vSMTP icon indicating copy to clipboard operation
vSMTP copied to clipboard
verified publisher icon viridIT

AUTH: `SCRAM-*`

Open Mathieu-Lala opened this issue 3 years ago • 5 comments

Following the #39

  • [ ] extend the line length of the MAIL FROM command by 500 characters
  • [ ] handle security layer negociation
  • [ ] when both TLS and SASL security layers are in effect, the TLS encoding MUST be applied after the SASL encoding
  • [ ] when a security layer takes effect, the SMTP protocol is reset to the initial state
  • [ ] SCRAM-SHA-1
  • [ ] SCRAM-SHA-1-PLUS
  • [ ] SCRAM-SHA-256
  • [ ] SCRAM-SHA-256-PLUS

Other mechanism we could support

  • [ ] EXTERNAL
  • [ ] SECURID
  • [ ] DIGEST-MD5
  • [ ] SAML20
  • [ ] OPENID20
  • [ ] GSSAPI
  • [ ] GS2-KRB5

Mathieu-Lala avatar Jun 06 '22 06:06 Mathieu-Lala

Ohai!

Just two small heads up:

With the 1.X.X tree of rsasl supporting channel bindings (required for the -PLUS versions) isn't that pretty. The only supported cb mechanism is tls-unique which isn't defined for TLS 1.3 and deprecated for TLS 1.2. Rustls does not provide methods required for tls-unique, for good reason. (See rustls#559) In rsasl 2.X.X (the pure-Rust rewrite) I'm currently working on ideas how to do channel binding better, however that branch is not yet ready for anything but preliminary alpha releases.

Secondly, rsasl::Session doesn't expose gsasl_encode or gsasl_decode that would be required for security layers. (See the gsasl documentation) Given that security layers aren't that good of an idea, especially not compared to TLS, adding support for security layers isn't high on my priority list for rsasl 2.X.X either.

dequbed avatar Jun 29 '22 12:06 dequbed

I confirm that SCRAM-* and SCRAM-*-PLUS are important.

There is now a new RFC, RFC 9266: Channel Bindings for TLS 1.3:

  • https://tools.ietf.org/html/rfc9266

Little details, to know easily:

  • tls-unique for TLS =< 1.2
  • tls-exporter for TLS = 1.3

Neustradamus avatar Aug 03 '22 16:08 Neustradamus

A very new RFC indeed, thank you for the information

Mathieu-Lala avatar Aug 03 '22 16:08 Mathieu-Lala

Note that tls-exporter is just as valid to use for TLS 1.2 if the extended master secret extension is used. Rustls does AFAICT always enable this extension.

However, all sasl implementations I'm aware of will either prefer tls-unique or not use tls-exporter for TLS < 1.3 at all, so offering only tls-exporter when using TLS 1.2 is potentially a bad idea.

If there's interest in offering channel binding support, I'd be grateful for some help adding utilities to rsasl that makes extracting channel bindings from the common TLS crates easier.

dequbed avatar Aug 03 '22 16:08 dequbed

I have informed several teams, there will have improvements:

  • tls-unique for TLS =< 1.2
  • tls-exporter for TLS = 1.3

Here is an example from the RFC9266 author:

  • https://github.com/mellium/sasl/commit/00912085c89c126d442cce0c931a4dd71d356e64

Neustradamus avatar Aug 03 '22 17:08 Neustradamus