mjl- / mox

modern full-featured open source secure mail server for low-maintenance self-hosted email
https://www.xmox.nl
MIT License
3.69k stars 110 forks source link

SCRAM-SHA-512(-PLUS) + SCRAM-SHA3-512(-PLUS) supports #173

Open Neustradamus opened 6 months ago

Neustradamus commented 6 months ago

Dear @mjl- from Mox team,

After:

Can you add supports of :

You can add too:

"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".

https://xmpp.org/extensions/inbox/hash-recommendations.html

-PLUS variants:

IMAP:

LDAP:

HTTP:

2FA:

IANA:

Linked to:

mjl- commented 4 months ago

Hi @Neustradamus, thanks for tracking progress on scram support in software. It isn't yet as widely deployed in email as it should. Too many applications use at most cram-md5, or plain. TLS channel binding is rare.

It would be good to understand why scram isn't more commonly supported in servers/clients.

As for scram-sha-512 and scram-sha3-512. It's easy to add support. But those are internet drafts. It's not a priority to implement them. I considered already adding code to derive secrets for those mechanisms. It is a very simple change. But there is a risk of implementing drafts that may never make it into an RFC, or will change before being final (e.g. recommended iteration count), and I don't want to create needless legacy code. Once the mechanisms are final and published, I'll implement them.

I've been meaning to do some more real-world testing with email clients and their scram support. FYI, I wrote a simple app to track client/server protocol support some time ago, here is a selection for scram: https://implementations.modernemail.org/#feats=scram. I'm going to test a few clients now and update that matrix. For testing, I'm connecting email clients to https://imapcollect.modernemail.org. It's a proof of concept I created a while ago. It allows anyone to connect, and captures protocol traces (IMAP only for now) and tracks some statistics about connections, including which authentication mechanism was used, but also which extensions were enabled. It would be an option to automatically track protocol support over time for clients (and later servers too) through this mechanism. For now, it makes it clear which auth mechanism a client picks, and clients often identify their version with the IMAP ID command.