[4714] in WWW Security List Archive
Re: SecureID alternatives?
daemon@ATHENA.MIT.EDU (Phillip M Hallam-Baker)
Fri Mar 7 16:32:17 1997
From: "Phillip M Hallam-Baker" <hallam@ai.mit.edu>
To: "Dave Kristol" <dmk@bell-labs.com>, "Vin McLellan" <vin@shore.net>
Cc: <www-security@ns2.rutgers.edu>
Date: Fri, 7 Mar 1997 14:00:15 -0500
Errors-To: owner-www-security@ns2.rutgers.edu
> It sounds like you're reading too much into the spec, or haven't read it
at all.
> DAA is meant to be a *more* (but certainly not *highly*) secure drop-in
> replacement for Basic Authentication.
To be precise Jeff Hosteler and myself proposed the scheme to stop the
sending of passwords over the net en-clair. It had to be a one for one drop
in replacement. That severely limited what could be done.
> The main use for the entity digest is to assure the integrity of the
entity (and
> remember it can be used either server->client or client->server). It was
never
> meant to assure authenticity of the entity. That's what SSL and S-HTTP
are for.
I still think we have a hole in the HTTP spec. S-HTTP has failed to achieve
any meaningful level of support and SSL is a transport layer security
system.
If we want to use the Web for collaboration we do need a system working at
the
transaction layer. In fact according to all IETF records this is the actual
purpose
of this mailing list. Scary huh?
Given that Diffie Hellman is shortly to be out of patent we should consider
a D-H
variant of the scheme.
> Right now the degree of coordination between the client and server is a
username
> and password. Indeed, because of the nature of the DAA
challenge/response, the
> server might not actually *know* the password (secret), only a hash of it
and
> other things. So there might be *no* shared secret with which you can
key a hash
> in either direction.
Not quite, the shared secret is the hash of the password. That is the
reason for
including the host name. It means that if one site has its password file
hacked
only that site is compromised. It is nevertheless the case that client and
server
use a shared secret.
> The Digest Access Authentication scheme is not intended to be a
> complete answer to the need for security in the World Wide Web. This
> scheme provides no encryption of object content. The intent is simply
> to create a weak access authentication method which avoids the most
> serious flaws of Basic authentication.
Absolutely...
On an allied point, has Microsoft ever written up its NT authentication
system?
Phill
