Re: Security Considerations

Robert Sayre <sayrer-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx> wrote:

> On 8/10/06, Eric Rescorla 
> <ekr-wquOhMu7Nthx1G/IGiyUYVaTQe2KTcn/@public.gmane.org> wrote:
> >
> > As has been observed previously, Digest implementation hasn't been
> > a problem with SIP, so I don't find this argument particularly
> > convincing.
> 
> Well, I encourage you to try selling Digest to the server implementers
> in the audience.

As previously noted, not my problem.


> > But I don't  agree that it doesn't provide much additional protection:
> > if you use nonces it prevents against replay of a reusable
> > credential. That's very important.
> 
> The jist of the article I linked above was that the MitM can get the
> server to issue a nonce at will, so Digest makes a getting a reusable
> credential just a tiny tiny bit harder.
> 
> " effectively, all that has been done is to raise the bar from
> somebody who can play games with DNS and routers to somebody who can
> play games with DNS and routers AND do an if check."

I don't agree with that analysis. The attack you're talking about
is active, but Basic has passive attacks. Moreover, in the
setting you're discussing the credential isn't reusable.
Once the user disconnects and the server times out his
session, the attacker can't reconnect. That's an important
difference.

-Ekr