Re: [Curdle] AD Review of draft-ietf-curdle-gss-keyex-sha2-05

Eric Rescorla <ekr@rtfm.com> Wed, 30 May 2018 13:24 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BB7812E87F for <curdle@ietfa.amsl.com>; Wed, 30 May 2018 06:24:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.609
X-Spam-Level:
X-Spam-Status: No, score=-2.609 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nmsj8SVc49hW for <curdle@ietfa.amsl.com>; Wed, 30 May 2018 06:24:52 -0700 (PDT)
Received: from mail-oi0-x231.google.com (mail-oi0-x231.google.com [IPv6:2607:f8b0:4003:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E358112E878 for <curdle@ietf.org>; Wed, 30 May 2018 06:24:51 -0700 (PDT)
Received: by mail-oi0-x231.google.com with SMTP id c128-v6so7035330oig.11 for <curdle@ietf.org>; Wed, 30 May 2018 06:24:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=iSPvquFwPyEdQdFK8TJTPuXh3jLWjcaRCD7eiWejCyc=; b=J183+8rTRKRRDiTZeiKroOQM6PPUn/4BQlUJDys8BmQ0Ud6KGKiVN2q2P9W1nghjHL GMiW5ZsKrEwMAD+MDmRkM7xpcWfUZBA3jGRf5Hbd/A4PNGj/NGD94e+QYYxJd4oMq2/N GyzC8LxWgtWR/O9XEkXfb/Up1OIer0aCILy/FVmFCb709UhH6Z07DOMCgYQR9WwDTUq4 weGIHK/iw88xsOvM0OeqlcIE894GOrPh7FEfCnENDgeqjoEdoAEFTXGVTGsXpFVj2oY0 2j1qiQqwx+79XT+4aCIWjyOMpLuLRaMj3BG4yLTPV78SDGezckDg77LmNwPEb6nUvi9Y s93g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=iSPvquFwPyEdQdFK8TJTPuXh3jLWjcaRCD7eiWejCyc=; b=SRIah7izoXh8860/oIt+ov3vkl1LGw2CKU4KXK85DeooyqhRzICCpHA7oAbt+t/c7n yQGG1poaC0QctlpObi4vev3zIovvhrNkxw93XfKaAG06RjR2uIjyGwBfXEwc1hkkyjdT lVjyt5rkDEOHyr2jPPWzLX1yn/QX610B51gu28YyrmoVnNH7pX046whyTNElFEVFGh+G /v2VOt9pVSNu+jqRByheL1IipFUc2GUG12WCVoQKLig6GEP5+3w4jMH1Jqif7ESwL2HZ pKshygOSZPJbmnO3ebkGjRI0pc56mxEk3EQjPDi493p2Z+TYjwPr96nZ9f0Uv1PQcSLC inbg==
X-Gm-Message-State: APt69E224U7Rari/QB4oODNBxpN+lG7MXPFWUiRJ7nzS5ur74pvLKcTN 1iUUI9Zexszp85CINCX3fyjZqlgUw5MxzipwwaFBfQ==
X-Google-Smtp-Source: ADUXVKKnDnf7hqYkMNiAysgBp2Tk907uxQjSxD0xS+/te7hDu0+ZgN8TzejX21O0MOCgW++XUM/NwmZYy/NhZVMUmU0=
X-Received: by 2002:aca:1c3:: with SMTP id 186-v6mr1536255oib.174.1527686691280; Wed, 30 May 2018 06:24:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ac9:66:0:0:0:0:0 with HTTP; Wed, 30 May 2018 06:24:10 -0700 (PDT)
In-Reply-To: <1527683712.25240.42.camel@redhat.com>
References: <CABcZeBNCUSpGihHz6bPBSALS4-34Tm7W36BCZ_Ev8OQz3KtVag@mail.gmail.com> <1526923646.10011.43.camel@redhat.com> <CABcZeBO9fhkjcfqomnmyY8YJw93u9t7B=QC05aDGBwGgAOpd_w@mail.gmail.com> <34725207.E0R9U7BB6Z@pintsize.usersys.redhat.com> <1527683712.25240.42.camel@redhat.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 30 May 2018 06:24:10 -0700
Message-ID: <CABcZeBNq3kDq5=0K4ov1yOCEAX8sqPHfYZDsNz1V6dn+WPBb0g@mail.gmail.com>
To: Simo Sorce <ssorce@redhat.com>
Cc: Hubert Kario <hkario@redhat.com>, curdle <curdle@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008fecc7056d6c468f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/-w8OUXxOqdR5xnFigv0_BtP3tw0>
Subject: Re: [Curdle] AD Review of draft-ietf-curdle-gss-keyex-sha2-05
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 May 2018 13:24:55 -0000

Sure. I was thinking something like this

5.1.
5.1.1. Generic Procedures
- Generating a DH ephemeral
- Verifying the peer's ephemeral
- Computing the shared key
- Verifying the output
- Computing the key hash and MIC

5.1.2. GSS Key Exchange Steps
Client calls GSS_Init_sec_context()... [5.1.1 step 2]
Server verifies Q_C and calls GSS_Accept_sec_context [5.1.1, step 4]
Server generates ephemeral and computes the shared key [reduced 5.1.1 step
5]
Server call to GSS_Accept_sec_context [5.1.1 step 6]
Client verifies Q_S and computes the shared key [5.1.1 step 7++]
Client calls GSS_VErifyMIC [5.1.1. step 8]

It's hard for me to see if you caught everything else. If you want to
submit a new draft, I can take a look, either before or after this
change.

-Ekr






On Wed, May 30, 2018 at 5:35 AM, Simo Sorce <ssorce@redhat.com> wrote:

> On Wed, 2018-05-30 at 12:25 +0200, Hubert Kario wrote:
> > On Tuesday, 29 May 2018 21:27:34 CEST Eric Rescorla wrote:
> > > On Mon, May 21, 2018 at 10:27 AM, Simo Sorce <ssorce@redhat.com>
> wrote:
> > > > On Fri, 2018-05-18 at 14:12 -0700, Eric Rescorla wrote:
> > > > > These changes look fine, though they only address some of my
> comments.
> > > >
> > > > Just for clarity, is the change to describe the whole DH exchange in
> > > > one place what you see missing ? Is that a deal breaker ?
> > > > Anything else ?
> > >
> > > That and the repeated text that is the same for each group.
> >
> > the fix for repeated text about groups is already merged to master, for
> ECDHE:
> > https://github.com/simo5/ietf/blob/eb03480d5c49e7340302e4974435f3
> 82ba26a911/
> > draft-ietf-curdle-gss-keyex-sha2.xml#L537-L553
> > and for FFDHE:
> > https://github.com/simo5/ietf/blob/eb03480d5c49e7340302e4974435f3
> 82ba26a911/
> > draft-ietf-curdle-gss-keyex-sha2.xml#L148-L164
>
> Thanks Hubert.
>
> Eric,
> it be nice if you could give guidance on how you would like to see the
> DH exchange explanation changed, assuming that's the only thing of
> concern left for you, feel free to point out anything else as well.
>
> If you prefer to have a new draft submitted, with the changes above, as
> a baseline for further discussion, I can submit one.
>
> Simo.
>