IETF Logo Mail Archive

Re: [abfab] Why we need Nico's text

Klaas Wierenga <klaas@cisco.com> Wed, 25 August 2010 15:07 UTC

Return-Path: <klaas@cisco.com>
X-Original-To: abfab@core3.amsl.com
Delivered-To: abfab@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 841303A6B14 for <abfab@core3.amsl.com>; Wed, 25 Aug 2010 08:07:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.326
X-Spam-Level:
X-Spam-Status: No, score=-10.326 tagged_above=-999 required=5 tests=[AWL=0.273, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NklZBaIv3N+d for <abfab@core3.amsl.com>; Wed, 25 Aug 2010 08:07:35 -0700 (PDT)
Received: from rtp-iport-1.cisco.com (rtp-iport-1.cisco.com [64.102.122.148]) by core3.amsl.com (Postfix) with ESMTP id 2C95C3A6B0C for <abfab@ietf.org>; Wed, 25 Aug 2010 08:07:35 -0700 (PDT)
Authentication-Results: rtp-iport-1.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Au8FAOrOdExAZnwM/2dsb2JhbACTJI0gcaAMnBiFNwSKAw
X-IronPort-AV: E=Sophos;i="4.56,268,1280707200"; d="scan'208";a="151588832"
Received: from rtp-core-1.cisco.com ([64.102.124.12]) by rtp-iport-1.cisco.com with ESMTP; 25 Aug 2010 15:08:07 +0000
Received: from macmini.wierenga.net (ams-kwiereng-8715.cisco.com [10.55.220.246]) by rtp-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o7PF86qe019386 for <abfab@ietf.org>; Wed, 25 Aug 2010 15:08:07 GMT
Message-ID: <4C7531D6.5010705@cisco.com>
Date: Wed, 25 Aug 2010 17:08:06 +0200
From: Klaas Wierenga <klaas@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2
MIME-Version: 1.0
To: abfab@ietf.org
References: <4C741B45.6030702@sunet.se> <4C742A81.9090506@cisco.com> <20100824203712.GG17097@oracle.com> <4C74E145.1030506@cisco.com> <tsl39u23ndk.fsf@mit.edu> <4C750E2B.9070703@cisco.com> <tsl1v9m253f.fsf_-_@mit.edu>
In-Reply-To: <tsl1v9m253f.fsf_-_@mit.edu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [abfab] Why we need Nico's text
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Aug 2010 15:07:36 -0000

On 8/25/10 3:29 PM, Sam Hartman wrote:

Sam,

Thanks for the explanation, very helpful to me at least!

Klaas

> I'm noticing that the folks who have worked with GSS-API seem more
> comfortable with Nico's text than the rest of the community.
> Let me go through Nico's requirements and explain why they're needed in
> order to accomplish our goals.
>
> * Mutual authentication: Required by RFC 4462 in order to work with SSH
>    and RFC 5801 for XMPP, SMTP, IMAP, LDAD, and the like.  You introduce
>    MITM attacks for CALDAV, WEBDAV, ATOM and the like if you use GSS to
>    authenticate without mutual authentication.
>
> * Channel binding: required by RFC 5801 if we want to support IMAP,
>    XMPP, LDAP, and the like.
>
> * Per-message security services (gss_wrap, gss_get_mic, the like):
>    Required by RFC 4462 if we want to support SSH. Required by
>    NFS. Required by CIFS.
> \
> * Host based service naming: Required by RFc 4462 for ssh, RFC 5801 for
>    XMPP, IMAP, SMTP, and the like. Required for CALDAV, WEBDAV, ATOM, and
>    the HTTP protocols. Required by NFS. Probably required by CIFS
>    although that's more complicated.
>
> * gss_pseudo_random: Required by some of the JANET applications and by
>    RXGK, the AFS distributed filesystem security class. This is less of a
>    requirement than the previous items, although once you have
>    per-message security, gss_pseudo_random is trivial.
>
> * key confirmation: Required for channel binding to provide meaningful
>    security.
>
> So, if we don't meet Nico's requirements then we cannot actually work
> with most of the applications we want to work with.
>
> However, for me, that's not the most important motivation.  I've been
> working on security systems that are more resistant to phishing than the
> web for a long time. These technical requirements will meet the higher
> level requirements necessary to provide the technical aspects of good
> phishing defense. It happens these requirements are a fairly good
> mapping of the most important issues discussed in
> draft-hartman-webauth-phishing to non-web applications.  So, that's why
> I personally care a lot about these issues and whether these are going
> to be part of the solution significantly affects how good of an idea I
> think doing the work is.  I can totally appreciate that someone might
> disagree with me, but I hope you can understand why I care about the
> issue.
> _______________________________________________
> abfab mailing list
> abfab@ietf.org
> https://www.ietf.org/mailman/listinfo/abfab

v2.23.0 | Report a Bug | By Email