mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-21 08:45:04 -05:00
Merge branch 'feature/xep-0440' into premerge
This commit is contained in:
commit
1d993a092e
65
xep-0440.xml
65
xep-0440.xml
@ -23,6 +23,15 @@
|
||||
<supersededby/>
|
||||
<shortname>sasl-cb-types</shortname>
|
||||
&flow;
|
||||
<revision>
|
||||
<version>0.2.0</version>
|
||||
<date>2020-08-04</date>
|
||||
<initials>fs</initials>
|
||||
<remark>
|
||||
Discuss interaction with SASL mechanism and add security considerations.
|
||||
Recommend implementation of tls-server-end-point.
|
||||
</remark>
|
||||
</revision>
|
||||
<revision>
|
||||
<version>0.1.0</version>
|
||||
<date>2020-06-14</date>
|
||||
@ -88,11 +97,56 @@
|
||||
|
||||
</section1>
|
||||
|
||||
<section1 topic='Interaction with SASL mechanisms' anchor='sasl-mech-interaction'>
|
||||
|
||||
<p>Some channel-binding enabled SASL mechanisms reflect the server's
|
||||
presumed channel-binding abilities back to the server. This prevents
|
||||
SASL-mechanism stripping attacks, where a Man in the Middle (MITM)
|
||||
removes certain SASL mechanisms in an attempt to downgrade the
|
||||
mechanism choosen for authentication to a non-channel-binding enabled
|
||||
one. An example of a SASL mechanism family with this feature is
|
||||
&rfc5802;. This standard specifies the gs2-cbind-flag. The flag has a
|
||||
tristate value of "I don't support channel-binding" (n), "I think you
|
||||
do not support channel-binding, but I do" (y), or, "Let us use
|
||||
channel-binding type X" (p).</p>
|
||||
|
||||
<p>Clients using the information provided
|
||||
via <sasl-channel-binding/> MAY want to indicate to the server
|
||||
that they do not support channel-binding (even if they do) if no
|
||||
mutual supported channel-binding type was found. The only alternative
|
||||
is, that the client signals the server that he believes that the server
|
||||
does not support channel binding. But this may cause the server to
|
||||
terminate the connection, because it indicates a potential ongoing
|
||||
SASL-mechanism stripping attack.</p>
|
||||
|
||||
</section1>
|
||||
|
||||
<section1 topic='Security Considerations' anchor='security'>
|
||||
|
||||
<p>The author belives that this document itself does not yield any
|
||||
new security considerations.<note>Hopefully somebody will correct him, in
|
||||
case he is wrong.</note></p>
|
||||
<p>If a client signals to the server that he does not support
|
||||
channel binding, because it found no mutual supported
|
||||
channel-binding types, another MITM attack
|
||||
vector is introduced. An active attacker could replace the
|
||||
<sasl-channel-binding;> list with channel bindings unlikely
|
||||
(or impossible) to be supported by the client. If the client is
|
||||
configured to use non-channel-binding SASL mechanisms as a fallback,
|
||||
this could be used to downgrade the connection security. Note that
|
||||
this attack is a different one than the SASL-mechanism stripping one:
|
||||
Here the attacker tempers with the announced channel-binding types,
|
||||
i.e., the values within <sasl-channel-binding;></p>
|
||||
|
||||
<p>Depending on the application's security policy, clients may
|
||||
refrain from falling back to non-channel-binding SASL mechanisms
|
||||
if no mutual supported channel-binding type is available.
|
||||
Alternatively, they may try channel-binding with a supported type
|
||||
nevertheless. To mitigate the attack describe above, clients
|
||||
could "pin" the announced channel bindings types by a service. In that
|
||||
case, implementations may want to allow the set of pinned channel-binding
|
||||
types to be extended to stronger ones.</p>
|
||||
|
||||
<p>As further mitigation, it is RECOMMENDED to implement the
|
||||
channel-binding type tls-server-end-point (&rfc5929;) to increase the
|
||||
probability of a mutual supported channel-binding type.</p>
|
||||
|
||||
</section1>
|
||||
|
||||
@ -117,7 +171,10 @@
|
||||
<section1 topic='Acknowledgements' anchor='acknowledgements'>
|
||||
|
||||
<p>Thanks to Sam Whited for the discussion about the underlying
|
||||
issue and incentivizing me to come up with this extension.</p>
|
||||
issue and incentivizing me to come up with this extension. Further
|
||||
thanks goes to Ruslan N. Marchenko for pointing out the possible
|
||||
MITM attack vector. Last but not least, Dave Cridland provided
|
||||
valuable feedback.</p>
|
||||
|
||||
</section1>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user