[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: RE: Proxy authentication with Negotiate uses wrong host

From: <1983-01-06_at_gmx.net>
Date: Thu, 25 Aug 2011 11:59:27 +0200

> On Wed, 2011-08-24 at 07:42 -0400, 1983-01-06_at_gmx.net wrote:
> > Are you refering to sole Kerberos or are you just concerned about
> > transport encryption? Your statement somewhat irritates me.
> > Given that the HTTP traffic cannot be securely wrapped into the GSS
> > content and nor the SASL QOP can be set (like for LDAP), I would
> > neglect that and still say TLS is not of your concern but of mine or
> > the users in general.
>
> Any authentication-only mechanism used over an insecure channel is
> vulnerable to MITM attacks which preserve the authentication and change
> the data. Of course, this applies to HTTP basic and digest over raw
> HTTP just as much as it does to negotiate, so perhaps it doesn't make
> sense to restrict negotiate auth to HTTPS only on this basis alone.
>
> A further concern with HTTP negotiate is that it is scoped to the TCP
> connection and not to a single HTTP request. Ignorant proxies may
> combine TCP connections for multiple users' requests and inadvertently
> authenticate one users' requests with anothers' credentials. I may be
> wrong, but I believe this is the concern which leads implementations to
> restrict NTLM to HTTPS. Switching from NTLM to Kerberos does not
> mitigate this concern at all. If there are other vulnerabilities in
> NTLM which don't presuppose an MITM attack, perhaps I'm wrong.

Greg,

thanks for the insight. I will file a bug that the sole negotiate/kerberos and SSL restriction should be removed because it is not enforced on basic and digest either.

Mike

-- 
NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!		
Jetzt informieren: http://www.gmx.net/de/go/freephone
Received on 2011-08-25 12:00:26 CEST

This is an archived mail posted to the Subversion Dev mailing list.