RE: Some comments on Digest Auth

> ----------
> From: 	Ben Laurie[SMTP:ben@algroup.co.uk]
> Sent: 	Tuesday, January 20, 1998 1:33 PM
> To: 	Dave Kristol
> Cc: 	Paul Leach; http-wg@cuckoo.hpl.hp.com
> Subject: 	Re: Some comments on Digest Auth
> 
> Dave Kristol wrote:
> > 
> > Paul Leach wrote:
> >   > > [DMK:]
> >   > > So let me hark back to the discussion of a few weeks ago.  Let's
> not
> >   > > try to make Digest do something it was not intended to do.  Let's
> >   > > hold replay-proof Digest for digest-ng discussions.
> >   > >
> >   > No.
> >   >
> >   > A replayable Digest is just as bad as Basic.
> > 
> > Let me say the same thing differently:  A replayable Digest is no worse
> > than Basic.  And it has the merit that it eliminates cleartext
> passwords.
> > That's all we were trying to do.
> 
> A replayable Digest is by no means as bad as Basic:
> 
> 1. The replay is likely to be time-limited in any sensible
> implementation, unlike in Basic.
> 
> 2. The replay is only applicable to a single URL, unlike Basic.
> 
> 3. The attacker is likely to have already seen the content, in the
> process of stealing the material necessary for the replay.
> 
If you can do the above, then you've got _some_ replay prevention.
Dave is arguing that no replay protection is necessary. I'm willing to
discuss how much is needed, but I'm tired of statements about "eliminating
plaintext is all we have to do". (I'll remind everyone that even Basic
_doen't_ use plaintext -- it uses a Base64 encoding.)

I also do not believe that we can rely on "any sensible implementation".
When it comes to security, we need to require sensible impllementations,
because it is well proven that even well intentioned implentors frequently
fail to acheive "sensible implementations".

That means we need to precisely describe the algorithms for at least one
sensible implementaiton.

Finally, I believe that if we can solve the pipelining problem, then we can
solve the replay problem.

Paul

Paul 

Received on Wednesday, 21 January 1998 05:07:57 UTC