GSS-API per msg prot negotiation
Martin Rex <martin.rex@sap-ag.de> Thu, 15 January 1998 16:04 UTC
From: Martin Rex <martin.rex@sap-ag.de>
Subject: GSS-API per msg prot negotiation
To: cat-ietf@MIT.EDU
Date: Thu, 15 Jan 1998 17:04:32 +0100
Reply-To: Martin.Rex@sap-ag.de
X-Message-ID:
Message-ID: <20140418005448.2560.61136.ARCHIVE@ietfa.amsl.com>
I'm worried about potential side effects when implementing "political" solutions, specifically in the availability of per-message protection services. "Political" requirements are currently inflicted on a significant fraction of implementors, so explicit statements may be necessary in some areas to maintain interoperability. Scenario: Two components of an application use gssapi to authenticate and secure their communication and successfully establish a security context (i.e. both sides get to see GSS_S_COMPLETE from context establishment). If one side gets back the availability flag for confidentiality protection, the other side must get it as well and the application(s) must be able to use gss_wrap WITH confidentiality protection to talk to their peer, independent of the combination of "compliant" but independent implemenations of the same gssapi mechanism. The same requirement applies to integrity protection and gss_getmic(), gss_verifymic(). I think that each of the INTEGRITY, CONFIDENTIALITY, MUTUAL_AUTH and ANON flags must be consistently returned by both sides: gss_init_sec_context() and gss_accept_sec_context() in case of success (GSS_S_COMPLETE). I'm wondering if that applies also to REPLAY and SEQUENCE. Besides being a significant application portability issue for us, ;-) I assume it is a severe interoperability issue and as such needs to be resolved before GSS-API may eventually advance to Draft Standard on the Internet Standards track. More or less obvious mechanism spec and/or implementation issues: - If a gssapi mechanism spec doesn't mandate confidentiality, it must provide a handshake during context establishment so that independent implemenations may figure out availability of a common confidentiality mechanism. - If a gssapi mechanism spec doesn't mandate confidentiality, a one-way authentication with confidentiality can not meet the interoperability requirement. - If a gssapi mechanism spec mandates confidentiality, a one-way authentication with confidentiality would be limited to the mandated confidentiality algorithm(s). On top of that, I think such requirements have to be extended to QOP values: - If a gssapi mechanism spec allows optional confidentiality or integrity mechanisms to be selected by the application by using an explicit QOP parameter, the context establishment must provide for negotiation of common QOP values. - When using an optional QOP value that is known to the local gssapi implementation but not by the peer and therefore not available for the established security context, the failure of the gss_getmic() or gss_wrap() must not interfere with the context validity, sequence protection or replay protection as provided by the gssapi mechanism. Talking of QOP values: gss_wrap_size_limit() takes a qop for input and may return GSS_S_BAD_QOP. Could we add the statement that a QOP value accepted by gss_wrap_size_limit() doesn't mean that this QOP is acutally valid and would be accepted by gss_wrap()? (I have a layered GSS-API mechanism with a qop-independent wrap_size increase where validating the QOP value would be extremely awkward due to the layering.) What is the optional/mandatory status for the Kerberos 5 gssapi mechanism RFC-1964, mech-OID iso(1) member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) krb5(2) Is per-message integrity protection mandatory-to-implement? Is per-message confidentiality protection mandatory-to-implement? I haven't seen any specific requirements concerning these interoperability issues in both of the GSS-API documents rfc2078bis, C-bindings, and neither the Kerberos 5 GSS-API mechanism spec rfc1964. I'm especially interested in implementation practice -- especially where political solutions are already technical problems today. -Martin
- GSS-API per msg prot negotiation Martin Rex