Re: [Gen-art] Gen-art Telechat review of draft-ietf-nfsv4-rpcsec-gssv3-15
"Adamson, Andy" <William.Adamson@netapp.com> Fri, 22 January 2016 16:30 UTC
Return-Path: <William.Adamson@netapp.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7ED21AD49F; Fri, 22 Jan 2016 08:30:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.902
X-Spam-Level:
X-Spam-Status: No, score=-6.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id apO4hHGgi4SY; Fri, 22 Jan 2016 08:30:18 -0800 (PST)
Received: from mx141.netapp.com (mx141.netapp.com [216.240.21.12]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47DA41AD49D; Fri, 22 Jan 2016 08:30:18 -0800 (PST)
X-IronPort-AV: E=Sophos;i="5.22,332,1449561600"; d="scan'208";a="95832390"
Received: from hioexcmbx08-prd.hq.netapp.com ([10.122.105.41]) by mx141-out.netapp.com with ESMTP; 22 Jan 2016 08:25:17 -0800
Received: from HIOEXCMBX03-PRD.hq.netapp.com (10.122.105.36) by hioexcmbx08-prd.hq.netapp.com (10.122.105.41) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Fri, 22 Jan 2016 08:25:16 -0800
Received: from HIOEXCMBX03-PRD.hq.netapp.com ([::1]) by hioexcmbx03-prd.hq.netapp.com ([fe80::644f:85d6:6e9c:9797%21]) with mapi id 15.00.1130.005; Fri, 22 Jan 2016 08:25:16 -0800
From: "Adamson, Andy" <William.Adamson@netapp.com>
To: Elwyn Davies <elwynd@dial.pipex.com>
Thread-Topic: Gen-art Telechat review of draft-ietf-nfsv4-rpcsec-gssv3-15
Thread-Index: AQHRUInqkTo22JFUskiYHKSbjCbzVJ8FXFyAgALp0gCAAAHMAA==
Date: Fri, 22 Jan 2016 16:25:15 +0000
Message-ID: <42B1478E-EC74-4640-96DB-ADCEA7162067@netapp.com>
References: <569A88B9.3020804@dial.pipex.com> <879D42CC-2A6A-444A-B295-E553E5D52935@netapp.com> <56A25668.5070708@dial.pipex.com>
In-Reply-To: <56A25668.5070708@dial.pipex.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.2098)
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.122.56.79]
Content-Type: text/plain; charset="utf-8"
Content-ID: <97E8D01843C9B645ADF0E80B654D4E3C@hq.netapp.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/AvST2vbFT-FleFCM7keA7VDgNLs>
Cc: General area reviewing team <gen-art@ietf.org>, "Adamson, Andy" <William.Adamson@netapp.com>, Tom Haynes <thomas.haynes@primarydata.com>, "draft-ietf-nfsv4-rpcsec-gssv3.all@ietf.org" <draft-ietf-nfsv4-rpcsec-gssv3.all@ietf.org>
Subject: Re: [Gen-art] Gen-art Telechat review of draft-ietf-nfsv4-rpcsec-gssv3-15
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2016 16:30:20 -0000
> On Jan 22, 2016, at 11:18 AM, Elwyn Davies <elwynd@dial.pipex.com> wrote: > > Hi, Andy. > > Thanks for the update. Hi Elywn > > Version 16 is fine by me - all done. Good - Thanks again for all the help. You really cleared up sections of the draft. > > As regards minorversion2, I'm afraid I misunderstood the implications (or otherwise) of the discussions of multiple principals. As you say, minorversion2 doesn't use the multiprincipal option. At one time, NFSv4.2 did use the multi-principal assertion…... —>Andy > > Regards, > Elwyn > > On 20/01/2016 19:49, Adamson, Andy wrote: >>> On Jan 16, 2016, at 1:15 PM, Elwyn Davies <elwynd@dial.pipex.com> wrote: >>> >>> I am the assigned Gen-ART reviewer for this draft. The General Area >>> Review Team (Gen-ART) reviews all IETF documents being processed >>> by the IESG for the IETF Chair. Please wait for direction from your >>> document shepherd or AD before posting a new version of the draft. >>> >>> For more information, please see the FAQ at >>> >>> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. >>> >>> Document: draft-ietf-nfsv4-rpcsec-gssv3-15.txt >>> Reviewer: Elwyn Davies >>> Review Date: 2016/01/16 >>> IETF LC End Date: 2015/12/09 >>> IESG Telechat date: 2016/01/21 >> Hi Elwyn >> >> Where can I find the telechat details (time off call and phone #)? >> >> >>> Summary: Almost ready. Thank you for addressing my comments from the last call review. For the record there are a couple of other points that have been raised elsewhere that need to be addressed. >>> >>> Major issues: >>> s2.7.1/s4: There is a security issue with RPCSEC_GSS_CREATE when multi-principal authentication is required. See mail [1] below. This may have a (minor) knock-on effect of the NFSv4.2 specification where this is used; as currently specified (draft-ietf-nfsv4-minorversion2-40) use of privacy is already mandated for at least some of the relevant uses of RPCSEC_GSS_CREATE in NFSv4.2 which will mitigate the problem. I have raised this issue in the Telechat review of the NFSv4.2 draft to ensure that privacy is mandated in *all* relevant cases - and to ensure changes are coordinated. >> NFSv4.2 does not use the multi-principal assertion. >> >> —>Andy >> >>> Minor issues: >>> s2.7.1.4: Some refinement of the constraints on the rp_name string marked as 'human readable' would be desirable. >>> >>> Nits/editorial comments: >>> None >>> >>> ======================================== >>> [1] >>>> From: Nico Williams <nico@cryptonector.com> >>>> Subject: Re: rpcsec-gssv3 >>>> Date: January 11, 2016 at 8:01:52 PM EST >>>> To: Benjamin Kaduk <kaduk@mit.edu> >>>> Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "sec-ads@ietf.org" <sec-ads@ietf.org>, Spencer Dawkins <spencerdawkins.ietf@gmail.com>, Martin Stiemerling <mls.ietf@gmail.com>, "Adamson, Andy" <William.Adamson@netapp.com> >>>> >>>> On Thu, Jan 07, 2016 at 02:14:01PM -0600, Nico Williams wrote: >>>>> Ok, thanks. I'll post a write up this Saturday. >>>> Or on Monday. >>>> >>>> OK, so, a while back Ben Kaduk noticed that there is a security problem >>>> with the RPCSEC_GSS_CREATE procedure with multi-principal >>>> authentication. >>>> >>>> The attack varies from easy to difficult to mount depending on whether >>>> the server implements a global or per-connection GSS context handle >>>> namespace, and whether it assigns them in a way that the attacker can >>>> get a specific context handle number assigned to it. >>>> >>>> There are two fixes, the simplest of which is to require that the >>>> RPCSEC_GSS_CREATE procedure be called with privacy protection when using >>>> the multi-principal authentication feature. >>>> >>>> To recap how the RPCSEC_GSS_CREATE procedure with multi-principal >>>> authentication feature works, the client first makes a MIC token with a >>>> GSS context that authenticates the user to the server, then it it uses >>>> that MIC in the payload of the RPCSEC_GSS_CREATE procedure. The >>>> RPCSEC_GSS_CREATE procedure is itself protected with a GSS context that >>>> authenticates the client. >>>> >>>> The problem is that the data that the user GSS context MICs is >>>> insufficiently strong a statement of intent because it only identifies >>>> the client host GSS context by its RPCSEC_GSS context handle ID and >>>> nothing more. An attacker that can intercept an RPCSEC_GSS_CREATE >>>> procedure and cause the RPCSEC_GSS context handle to get re-assigned >>>> will be able to steal the victim's identity. >>>> >>>> There are a number of solid fixes that fall into two classes: >>>> >>>> 1) Add to the data that the user context MICs in order to improve the >>>> quality of the statement of intent. >>>> >>>> E.g., add the client host principal's name. Or add a MIC made with >>>> the client host's GSS context. >>>> >>>> 2) Make it so the attacker cannot steal the MIC made with the user GSS >>>> context. >>>> >>>> E.g., use privacy protection for the RPCSEC_GSS_CREATE procedure, >>>> thus the MIC made with the user GSS context cannot be obtained by the >>>> attacker without having the client host's or server's credentials. >>>> Stephen proposed this. >>>> >>>> (The OpenAFS rxgk protocol uses GSS_Pseudo_random() [RFC4401] to >>>> similar effect.) >>>> >>>> At this stage the simplest thing to do is to require that clients always >>>> use privacy protection for the RPCSEC_GSS_CREATE procedure. Note >>>> that there is nothing that the server can do to prevent this attack if >>>> clients don't use privacy protection for this, but the server should >>>> still reject RPCSEC_GSS_CREATE procedure calls without privacy >>>> protection. (All of this is only for the multi-principal authentication >>>> case.) >>>> >>>> Nico >>>> -- >>> >
- [Gen-art] Gen-art Telechat review of draft-ietf-n… Elwyn Davies
- Re: [Gen-art] Gen-art Telechat review of draft-ie… Adamson, Andy
- Re: [Gen-art] Gen-art Telechat review of draft-ie… Martin Stiemerling
- Re: [Gen-art] Gen-art Telechat review of draft-ie… Adamson, Andy
- Re: [Gen-art] Gen-art Telechat review of draft-ie… Elwyn Davies
- Re: [Gen-art] Gen-art Telechat review of draft-ie… Adamson, Andy