ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Symptoms vs. Causes

2007-09-12 05:22:49
from [Hallam-Baker, Phillip] [Permanent Link] 
I think this discussion here is completely off base. It is thinking in terms of 
1980s authentication protocol design where the relying party is the 
authentication authority. It is also attempting to solve a problem for a 
constituency that isn't here (Dan excepted) and has not been asked what its 
real requirements are.
 
 
First need to separate the two so that the choice of authentication mechanism 
is a decision between the user and the authentication authority and the relying 
party's role is limited to deciding whether a particular authentication 
authority and mechanism are adequate for their needs.
 
This means that we need to have a consistent mechanism wherby the relying party 
can route authentication queries to the appropriate authentication authority. 
In the case of a federated system where one credential can be used at multiple 
locations it means we need a discovery layer.
 
We have no shortage of authentication protocols (SAML, WS-*, EAP, &ct. &ct.). 
We have a standard for a personal identifier. What we lack is a standard 
discovery mechanism. OpenID has several mechanisms that are designed to 
integrate into the infrastructure as it is. That and SRV appear to be very 
useful starting points.
 
 
What has to be avoided at all costs is yet another meta-neogtiation layer to 
select the authentication protocol or for that matter more authentication 
protocols.
 
________________________________

From: Michael Thomas [mailto:mat(_at_)cisco(_dot_)com]
Sent: Wed 12/09/2007 8:05 AM
To: Christian Huitema
Cc: ietf(_at_)ietf(_dot_)org
Subject: Re: Symptoms vs. Causes



Christian Huitema wrote:

There are a large number of protocol designs--even existing
protocols--which are compatible with the general paradigm of "user U
proves possession of password P to server A without giving A a
credential which can be used to impersonate U to server B".
HTTP Digest, TLS-PSK, SRP, and PwdHash all come to mind. The
difficult parts are:

(1) putting a sensible UI on it--including one that isn't easily
    spoofed (see the extensive literature on how hard it is
    to build a secure UI.
(2) Getting everyone to agree on one protocol.
   


Please add:

(3) The chosen solution is immune to dictionary attacks.
 

Well if we're going here then:

    (4) The chosen solution requires that I have to remember zero or fewer
          non-dictionary passwords

       Mike

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Symptoms vs. Causes, Michael Thomas
Next by Date:  Re: draft-aboba-sg-experiment-02.txt, Jari Arkko
Previous by Thread:  Re: Symptoms vs. Causes, Michael Thomas
Next by Thread:  Re: Symptoms vs. Causes, Eric Rescorla
Indexes:  [Date] [Thread] [Top] [All Lists]