draft-ietf-kitten-digest-to-historic-03.txt   draft-ietf-kitten-digest-to-historic-04.txt 
Kitten Working Group A. Melnikov Kitten Working Group A. Melnikov
Internet-Draft Isode Limited Internet-Draft Isode Limited
Intended status: Informational March 28, 2011 Obsoletes: RFC 2831 (if approved) April 22, 2011
Expires: September 29, 2011 (if approved)
Intended status: Informational
Expires: October 24, 2011
Moving DIGEST-MD5 to Historic Moving DIGEST-MD5 to Historic
draft-ietf-kitten-digest-to-historic-03 draft-ietf-kitten-digest-to-historic-04
Abstract Abstract
This memo describes problems with the DIGEST-MD5 Simple This memo describes problems with the DIGEST-MD5 Simple
Authentication and Security Layer (SASL) mechanism as specified in Authentication and Security Layer (SASL) mechanism as specified in
RFC 2831. It recommends that DIGEST-MD5 to be marked as OBSOLETE in RFC 2831. It marks DIGEST-MD5 as OBSOLETE in the IANA Registry of
the IANA Registry of SASL mechanisms, and that RFC 2831 be moved to SASL mechanisms, and moves RFC 2831 to Historic. status.
Historic status.
Note
A revised version of this draft document will be submitted to the RFC
editor as a Informational document for the Internet Community.
Discussion and suggestions for improvement are requested, and should
be sent to kitten@ietf.org.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 29, 2011. This Internet-Draft will expire on October 24, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 7 skipping to change at page 2, line 20
modifications of such material outside the IETF Standards Process. modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other it for publication as an RFC or to translate it into languages other
than English. than English.
Table of Contents Table of Contents
1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Security Considerations . . . . . . . . . . . . . . . . . . . 6 2. Security Considerations . . . . . . . . . . . . . . . . . . . 5
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5
5. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
5.1. Normative References . . . . . . . . . . . . . . . . . . . . 7 5.1. Normative References . . . . . . . . . . . . . . . . . . . . 6
5.2. Informative References . . . . . . . . . . . . . . . . . . . 7 5.2. Informative References . . . . . . . . . . . . . . . . . . . 6
Author's Address . . . . . . . . . . . . . . . . . . . . . . 8 Author's Address . . . . . . . . . . . . . . . . . . . . . . 7
1. Overview 1. Overview
[RFC2831] defined how HTTP Digest Authentication [RFC2617] can be [RFC2831] defined how HTTP Digest Authentication [RFC2617] can be
used as a Simple Authentication and Security Layer (SASL) [RFC4422] used as a Simple Authentication and Security Layer (SASL) [RFC4422]
mechanism for any protocol that has a SASL profile. It was intended mechanism for any protocol that has a SASL profile. It was intended
both as an improvement over CRAM-MD5 [RFC2195] and as a convenient both as an improvement over CRAM-MD5 [RFC2195] and as a convenient
way to support a single authentication mechanism for web, email, way to support a single authentication mechanism for web, email,
LDAP, and other protocols. While it can be argued that it was an LDAP, and other protocols. While it can be argued that it was an
improvement over CRAM-MD5, many implementors commented that the improvement over CRAM-MD5, many implementors commented that the
skipping to change at page 5, line 34 skipping to change at page 4, line 34
6. DIGEST-MD5 outer hash (the value of the "response" directive) 6. DIGEST-MD5 outer hash (the value of the "response" directive)
didn't protect the whole authentication exchange, which made the didn't protect the whole authentication exchange, which made the
mechanism vulnerable to "man in the middle" (MITM) attacks, such mechanism vulnerable to "man in the middle" (MITM) attacks, such
as modification of the list of supported qops or ciphers. as modification of the list of supported qops or ciphers.
7. The following features are missing from DIGEST-MD5, which make it 7. The following features are missing from DIGEST-MD5, which make it
insecure or unsuitable for use in protocols: insecure or unsuitable for use in protocols:
A. Lack of channel bindings [RFC5056]. A. Lack of channel bindings [RFC5056].
B. Lack of hash agility. B. Lack of hash agility (i.e. no easy way to replace the MD5
hash function with another one).
C. Lack of support for SASLPrep [RFC4013] or any other type of C. Lack of support for SASLPrep [RFC4013] or any other type of
Unicode character normalization of usernames and passwords. Unicode character normalization of usernames and passwords.
The original DIGEST-MD5 document predates SASLPrep and The original DIGEST-MD5 document predates SASLPrep and
doesn't recommend any Unicode character normalization. doesn't recommend any Unicode character normalization.
8. The cryptographic primitives in DIGEST-MD5 are not up to today's 8. The cryptographic primitives in DIGEST-MD5 are not up to today's
standards, in particular: standards, in particular:
A. The MD5 hash is sufficiently weak to make a brute force A. The MD5 hash is sufficiently weak to make a brute force
 End of changes. 11 change blocks. 
23 lines changed or deleted 18 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/