> -----Original Message-----
> From: Michael Sweet [mailto:mike at easysw.com]
> Sent: Monday, April 12, 1999 10:42 AM
> To: Paul Leach
> Cc: Larry Masinter; Paul Moore; IETF-IPP
> Subject: Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest
> Authentication
>>> Paul Leach wrote:
> > ...
> > That's a non-sequiter. It does not contradict Larry's statement at
> > all.
>> No, but his statement implied that Digest is immune from passive
> attacks, which for many/most of the current implementations it is NOT.
Any conformant implementation is immune from passive attacks (if passwords
are well chosen -- see next comment).
>> > Digest with a strong password is proof against passive attacks (such
> > as sniffing). Basic isn't.
>> It has nothing to do with the "strength" of the password (what does
> that even mean???),
A strong password is one that isn't in a dictionary and is long enough and
random enough that brute force is too expensive to be feasible.
> but it has everything to do with what level of
> protection a server implementation provides, basically how often the
> nonce value is changed and whether or not the server does message
> body authentication.
No, protection against passive attacks has nothing to do with any of those
things. A replay attack could exploit slowly changing nonces, but it's an
active attack. If message body is not authenticated, you could change the
message body, but that's an active attack, too.
It appears to me that you are using an incorrect definition of "passive
attack".
>> The Apache Digest authentication module, for example, seems to accept
> any incoming nonce value for authorization.
So what?
Just because RFC 2069 has options, doesn't mean that IPP has to allow the
use of less-secure ones. There is no reason that the IPP spec for security
can't mandate that nonce-count is used (so nonces change every time), and
the message integrity is used (if those are what the WG decides are needed
to meet its security objectives).
Paul