Christian Huitema wrote: > both Steve Bellovin and I presented the issues with such > techniques. Is that presentation online available somewhere ? I find the way to http://www3.ietf.org/proceedings/05aug/index.html but then I'm lost. > Basic challenge response mechanisms like CRAM-MD5 are simply > too weak to be used on the Internet. They are subject to > dictionary attacks, which can retrieve the password in a very > short time. For a password in the dictionary, and if somebody sees the challenge and the response. With a somewhat unusual password I wouldn't know how an attack works. That's my real problem: If users or worse implementors don't know how stuff works it's bad. What you end up with are some hypothetical situations like this: - a lottery with a cute crypto random algorithm, and everybody thought that it's perfect. Turns out that it's useless if the list of participants is published together with the result of the lottery. - a nice library where implementors use it as documented. A few years later the IETF changes an obscure default in the library, and again years later an IETF WG decides that the implementations using the updated library are non-conforming - an IETF ticket system where apparently nobody (and certainly not me) knows precisely why it used to work with my browser until summer 2005, but doesn't anymore - ditto a famous bookshop where I ordered books securely for years, and now I use their insecure interface, because the former doesn't work anymore for me (only their server for the secure icons, but bad enough to be unusable for orders) - a browser test site by a CERT where nobody knows why their test suite doesn't work with my browser (other test sites find no problem). - an IETF server where my browser tells me again and again that the server certificate expired 1998 (the correct behaviour for this situation as far as I can judge it), but I'm pretty sure that it did work before The good thing with CRAM-MD5 is that I know how it works, and that I have at least some ideas about its limitations. I'm not really interested to negotiate charsets (especially not if it boils down to "do you want UTF-8 or give up?"), security layers (for a mail submission), or hash algorithms (by picking CRAM-MD5 that point is moot). Frank _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf