draft-ietf-kitten-digest-to-historic-00.txt   draft-ietf-kitten-digest-to-historic-01.txt 
Kitten Working Group A. Melnikov Kitten Working Group A. Melnikov
Internet-Draft Isode Limited Internet-Draft Isode Limited
Intended status: Informational June 24, 2010 Intended status: Informational September 14, 2010
Expires: December 26, 2010 Expires: March 18, 2011
Moving DIGEST-MD5 to Historic Moving DIGEST-MD5 to Historic
draft-ietf-kitten-digest-to-historic-00 draft-ietf-kitten-digest-to-historic-01
Abstract Abstract
This memo describes problems with the DIGEST-MD5 Simple This memo describes problems with the DIGEST-MD5 Simple
Authentication and Security Layer (SASL) mechanism as specified in Authentication and Security Layer (SASL) mechanism as specified in
RFC 2831. It recommends that DIGEST-MD5 to be marked as OBSOLETE in RFC 2831. It recommends that DIGEST-MD5 to be marked as OBSOLETE in
the IANA Registry of SASL mechanisms, and that RFC 2831 be moved to the IANA Registry of SASL mechanisms, and that RFC 2831 be moved to
Historic status. Historic status.
Note Note
A revised version of this draft document will be submitted to the RFC A revised version of this draft document will be submitted to the RFC
editor as a Proposed Standard for the Internet Community. Discussion editor as a Informational document for the Internet Community.
and suggestions for improvement are requested, and should be sent to Discussion and suggestions for improvement are requested, and should
ietf-sasl@imc.org. be sent to kitten@ietf.org.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 26, 2010. This Internet-Draft will expire on March 18, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 15 skipping to change at page 3, line 15
Table of Contents Table of Contents
1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Security Considerations . . . . . . . . . . . . . . . . . . . 6 2. Security Considerations . . . . . . . . . . . . . . . . . . . 6
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6
5. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
5.1. Normative References . . . . . . . . . . . . . . . . . . . . 6 5.1. Normative References . . . . . . . . . . . . . . . . . . . . 7
5.2. Informative References . . . . . . . . . . . . . . . . . . . 7 5.2. Informative References . . . . . . . . . . . . . . . . . . . 7
Author's Address . . . . . . . . . . . . . . . . . . . . . . 7 Author's Address . . . . . . . . . . . . . . . . . . . . . . 7
1. Overview 1. Overview
[RFC2831] defined how HTTP Digest Authentication [RFC2617] can be [RFC2831] defined how HTTP Digest Authentication [RFC2617] can be
used as a Simple Authentication and Security Layer (SASL) [RFC4422] used as a Simple Authentication and Security Layer (SASL) [RFC4422]
mechanism for any protocol that has a SASL profile. It was intended mechanism for any protocol that has a SASL profile. It was intended
both as an improvement over CRAM-MD5 [RFC2195] and as a convenient both as an improvement over CRAM-MD5 [RFC2195] and as a convenient
skipping to change at page 5, line 49 skipping to change at page 5, line 49
8. The cryptographic primitives in DIGEST-MD5 are not up to today's 8. The cryptographic primitives in DIGEST-MD5 are not up to today's
standards, in particular: standards, in particular:
A. The MD5 hash is sufficiently weak to make a brute force A. The MD5 hash is sufficiently weak to make a brute force
attack on DIGEST-MD5 easy with common hardware. attack on DIGEST-MD5 easy with common hardware.
B. Using the RC4 algorithm for the security layer without B. Using the RC4 algorithm for the security layer without
discarding the initial key stream output is prone to attack. discarding the initial key stream output is prone to attack.
C. The DES cipher for the security layer is considered insecure
due to its small key space.
Note that most of the problems listed above are already present in Note that most of the problems listed above are already present in
the HTTP Digest authentication mechanism. the HTTP Digest authentication mechanism.
Because DIGEST-MD5 was defined as an extensible mechanism, it would Because DIGEST-MD5 was defined as an extensible mechanism, it would
be possible to fix most of the problems listed above. However this be possible to fix most of the problems listed above. However this
would increase implementation complexity of an already complex would increase implementation complexity of an already complex
mechanism even further, so the effort would not be worth the cost. mechanism even further, so the effort would not be worth the cost.
In addition, an implementation of a "fixed" DIGEST-MD5 specification In addition, an implementation of a "fixed" DIGEST-MD5 specification
would likely either not interoperate with any existing implementation would likely either not interoperate with any existing implementation
of RFC 2831, or would be vulnerable to various downgrade attacks. of RFC 2831, or would be vulnerable to various downgrade attacks.
Note that despite DIGEST-MD5 seeing some deployment on the Internet, Note that despite DIGEST-MD5 seeing some deployment on the Internet,
this specification recommends obsoleting DIGEST-MD5 because DIGEST- this specification recommends obsoleting DIGEST-MD5 because DIGEST-
MD5, as implemented, is not a reasonable candidate for further MD5, as implemented, is not a reasonable candidate for further
standardization and should be deprecated in favor of one or more new standardization and should be deprecated in favor of one or more new
password-based mechanisms currently being designed. password-based mechanisms currently being designed.
The SCRAM family of SASL mechanisms [RFC5802] has been developed to
provide similar features as DIGEST-MD5 but with a better design.
2. Security Considerations 2. Security Considerations
Security issues are discussed through out this document. Security issues are discussed through out this document.
3. IANA Considerations 3. IANA Considerations
IANA is requested to change the "Intended usage" of the DIGEST-MD5 IANA is requested to change the "Intended usage" of the DIGEST-MD5
mechanism registration in the SASL mechanism registry to OBSOLETE. mechanism registration in the SASL mechanism registry to OBSOLETE.
The SASL mechanism registry is specified in [RFC4422] and is The SASL mechanism registry is specified in [RFC4422] and is
currently available at: currently available at:
skipping to change at page 7, line 26 skipping to change at page 7, line 32
[RFC4013] Zeilenga, K., "SASLprep: Stringprep Profile for User Names [RFC4013] Zeilenga, K., "SASLprep: Stringprep Profile for User Names
and Passwords", RFC 4013, February 2005. and Passwords", RFC 4013, February 2005.
[RFC4422] Melnikov, A. and K. Zeilenga, "Simple Authentication and [RFC4422] Melnikov, A. and K. Zeilenga, "Simple Authentication and
Security Layer (SASL)", RFC 4422, June 2006. Security Layer (SASL)", RFC 4422, June 2006.
[RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, January 2008. Specifications: ABNF", STD 68, RFC 5234, January 2008.
[RFC5802] Newman, C., Menon-Sen, A., Melnikov, A., and N. Williams,
"Salted Challenge Response Authentication Mechanism
(SCRAM) SASL and GSS-API Mechanisms", RFC 5802, July 2010.
Author's Address Author's Address
Alexey Melnikov Alexey Melnikov
Isode Limited Isode Limited
5 Castle Business Village 5 Castle Business Village
36 Station Road 36 Station Road
Hampton, Middlesex TW12 2BX Hampton, Middlesex TW12 2BX
UK UK
Email: Alexey.Melnikov@isode.com Email: Alexey.Melnikov@isode.com
 End of changes. 8 change blocks. 
9 lines changed or deleted 19 lines changed or added

This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/