Re: Some comments on Digest Auth from Ben Laurie on 1998-01-20 (ietf-http-wg@w3.org from January to March 1998)

From: Ben Laurie <ben@algroup.co.uk>
Date: Tue, 20 Jan 1998 23:09:02 +0000
To: Paul Leach <paulle@microsoft.com>
Cc: Dave Kristol <dmk@research.bell-labs.com>, http-wg@cuckoo.hpl.hp.com
Message-Id: <34C52E8E.14F4BB3C@algroup.co.uk>

Paul Leach wrote:
> 
> > From:         Ben Laurie[SMTP:ben@algroup.co.uk]
> > A replayable Digest is by no means as bad as Basic:
> >
> > 1. The replay is likely to be time-limited in any sensible
> > implementation, unlike in Basic.
> >
> > 2. The replay is only applicable to a single URL, unlike Basic.
> >
> > 3. The attacker is likely to have already seen the content, in the
> > process of stealing the material necessary for the replay.
> >
> If you can do the above, then you've got _some_ replay prevention.

You can.

> Dave is arguing that no replay protection is necessary. I'm willing to
> discuss how much is needed, but I'm tired of statements about "eliminating
> plaintext is all we have to do". (I'll remind everyone that even Basic
> _doen't_ use plaintext -- it uses a Base64 encoding.)

Agreed.

> I also do not believe that we can rely on "any sensible implementation".
> When it comes to security, we need to require sensible impllementations,
> because it is well proven that even well intentioned implentors frequently
> fail to acheive "sensible implementations".

I'll limit the obvious snipe to this sentence :-)

> That means we need to precisely describe the algorithms for at least one
> sensible implementaiton.

Fair enough, but I don't think we can go so far as to mandate the
algorithm, because...

> Finally, I believe that if we can solve the pipelining problem, then we can
> solve the replay problem.

...this, I believe, can only be solved by requiring servers to keep
state, which is a Bad Thing. I have no objection to those servers that
want to (and can) doing this, but I really don't see the point - if you
are _that_ concerned about the content, you should've SSLed it (because
the Bad Guy who is failing to get usephul stuph for a replay attack is
getting the content anyway).

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686|Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org
and Technical Director|Email: ben@algroup.co.uk |Apache-SSL author
A.L. Digital Ltd,     |http://www.algroup.co.uk/Apache-SSL
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache

Received on Tuesday, 20 January 1998 15:12:16 UTC