Hi folks, I'm forwarding this email that was posted to the IETF working group responsible for SASL improvements, because I think it is quite relevant to people here, yet many are probably not following the kitten mailing list. I'm aware that by now most XMPP projects have received feature requests to implement what are essentially obscure flavours of SCRAM, without much rationale beyond what can be paraphrased as "the numbers are bigger, and therefore better". If we decide to move the protocol and ecosystem beyond SCRAM-SHA-1 (which is required by the current RFC) and possibly SCRAM-SHA-256, it should be with the necessary attention paid to interoperability and security. All current feature requests I've seen lack this. ---------- Forwarded message --------- From: Simon Josefsson <simon=40josefsson.org(a)dmarc.ietf.org> Date: Thu, 2 May 2024, 09:20 Subject: [kitten] SCRAM-SHA512 and SCRAM-SHA3 To: <kitten(a)ietf.org> Hi I'm seeing push on implementers to add support for these variants, and I noticed new drafts were published recently. I want to repeat some earlier concerns. I believe the cost of having these two mechanisms as standard mechanisms in the ecosystem costs more than any advantages we would get out of them. There is still no cryptographic attack on HMAC-MD5, yet alone the HMAC-SHA1 or HMAC-SHA256 that are used in SCRAM-SHA1 and SCRAM-SHA256 that we are still seeing deployment of. Adding SCRAM-SHA512/SHA3 variants create additional requirements on hashed password database formats and APIs, since they are not compatible with SCRAM-SHA1 and SCRAM-SHA256. Parametrization of security protocols and algorithms are generally a bad idea as it adds complexity which reduce security. There is the negotiation interop problem if a server has one credential but not the other for a subset of users. If some people are using these variants, I would agree that having them documented is useful. Then I believe the category should be Informational rather than standards track, and warnings about the problems should be added. /Simon _______________________________________________ Kitten mailing list Kitten(a)ietf.org https://www.ietf.org/mailman/listinfo/kitten