CRAM-MD5 interoperability F. Ellermann
xyzzy
September 6, 2006


RFC 2195 implementation report

Abstract

This is a brief implementation and interoperability report about
CRAM-MD5 as specified in RFC 2195. No problems were found.


1. Background

CRAM-MD5 specified in [RFC2195] is a simple Challenge and Respose
Authentication Method based on HMAC defined in [RFC2104]. CRAM-MD5
uses the MD5 message digest specified in [RFC1321] to determine
HMAC( password, challenge ).

The one and only feature of CRAM-MD5 is secure authentication in the
SASL framework, compare [RFC2222]. It does not offer to negotiate a
security layer or separate authorization identity. This limitation
is explicitly noted on page 3 of [RFC2195], in addition to its clear
security considerations.

CRAM-MD5 is (apparently) the only widely supported secure
authentication mechanism for ESMTPA (and probably also LMTPA) defined
in [RFC3848]. It's certainly better than PLAIN (a SASL-mechanism
explicitly forbidden outside of TLS) or LOGIN (a non-SASL variant of
plain text user:passsword authentication offered by some SMTP AUTH
implementations, not covered by [RFC2554]).

SMTP AUTH support is required for Mail Submit Agents defined in
[RFC4409], unless a submitter is already independently authenticated
or authorized.


2. Implementation

The implementation was built by copying the CRAM procedure published
in <http://purl.net/xyzzy/src/md5.cmd> into a script roughly derived
from <http://purl.net/xyzzy/src/rxhelo.cmd> for the purpose of
testing SMTP AUTH.

The tested MSA claims to be an "exim 4.62" and offers AUTH LOGIN
PLAIN CRAM-MD5 for ESMTPA, and STARTTLS (not tested). Login attempts
with the offered ESMTPA mechanisms all "worked", as expected for
CRAM-MD5, unfortunately also for PLAIN outside of TLS. Truncated and
munged log to protect the innocent:

TCP connection with mx.example:587
220 mx1.example ESMTP Exim 4.62 Wed, 06 Sep 2006 18:38:41 +0200
ehlo xyzzy.dnsalias.org
250-mx1.example Hello munged.de.clara.net [213.221.65.42]
250-SIZE 104857600
250-ETRN
250-PIPELINING
250-AUTH LOGIN PLAIN CRAM-MD5
250-STARTTLS
250 HELP
auth CRAM-MD5
334 PDE2NzExLjExNTc1NjA3MjJAbXgxLmZyZWVuZXQuZGU+
Zm9yZ2V0aXRAZnJlZW5ldC5kZSBmZDdiNTY2ZDQ2ZjhiMjJmN2IzYjRlYzk2MDNjNmY4Mw==
235 Authentication succeeded


3. Notes

[RFC2222] was obsoleted by [RFC4422] in June 2006. With respect to
[RFC2195] this might require to add SASLprep specified in [RFC4013],
[RFC3629], and [RFC3454] as proposed in [I-D.ietf-sasl-crammd5]. The
implementation does not include SASLprep, and potential
interoperability issues related to different versions of Unicode were
not tested. The example u+00AE in the draft demonstrates that
mapping Latin-1 to UTF-8 won't work, this is very instructive for
naive implementations.

Several other RFCs reference CRAM-MD5, e.g. ACAP [RFC2244]
(mandatory), ODMR [RFC2645] (mandatory), and BCP 46 [RFC3013]
(recommended for IMAP and POP).

[RFC2636] states: "An authentication mechanism which is easy to
implement, and provides reasonable security against various attacks,
including replay."


4. References

[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
April 1992.

[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104,
February 1997.

[RFC2195] Klensin, J., Catoe, R., and P. Krumviede, "IMAP/POP
AUTHorize Extension for Simple Challenge/Response",
RFC 2195, September 1997.

[I-D.ietf-sasl-crammd5]
Nerenberg, L., "The CRAM-MD5 SASL Mechanism",
draft-ietf-sasl-crammd5-07 (work in progress), June 2006.

[RFC2222] Myers, J., "Simple Authentication and Security Layer
(SASL)", RFC 2222, October 1997.

[RFC2244] Newman, C. and J. Myers, "ACAP -- Application
Configuration Access Protocol", RFC 2244, November 1997.

[RFC2554] Myers, J., "SMTP Service Extension for Authentication",
RFC 2554, March 1999.

[RFC2636] Gellens, R., "Wireless Device Configuration (OTASP/OTAPA)
via ACAP", RFC 2636, July 1999.

[RFC2645] Gellens, R., "ON-DEMAND MAIL RELAY (ODMR) SMTP with
Dynamic IP Addresses", RFC 2645, August 1999.

[RFC3013] Killalea, T., "Recommended Internet Service Provider
Security Services and Procedures", BCP 46, RFC 3013,
November 2000.

[RFC3454] Hoffman, P. and M. Blanchet, "Preparation of
Internationalized Strings ("stringprep")", RFC 3454,
December 2002.

[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003.

[RFC3848] Newman, C., "ESMTP and LMTP Transmission Types
Registration", RFC 3848, July 2004.

[RFC4013] Zeilenga, K., "SASLprep: Stringprep Profile for User Names
and Passwords", RFC 4013, February 2005.

[RFC4409] Gellens, R. and J. Klensin, "Message Submission for Mail",
RFC 4409, April 2006.

[RFC4422] Melnikov, A. and K. Zeilenga, "Simple Authentication and
Security Layer (SASL)", RFC 4422, June 2006.


Author's Address

Frank Ellermann
xyzzy
Hamburg, Germany

Email: nobody@xyzzy.claranet.de
URI: http://purl.net/xyzzy/