Re: [Gen-art] Gen-ART Review of draft-ietf-kitten-pkinit-freshness-07

Michiko Short <> Wed, 30 November 2016 23:20 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 636E4129963; Wed, 30 Nov 2016 15:20:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id iPqUP3GrG1se; Wed, 30 Nov 2016 15:20:28 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B8349129BCF; Wed, 30 Nov 2016 15:20:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=GlXnSJS0+Fhd7kocA90ZYVdUB2sZkFu/Lo/YtUS6zts=; b=VcVlXpuQje9Q9etvqJloSUJs2UkuCDaHRcE86Tdzu49x2jzFAeNNq/Mz7IEFWTP1BhWuCmf6bRWMWF/Q7t2n+oD1axj9tdSfusalSroQGPoSWtOj6iIWxCFgwNv96dTPfCE5LO9u6quhjDUz1kIFxxKIVfiHnGqKdXFk9lMZ2G8=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.747.13; Wed, 30 Nov 2016 23:20:23 +0000
Received: from ([]) by ([]) with mapi id 15.01.0734.020; Wed, 30 Nov 2016 23:20:23 +0000
From: Michiko Short <>
To: "Paul Miller (NT)" <>, Russ Housley <>, "" <>
Thread-Topic: Gen-ART Review of draft-ietf-kitten-pkinit-freshness-07
Thread-Index: AQHSSOilm69tVN+pU06lGGXZjXK2bKDunlrAgABTkICAAzzZkA==
Date: Wed, 30 Nov 2016 23:20:23 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: [2001:4898:80e8:f::4d1]
x-ms-office365-filtering-correlation-id: 453528dd-3d11-41bc-39a6-08d41977761e
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:CY1PR03MB1469;
x-microsoft-exchange-diagnostics: 1; CY1PR03MB1469; 7:txV+EwgWZ6veS/qNcPSV/WeuNlnzzQpBKvlbh1f1tD2hBsblEB/MsvyU1VxylMAzMxTIda4NZVx5BCr16IJF8D9z7gTlgZKZ79nj9pdiAH11T+otN4bjwlE7hbCGlY6umsV0+uT08Cb3sx5zREwZ32tswIQk+amCfrgkm5ZTfNIIJ9zY+YFVxA6uTmmV6TlM+Z0nIHFQ9fKh0yldjbNTOrlQ2ZSwd9zkZXPCx1D+l5TB8vwcSenwk6W8rwDpQG+jcXV8FimOZHnNIonyQLrCJgl6lSbammzAyGIs5IzT9JeH6xuliSlIA1p7uBsk4WGlNkv2ZY7EWLY61BiRLkHRmG2R6YBBTjQTZaUym2LXMiKPQuj51ro05eBqIn4k+/f/GUR7BPdPyTGsv9zXDP4LLQI0plyhEjS1eX00HhBU151CCOX0A2aLmCZEGc60Hfen0ctYIKJnNYFlazH9JF6ELxa1vRb5BrbKe3WJ7onBtsg=
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(61426038)(61427038)(6041248)(20161123562025)(20161123564025)(20161123555025)(20161123560025)(6047074)(6072148); SRVR:CY1PR03MB1469; BCL:0; PCL:0; RULEID:; SRVR:CY1PR03MB1469;
x-forefront-prvs: 0142F22657
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(377424004)(199003)(377454003)(189002)(13464003)(101416001)(99286002)(33656002)(305945005)(1511001)(68736007)(50986999)(122556002)(2950100002)(54356999)(76176999)(74316002)(105586002)(106116001)(7696004)(86612001)(10090500001)(7736002)(102836003)(2501003)(6116002)(5660300001)(93886004)(8990500004)(7846002)(230783001)(92566002)(86362001)(106356001)(5005710100001)(10290500002)(2421001)(229853002)(6506003)(81156014)(81166006)(8936002)(4326007)(8676002)(2561002)(76576001)(97736004)(9686002)(5001770100001)(4001150100001)(77096006)(3280700002)(39410400001)(2906002)(3900700001)(3660700001)(38730400001)(39450400002)(189998001)(2900100001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR03MB1469;; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Nov 2016 23:20:23.8156 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR03MB1469
Archived-At: <>
Cc: IETF Gen-ART <>
Subject: Re: [Gen-art] Gen-ART Review of draft-ietf-kitten-pkinit-freshness-07
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 Nov 2016 23:20:31 -0000

Russ, is there an accepted value for a worst case CMS signature?

-----Original Message-----
From: Paul Miller (NT) 
Sent: Monday, November 28, 2016 1:54 PM
To: Michiko Short <>; Russ Housley <>;
Cc: IETF Gen-ART <>
Subject: RE: Gen-ART Review of draft-ietf-kitten-pkinit-freshness-07

Minimum length is a problematic topic due to the fact that we intentionally did not specify the format of the freshness token.  Since the structure of the freshness token is left up to the KDC, there is no good way to determine a minimum size.  If the freshness token is a nonce then the size is determined by the birthday problem.  If it is based on symmetric cryptography, then there are different length considerations.  If it is based on asymmetric crypto then there is a third set of size considerations.

A maximum size makes sense as a way to avoid processing messages that are clearly bad.  Is there an accepted value for a worst case CMS signature?

-----Original Message-----
From: Michiko Short [] 
Sent: Monday, November 28, 2016 8:59 AM
To: Russ Housley <>;
Cc: IETF Gen-ART <>
Subject: RE: Gen-ART Review of draft-ietf-kitten-pkinit-freshness-07

The size issue a is big one for this late in the process as it never came up before. We would have to bring it up to the WG for discussion. Is this required? 

Happy to submit an updated version with the client & KDC flipped, first reference of KDC in abstract spelled out, and 2.1 PA_AS_FRESHNESS referencing 4. Just tell me when I can make the updates.

-----Original Message-----
From: Russ Housley [] 
Sent: Sunday, November 27, 2016 11:55 AM
Cc: IETF Gen-ART <>
Subject: Gen-ART Review of draft-ietf-kitten-pkinit-freshness-07

I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please wait for direction from your document shepherd or AD before posting a new version of the draft.

For more information, please see the FAQ at <>.

Document: draft-ietf-kitten-pkinit-freshness-07
Reviewer: Russ Housley
Review Date: 2016-11-27
IETF LC End Date: 2016-11-03
IESG Telechat date: 2016-12-01

Summary: Almost Ready

Major Concerns

I understand that freshness tokens provide corroboration that the client had access to the private key at the time that the AS-REQ was constructed.  I also understand that the freshness tokens do not have to be single use tokens for specific AS exchanges.  However, some guidance on the minimum size of the freshness token seems to be appropriate.  If the freshness token is too small, then the client could be generate signatures using all of the possible token values at when it does have access to the private key, offering the one that matches the freshness token during the exchange with the KDC.  Please specify a minimum size for the freshness token.

Please add a discussion of the minimum freshness token size to Section 7 (Security Considerations).

Question: Is there a reson to specify a maximum size for the freshness token?  If an implementor knows that the freshness token will be under some maximum, then the code can incorporate that information into the buffer management and easily discard any KRB-ERROR messages that exceed that maximum.

Minor Concerns

In the Abstract and Section 1 (Introduction), please spell out KDC the first time the acronym is used.

In Section 2.2 (Generation of KRB_ERROR Message), please give the reader a heads up that PA_AS_FRESHNESS is defined in this document.  I went looking for it in RFC 4120; a pointer could have avoided this wild goose chase.


In Figure 1, since the client begins the conversation, it would read better if the Client were on the left side of the figure.