Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

Jim Schaad <ietf@augustcellars.com> Tue, 26 June 2018 16:54 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4672E130E07; Tue, 26 Jun 2018 09:54:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WusbvF9u8pLZ; Tue, 26 Jun 2018 09:54:36 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48EDD130EBF; Tue, 26 Jun 2018 09:54:36 -0700 (PDT)
Received: from Jude (151.127.12.101) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Tue, 26 Jun 2018 09:51:26 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Benjamin Kaduk' <kaduk@mit.edu>, 'Hannes Tschofenig' <Hannes.Tschofenig@arm.com>
CC: 'Mike Jones' <Michael.Jones@microsoft.com>, <draft-ietf-ace-cwt-proof-of-possession@ietf.org>, <ace@ietf.org>
References: <VI1PR0801MB2112C4D6D3CED7C15D9AE886FA750@VI1PR0801MB2112.eurprd08.prod.outlook.com> <20180622204344.GP64617@kduck.kaduk.org> <MW2PR00MB02986BC1E87754046C8CDC6AF5750@MW2PR00MB0298.namprd00.prod.outlook.com> <20180623212956.GE99689@kduck.kaduk.org> <VI1PR0801MB2112F3791E8467A53C440E11FA490@VI1PR0801MB2112.eurprd08.prod.outlook.com> <20180626150003.GD79565@kduck.kaduk.org> <VI1PR0801MB2112F73E53F790A076D5FFEBFA490@VI1PR0801MB2112.eurprd08.prod.outlook.com> <20180626151415.GE79565@kduck.kaduk.org>
In-Reply-To: <20180626151415.GE79565@kduck.kaduk.org>
Date: Tue, 26 Jun 2018 18:54:23 +0200
Message-ID: <00e601d40d6e$593eab70$0bbc0250$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AQJmkbQj82tMYvZUbCUZIMhlVFE4oQHH3wOzAp0N2z4AwuijgAGW3xIRAhu0accCDpuegAI+hUiQouR84aA=
X-Originating-IP: [151.127.12.101]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/tBe5kVtMLsiF7L4N-LsgOvWut60>
Subject: Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jun 2018 16:54:39 -0000

No Ben, you are 100% correct.  This is about identifiers and not session
keys.

> -----Original Message-----
> From: Benjamin Kaduk <kaduk@mit.edu>;
> Sent: Tuesday, June 26, 2018 5:14 PM
> To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>;
> Cc: Mike Jones <Michael.Jones@microsoft.com>;; Jim Schaad
> <ietf@augustcellars.com>;; draft-ietf-ace-cwt-proof-of-possession@ietf.org;
> ace@ietf.org
> Subject: Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-
> possession-02
> 
> I thought we were worried about collision of key *identifiers*, which were
> not necessarily raw keys or hashes thereof.  But it's possible I was not
paying
> enough attention and got confused.
> 
> -Ben
> 
> On Tue, Jun 26, 2018 at 03:12:52PM +0000, Hannes Tschofenig wrote:
> > It does answer my question, Ben.
> >
> > This begs the question why the collision of session keys is suddenly a
> problem in the ACE context when it wasn't a problem so far. Something must
> have changed.
> >
> > Ciao
> > Hannes
> >
> >
> > -----Original Message-----
> > From: Benjamin Kaduk [mailto:kaduk@mit.edu]
> > Sent: 26 June 2018 17:00
> > To: Hannes Tschofenig
> > Cc: Mike Jones; Jim Schaad;
> > draft-ietf-ace-cwt-proof-of-possession@ietf.org; ace@ietf.org
> > Subject: Re: [Ace] Key IDs ... RE: WGLC on
> > draft-ietf-ace-cwt-proof-of-possession-02
> >
> > On Tue, Jun 26, 2018 at 08:53:57AM +0000, Hannes Tschofenig wrote:
> > > Ben,
> > >
> > > I was wondering whether the situation is any different in Kerberos. If
the
> KDC creates tickets with a session key included then it needs to make sure
> that it does not create the same symmetric key for different usages.
> > > The key in the Kerberos ticket is similar to the PoP key in our
discussion.
> > >
> > > Are we aware of key collision in Kerberos?
> >
> > I don't believe key collision is an issue in Kerberos.  Long-term keys
> > (which are not what we're talking about here) are identified by a
> > principal name, encryption type, and version number.  Session keys
> > that are contained within tickets (and returned to the client in the
> > KDC-REP) are random, so even if we are only using the birthday bound
> > we're still in pretty good shape.  The modern enctypes tend to use
> > subsession keys generated by the client and/or server as well as the
> > KDC-generated session key, which provides further binding to the current
> session.
> >
> > Does that answer your question?
> >
> > -Ben
> > IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
recipient,
> please notify the sender immediately and do not disclose the contents to
any
> other person, use it for any purpose, or store or copy the information in
any
> medium. Thank you.