Ignore:
Timestamp:
13/07/08 19:21:18 (14 years ago)
Author:
paul.hoffman@…
Message:

Turned in security-properties-02, failed to make the stuff in "latest".

File:
1 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis-security-properties/latest/draft-ietf-httpbis-security-properties.xml

    r221 r278  
    11<?xml version="1.0" encoding="UTF-8"?>
    2 <!DOCTYPE rfc [
     2<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
    33<!ENTITY rfc2026 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2026.xml">
    44<!ENTITY rfc2109 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2109.xml">
     
    1010<!ENTITY rfc3631 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3631.xml">
    1111<!ENTITY rfc3986 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3986.xml">
     12<!ENTITY rfc4178 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4178.xml">
    1213<!ENTITY rfc4559 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4559.xml">
    1314]>
    1415
    1516<rfc category="info" ipr="full3978"
    16   docName="draft-ietf-httpbis-security-properties-01">
     17  docName="draft-ietf-httpbis-security-properties-02">
    1718
    1819<?xml-stylesheet type='text/xsl' href='rfc2629xslt/rfc2629.xslt' ?>
     
    3839     <address><email>alexey.melnikov@isode.com</email> </address>
    3940  </author>
    40   <date year="2008" month="February"/>
     41  <date year="2008" month='July'/>
    4142  <abstract>
    4243    <t>Recent IESG practice dictates that IETF protocols must specify
     
    125126all cases (credentials are not differentiated in the protocol).</t>
    126127
    127 <t>HTML forms provide a facility for sites to indicate that a password
    128 should never be pre-populated.
    129 [[ More needed here on autocomplete ]]</t>
     128<t>Many Web browsers have an auto-complete feature that stores a
     129user's information and pre-populates fields in forms. This is
     130considered to be a convenience mechanism, and convenience mechanisms
     131often have negative security properties. The security concerns with
     132auto-completion are particularly poignant for web browsers that reside
     133on computers with multiple users. HTML forms provide a facility for
     134sites to indicate that a field, such as a password, should never be
     135pre-populated. However, it is clear that some form creators do not use
     136this facility when they should.</t>
    130137
    131138<t>The cookies that result from a successful form submission make it
     
    207214<t>Digest is extremely susceptible to offline dictionary attacks,
    208215making it practical for attackers to perform a namespace walk
    209 consisting of a few million passwords
    210 [[ CITATION NEEDED ]].</t>
     216consisting of a few million passwords for most users.</t>
    211217
    212218<t>Many of the most widely-deployed HTTP/1.1 clients are not compliant
     
    227233</section>
    228234
     235<section title="Authentication Using Certificates in TLS">
     236
     237<t>Running HTTP over TLS provides authentication of the HTTP server to
     238the client. HTTP over TLS can also provides authentication of the
     239client to the server using certificates. Although forms are a much
     240more common way to authenticate users to HTTP servers, TLS client
     241certificates are widely used in some environments.  The
     242public key infrastructure (PKI) used
     243to validate certificates in TLS can be rooted in public trust anchors
     244or can be based on local trust anchors.</t>
     245
     246</section>
     247
    229248<section title="Other Access Authentication Schemes">
    230249
     
    235254<section title="Negotiate (GSS-API) Authentication">
    236255
    237 <t>[[ A discussion about "SPNEGO-based Kerberos and NTLM HTTP
    238 Authentication in Microsoft Windows" <xref target='RFC4559'/>
    239 goes here. ]]</t>
     256<t>Microsoft has designed an HTTP authentication mechanism that utilizes
     257SPNEGO <xref target="RFC4178"/> GSSAPI <xref target='RFC4559'/>. In Microsoft's
     258implementation, SPNEGO allows selection between Kerberos and NTLM (Microsoft NT
     259Lan Manager protocols).</t>
     260
     261<t>In Kerberos, clients and servers rely on a trusted third-party authentication service
     262which maintains its own authentication database. Kerberos is typically used with shared
     263secret key cryptography, but extensions for use of other authentication mechnanisms such
     264as PKIX certificates and two-factor tokens are also common.
     265Kerberos was designed to work under the assumption that packets traveling along
     266the network can be read, modified, and inserted at will.</t>
     267
     268<t>Unlike Digest, Negotiate authentication can take multiple round trips (client sending
     269authentication data in Authorization, server sending authentication data in WWW-Authenticate)
     270to complete.
     271</t>
     272
     273<t>Kerberos authentication is generally more secure than Digest. However the requirement
     274for having a separate network authentication service might be a barrier to deployment.</t>
     275
     276<!--
     277Kerberos didn't support Unicode till relatively recently. I am not sure if this
     278is an issue with Microsoft's implementation.
     279-->
    240280
    241281</section>
     
    281321<section title="Transport Layer Security">
    282322
    283 <t>[[ A discussion of HTTP over TLS needs to be added
    284 here. ]]</t>
    285 
    286 <t>[[ Discussion of connection confidentiality should be separate from
    287 the discussion of access authentication based on mutual authentication with
    288 certificates in TLS. ]]</t>
     323<t>In addition to using TLS for client and/or server authentication, it is also
     324very commonly used to protect the confidentiality and integrity of the
     325HTTP session. For instance, both HTTP Basic authentication and Cookies
     326are often protected against snooping by TLS.</t>
     327
     328<t>It should be noted that, in that case, TLS does not protect against a
     329breach of the credential store at the server or against a keylogger or
     330phishing interface at the client. TLS does not change the fact that
     331Basic Authentication passwords are reusable and does not address that
     332weakness.</t>
    289333
    290334</section>
     
    327371&rfc3631;
    328372&rfc3986;
     373&rfc4178;
    329374&rfc4559;
    330375
     
    336381  <organization />
    337382  </author>
    338   <date year='' month='' />
     383<date year='' month='' />
    339384</front>
    340385</reference>
     
    394439
    395440</section>
     441
    396442
    397443<section title='Changes between -00 and -01'>
     
    438484</section>
    439485
     486
     487<section title='Changes between -01 and -02'>
     488
     489<t>In section 2.1, added more to the paragraph on auto-completion of
     490HTML forms.</t>
     491
     492<t>Added the section on TLS for authentication.</t>
     493
     494<t>Filled in section 2.5.</t>
     495
     496</section>
     497
     498
    440499</section>
    441500
     
    443502
    444503</rfc>
    445 
Note: See TracChangeset for help on using the changeset viewer.