Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

Benjamin Kaduk <> Tue, 26 June 2018 15:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9849313103A; Tue, 26 Jun 2018 08:00:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XQfftgDH8Owx; Tue, 26 Jun 2018 08:00:11 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4F670130EF6; Tue, 26 Jun 2018 08:00:11 -0700 (PDT)
X-AuditID: 12074424-47bff70000002ba7-a0-5b3254faf40f
Received: from ( []) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id EC.4B.11175.AF4523B5; Tue, 26 Jun 2018 11:00:10 -0400 (EDT)
Received: from (OUTGOING-AUTH-1.MIT.EDU []) by (8.13.8/8.9.2) with ESMTP id w5QF085w000414; Tue, 26 Jun 2018 11:00:09 -0400
Received: from ( []) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by (8.13.8/8.12.4) with ESMTP id w5QF04Oe014000 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 26 Jun 2018 11:00:06 -0400
Date: Tue, 26 Jun 2018 10:00:04 -0500
From: Benjamin Kaduk <>
To: Hannes Tschofenig <>
Cc: Mike Jones <>, Jim Schaad <>, "" <>, "" <>
Message-ID: <>
References: <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmphleLIzCtJLcpLzFFi42IRYrdT1/0VYhRt0PRXzOL7tx5mi5//rjNb 3Jxxisli9fTvbBZ7p31icWD1WDNvDaPHxjnT2TyWLPnJ5NG64y97AEsUl01Kak5mWWqRvl0C V8aRU7+ZC6ZwVDSdW8PawHiUrYuRk0NCwERi1+rrzCC2kMBiJolTe3y6GLmA7I2MEhP3PmSC cK4ySUx+/BmoioODRUBV4veGVJAGNgEViYbuy2DNIgKGEnubD7GC1DMLfGCUuLDhJgtIQlgg TOLJg7WMIDYv0LZzf+5ADX3AJLFuwnKohKDEyZlPwBqYBbQkbvx7yQSyjFlAWmL5Pw6QMKdA osSd/0fArhYVUJbY23eIfQKjwCwk3bOQdM9C6F7AyLyKUTYlt0o3NzEzpzg1Wbc4OTEvL7VI 11wvN7NELzWldBMjOLBdVHYwdvd4H2IU4GBU4uG9YW8ULcSaWFZcmXuIUZKDSUmU94MzUIgv KT+lMiOxOCO+qDQntfgQowQHs5II77G3htFCvCmJlVWpRfkwKWkOFiVx3txFjNFCAumJJanZ qakFqUUwWRkODiUJXl1gBAsJFqWmp1akZeaUIKSZODhBhvMADbcAqeEtLkjMLc5Mh8ifYlSU Euc9GwSUEABJZJTmwfWCEo9E9v6aV4ziQK8I8zKDtPMAkxZc9yugwUxAg8seG4AMLklESEk1 MB5ImbfcyYlL81fXak+LxxZPz18/w3n6yaTQQybet95oHTYOtDvks+Xu7d1Ofz97f14udSKG s9imkDOa6ddhpz9fXrGuXpi3ykyySru4fV5Wj5fhjYvmjWuM1vIUP8/NzN/yzJGt3bXSoutx k/KWj2eFdH2cfH/vXb5MPXWxwbYXs2/Y/lzEM0eJpTgj0VCLuag4EQAcW9IBFwMAAA==
Archived-At: <>
Subject: Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 26 Jun 2018 15:00:14 -0000

On Tue, Jun 26, 2018 at 08:53:57AM +0000, Hannes Tschofenig wrote:
> Ben,
> I was wondering whether the situation is any different in Kerberos. If the KDC creates tickets with a session key included then it needs to make sure that it does not create the same symmetric key for different usages.
> The key in the Kerberos ticket is similar to the PoP key in our discussion.
> Are we aware of key collision in Kerberos?

I don't believe key collision is an issue in Kerberos.  Long-term keys
(which are not what we're talking about here) are identified by a principal
name, encryption type, and version number.  Session keys that are contained
within tickets (and returned to the client in the KDC-REP) are random, so
even if we are only using the birthday bound we're still in pretty good
shape.  The modern enctypes tend to use subsession keys generated by the
client and/or server as well as the KDC-generated session key, which
provides further binding to the current session.

Does that answer your question?