> (1) "known weaknesses [citations]" is significantly different > from "we don't like it" or "we assert it is bad" or even "we > don't like things unless they contain several additional > layers". The third of these might be a reasonable statement, > but would require even more justification because... Times change. Today, using challenge response mechanisms such as CRAM-MD5 over un-encrypted channels is not much more secure than sending password in clear text. If a third party can listen to the challenge and response, and then mount a dictionary attack. Steve Bellovin was alluding to the "evil twin" attack on wireless network. Allow me to elaborate. The technique allows an attacker to lure unsuspecting travelers to connect to an un-protected wireless network under the attacker control. Very often, laptops are programmed to fetch pending e-mail as soon as they connect to a network. The laptop will try resolve "mail.example.com", and start a POP3 or IMAP exchange. The attacker controls the DNS service on the wireless network, and will easily spoof the server. It will then respond to the connection with a CRAM-MD5 challenge, and harvest the e-mail address of the victim as well as the answer to the challenge. The attacker is now in a position to obtain the e-mail and password pair for the victim. The attack lasts a few seconds, and may not require any particular action by the victim. IETF protocols should not endorse the use of unprotected challenge-response mechanism. They certainly should not lure clients to accept challenges from unauthenticated servers. -- Christian Huitema _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf