[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GNU SASL Summer of Code
From: |
Simon Josefsson |
Subject: |
Re: GNU SASL Summer of Code |
Date: |
Mon, 26 Mar 2007 10:23:58 +0200 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.95 (gnu/linux) |
Francis Brosnan Blazquez <address@hidden> writes:
> Hi Simon,
>
>> (Altough the DIGEST-MD5 related ideas should probably never be
>> done... the IETF appears to, rightly, be starting to kill DIGEST-MD5)
>
> Many SASL projects states that CRAM-MD5 should be avoided because it is
> deprecated in favor of DIGEST-MD5. So, an inevitable advise is to
> recommend users to use DIGEST-MD5 (as we do at [1]) for new protocols.
>
> Until now, I thought DIGEST-MD5 was fine. Why do you think DIGEST-MD5
> should be killed?
Hi Francis! DIGEST-MD5 have some problems:
* Implementation complexity. The security layers
(encryption/integrity) doesn't interop well, and have security
issues.
* Security concerns. It is built on MD5 and a non-standard MAC mode.
Anyway, there were long discussions about this at the last IETF, the
summary is http://article.gmane.org/gmane.ietf.sasl/2818 which says:
Given problems with DIGEST-MD5 in terms of interoperability and
implementability, there appears to be consensus to move DIGEST-MD5
(in the form of RFC 2831) to Historic.
However, in practice, there is no alternative yet, although there were
presentations on three different password-based mechanisms at the
meeting. They all used HMAC with SHA-256, or similar, which is much
better than CRAM/DIGEST-MD5 and they all looked quite easy to
implement (similar to CRAM-MD5 complexity). I'm working a on a fourth
proposal myself (written as a GSS-API mechanism).
To me, this makes it clear that DIGEST-MD5 isn't the future, and it
doesn't make sense to spend any more time working on improving it for
GSASL.
/Simon