ietf
[Top] [All Lists]

Re: How US military base in Hawaii was compromised - Password sharing

2013-11-12 05:38:48
On Fri, Nov 8, 2013 at 9:02 PM, Michael Richardson 
<mcr(_at_)sandelman(_dot_)ca> wrote:

Fortunately, we have some really good mechanisms on the books that
permit delegation including OAUTH*, KeyNote(2704), SASL (I think) and
even going back to SPKI (rfc2693).  I know that there are more.


Apologies for the delayed reaction to this, but:

Yes, SASL contains a theory of proxy-auth, and most mechanisms (though not
all) provide provision for requesting this during authentication.

However, there are parts missing from the complete breakfast here:

1) Users have no interoperable method for allowing a delegation (or proxy
auth, or whatever). I think Kerberos works by telnetting in and editing an
obscure file, but I can't remember the details.

2) Users also don't have any interoperable way of changing passwords. Some
mechanisms (and I'm looking at PLAIN here) require the plaintext password,
others (such as SCRAM-*) could allow a not-quite-plaintext-equivalent hash,
and things like SRP allow a fairly secure verifier. None of these things
are perfectly secure across the wire, of course, however it's probably
worth noting that the vast majority of vendors offer password changing
facilities, and it'd be quite nice to ensure these were interoperable, so
that users' password management could be made rather more easily available.

I'd note prior art exists at least for the second item - there's both the
Eudora password changing protocol, and also XMPP's XEP-0077 has some
password changing facilities too. Both, as I recall, require the password
to be sent in the clear. There has, to my knowledge, been at least one
exploit targetting XEP-0077 on some systems.

Dave.