[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Handle-info] Protocol spec >= 2.1

On 2014-01-28, at 10:22 , Eric Auer <eric.auer@mpi.nl> wrote:
>> 2.1: Use SHA-1 rather than MD5 by default for request digests and secret-key authentication digests
> 
> Does this require special steps by users or admins,
> such as regenerating keys? Or is it transparent and
> possibly even able to fall back to MD5 (maybe with a
> warning as MD5 is really old) to help older clients?

No special steps required; it is transparent and transparently falls back for older clients.

>> 2.1: Include hash code indicating hash algorithm used...
> 
> I guess without code/flag, old protocol/MD5 is assumed?

That is correct.

>> 2.2: Allow encryption algorithms other than DES in effectively unused session modes
> 
> You mean arbitrary algorithms are "supported" for those
> situations/things that are not actually processed yet?

There is code to support session key exchange in several modes---using a server public key, using a public key provided by the client, using a public key in a handle, and using Diffie-Hellman.  I imagine this was excessive exuberance on the part of the developers at the time.  In practice only Diffie-Hellman key exchange is used, and I see no reason to promote the other key exchange modes.

>> 2.4: Allow encryption algorithms other than DES for the actually used Diffie-Hellman based session mode
> 
> Which algorithms are supported? And was the old version
> single DES or at least 3DES? Any plans for DHE support?

The old version was single DES.  Currently DES, 3DES, and AES are supported.  Session keys are in fact already ephemeral.  It's worth noting that Handle System protocol is not encrypted by default, and generally doesn't need to be, as generally handle records are intentionally public; so for most users these improvements will never matter.

> Sounds like a big collection of security improvements.
> Sites still using 2.1 should probably upgrade? Do they
> have to follow special migration steps for that?

We certainly recommend using the latest software.  Since currently version negotiation starts with the HS_SITE value, that has to be updated separately.  In HSv8 (coming this quarter we hope) this will be noted in the upgrade instructions.

Again, the importance of these security improvements is mitigated by the fact that handle records are generally public data.

In a future version (2015 or later) the handle-protocol-specific session management will almost certainly be replaced with TLS or DTLS.

Robert
_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info