On Wed, Mar 4, 2015 at 5:03 PM, Stephen Frost <sfr...@snowman.net> wrote:
> Magnus, > > * Magnus Hagander (mag...@hagander.net) wrote: > > On Wed, Mar 4, 2015 at 4:52 PM, Stephen Frost <sfr...@snowman.net> > wrote: > > > A lot of discussion has been going on with SCRAM and SASL, which is all > > > great, but that means we end up with a dependency on SASL or we have to > > > reimplement SCRAM (which I've been thinking might not be a bad idea- > > > it's actually not that hard), but another suggestion was made which may > > > > I'd really rather not add a dependency on SASL if we can avoid it. I > > haven't read up on SCRAM, but if it's reasonable enough to reimplement - > or > > if there is a BSD licensed implementation that we can import into our own > > sourcetree without adding a dependency on SASL, that sounds like a good > way > > to proceed. > > I actually like the idea of supporting SASL generally, but I agree that > we don't really want to force it as a dependency. I've started looking > around for BSD-licensed SCRAM implementations and will update with any I > find that are worthwhile to review. > > > > be worthwhile to consider- OpenSSL and GnuTLS both support TLS-SRP, the > > > RFC for which is here: http://www.ietf.org/rfc/rfc5054.txt. We > already > > > have OpenSSL and therefore this wouldn't create any new dependencies > and > > > might be slightly simpler to implement. > > > > OpenSSL is not a *requirement* today, it's an optional dependency. Given > > it's license we really can't make it a mandatory requirement I think. So > if > > we go down that route, we still leave md5 in there as the one that works > > everywhere. > > > > Also AFAICT TLS-SRP actually requires the connection to be over TLS - so > > are you suggesting that TLS becomes mandatory? > > > > It sounds like something that could be interesting to have, but not as a > > solution to the "md5 problem", imo. > > No, I'm not suggesting that OpenSSL or TLS become mandatory but was > thinking it might be good alternative as a middle-ground between full > client-and-server side certificates and straight password-based auth > (which is clearly why it was invented in the first place) and so, yes, > md5 would still have to be kept around, but we'd at least be able to > deprecate it and tell people "Use TLS-SRP if you really want to use > passwords and care about network security". > > SCRAM doesn't actually fix the issue with network connection hijacking > or eavesdropping, except to the extent that it protects the password > itself, and so we might want to recommend, for people who are worried > about network-based attacks, using TLS-SRP. > Assuming we do implement SCRAM, what does TLS-SRP give us that we wouldn't get by just using SCRAM over a TLS connection? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/