. Sink, Senior Software Engineer --  eric@spyglass.com
                                           I don't speak for Spyglass.

Received on Wednesday, 11 January 1995 08:28:17 UTC