Magnus, * Magnus Hagander (mag...@hagander.net) wrote: > On Wed, Mar 4, 2015 at 4:52 PM, Stephen Frost <sfr...@snowman.net> wrote: > > A lot of discussion has been going on with SCRAM and SASL, which is all > > great, but that means we end up with a dependency on SASL or we have to > > reimplement SCRAM (which I've been thinking might not be a bad idea- > > it's actually not that hard), but another suggestion was made which may > > I'd really rather not add a dependency on SASL if we can avoid it. I > haven't read up on SCRAM, but if it's reasonable enough to reimplement - or > if there is a BSD licensed implementation that we can import into our own > sourcetree without adding a dependency on SASL, that sounds like a good way > to proceed.
I actually like the idea of supporting SASL generally, but I agree that we don't really want to force it as a dependency. I've started looking around for BSD-licensed SCRAM implementations and will update with any I find that are worthwhile to review. > > be worthwhile to consider- OpenSSL and GnuTLS both support TLS-SRP, the > > RFC for which is here: http://www.ietf.org/rfc/rfc5054.txt. We already > > have OpenSSL and therefore this wouldn't create any new dependencies and > > might be slightly simpler to implement. > > OpenSSL is not a *requirement* today, it's an optional dependency. Given > it's license we really can't make it a mandatory requirement I think. So if > we go down that route, we still leave md5 in there as the one that works > everywhere. > > Also AFAICT TLS-SRP actually requires the connection to be over TLS - so > are you suggesting that TLS becomes mandatory? > > It sounds like something that could be interesting to have, but not as a > solution to the "md5 problem", imo. No, I'm not suggesting that OpenSSL or TLS become mandatory but was thinking it might be good alternative as a middle-ground between full client-and-server side certificates and straight password-based auth (which is clearly why it was invented in the first place) and so, yes, md5 would still have to be kept around, but we'd at least be able to deprecate it and tell people "Use TLS-SRP if you really want to use passwords and care about network security". SCRAM doesn't actually fix the issue with network connection hijacking or eavesdropping, except to the extent that it protects the password itself, and so we might want to recommend, for people who are worried about network-based attacks, using TLS-SRP. Thanks! Stephen
Description: Digital signature