SASL Working Group                                           A. Melnikov
Internet-Draft                                             Isode Limited
Intended status: Standards Track                       November 19, 2008
Expires: May 23, 2009


                 LDAP schema for storing SCRAM secrets
                   draft-melnikov-sasl-scram-ldap-01

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on May 23, 2009.

Abstract

   This memo describes how authPassword LDAP attribute can be used for
   storing secrets used by Salted Challenge Response (SCRAM) Simple
   Authentication and Security Layer (SASL) Mechanism.

Note

   A revised version of this draft document will be submitted to the RFC
   editor as a Proposed Standard for the Internet Community.  Discussion
   and suggestions for improvement are requested, and should be sent to
   ietf-sasl@imc.org.





Melnikov                  Expires May 23, 2009                  [Page 1]

Internet-Draft    LDAP schema for storing SCRAM secrets    November 2008


Table of Contents

   1.    Overview  . . . . . . . . . . . . . . . . . . . . . . . . . . 3

   2.    Security Considerations . . . . . . . . . . . . . . . . . . . 3

   3.    IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4

   4.    Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . 4

   5.    References  . . . . . . . . . . . . . . . . . . . . . . . . . 4
   5.1.  Normative References  . . . . . . . . . . . . . . . . . . . . 4
   5.2.  Informative References  . . . . . . . . . . . . . . . . . . . 4

         Author's Address  . . . . . . . . . . . . . . . . . . . . . . 4
         Intellectual Property and Copyright Statements  . . . . . . . 6



































Melnikov                  Expires May 23, 2009                  [Page 2]

Internet-Draft    LDAP schema for storing SCRAM secrets    November 2008


1.  Overview

   This memo defines a family of schema for authPassword attribute
   defined in [AUTHPASS].  Non terminal references in the following ABNF
   are defined in either [AUTHPASS] or [RFC5234].

      The "scheme" part of the authPassword attribute is the SCRAM
      mechanism name, e.g.  "SCRAM-HMAC-SHA-1".  See [SCRAM] for the
      exact syntax of SCRAM mechanism names.

      The "authInfo" part of the authPassword attribute is the iteration
      count, followed by ":" and base-64 [BASE64] encoded salt.

      The "authValue" part of the authPassword attribute is the base-64
      [BASE64] encoded StoredKey [SCRAM], followed by ":" and base-64
      [BASE64] encoded ServerKey [SCRAM].

   Syntax of the attribute can be expressed using ABNF [RFC5234]:

       scram-mech     = "SCRAM-HMAC-SHA-1"
                        ;; Complies with ABNF for <scheme>

       scram-authInfo = iter-count ":" salt
                        ;; Complies with ABNF for <authInfo>

       scram-authValue = stored-key ":" server-key
                        ;; Complies with ABNF for <authValue>

       iter-count   = %x31-39 *DIGIT
                      ; a positive number without leading zeros

       salt         = <<base-64 encoded value>>

       stored-key   = <<base-64 encoded value>>

       server-key   = <<base-64 encoded value>>

   [[anchor2: Add an example.]]

   Note that the authPassword attribute is multivalued.  For example, it
   may contain multiple SCRAM hashes for different hashing algorithms.


2.  Security Considerations

   Servers MUST validate format of the saslSecretScram attribute before
   using it for performing a SCRAM authentication exchange.  It is
   possible that an attacker compromised the LDAP server or got access



Melnikov                  Expires May 23, 2009                  [Page 3]

Internet-Draft    LDAP schema for storing SCRAM secrets    November 2008


   to the entry containing the attribute in order to exploit a
   vulnerability in the subsystem performing SCRAM authentication
   exchange.  Big iteration counts and invalid base-64 encoding are two
   possible (but not the only) exploits in the format specified in the
   document.

   [[anchor3: TBD.]]


3.  IANA Considerations

   No action is required from IANA.


4.  Acknowledgements

   The author gratefully acknowledges the feedback provided by Chris
   Newman and Kurt Zeilenga.


5.  References

5.1.  Normative References

   [AUTHPASS]
              Zeilenga, K., "LDAP Authentication Password Schema",
              RFC 3112, May 2001.

   [BASE64]   Josefsson, S., "The Base16, Base32, and Base64 Data
              Encodings", RFC 4648, October 2006.

   [RFC5234]  Crocker, D. and P. Overell, "Augmented BNF for Syntax
              Specifications: ABNF", STD 68, RFC 5234, January 2008.

   [SCRAM]    Menon-Sen, A. and C. Newman, "Salted Challenge Response
              (SCRAM) SASL Mechanism", draft-newman-auth-scram-07.txt
              (work in progress), July 2008.

5.2.  Informative References

   [RFC4422]  Melnikov, A. and K. Zeilenga, "Simple Authentication and
              Security Layer (SASL)", RFC 4422, June 2006.









Melnikov                  Expires May 23, 2009                  [Page 4]

Internet-Draft    LDAP schema for storing SCRAM secrets    November 2008


Author's Address

   Alexey Melnikov
   Isode Limited
   5 Castle Business Village
   36 Station Road
   Hampton, Middlesex  TW12 2BX
   UK

   Email: alexey.melnikov@isode.com
   URI:   http://www.melnikov.ca/








































Melnikov                  Expires May 23, 2009                  [Page 5]

Internet-Draft    LDAP schema for storing SCRAM secrets    November 2008


Full Copyright Statement

   Copyright (C) The IETF Trust (2008).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.











Melnikov                  Expires May 23, 2009                  [Page 6]