[Gen-art] Gen-ART review of draft-ietf-krb-wg-tcp-expansion-01.txt
"Vijay K. Gurbani" <vkg@alcatel-lucent.com> Tue, 03 April 2007 04:20 UTC
Return-path: <gen-art-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HYaVV-0001Ir-CL; Tue, 03 Apr 2007 00:20:33 -0400
Received: from gen-art by megatron.ietf.org with local (Exim 4.43) id 1HYaVU-0001Im-O0 for gen-art-confirm+ok@megatron.ietf.org; Tue, 03 Apr 2007 00:20:32 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HYaVU-0001Ie-E1 for gen-art@ietf.org; Tue, 03 Apr 2007 00:20:32 -0400
Received: from ihemail1.lucent.com ([135.245.0.33]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HYaVP-00079M-6X for gen-art@ietf.org; Tue, 03 Apr 2007 00:20:32 -0400
Received: from ihmail.ih.lucent.com (h135-1-218-70.lucent.com [135.1.218.70]) by ihemail1.lucent.com (8.13.8/IER-o) with ESMTP id l334KMwO009594; Mon, 2 Apr 2007 23:20:22 -0500 (CDT)
Received: from [135.244.33.46] (vkg.lra.lucent.com [135.244.33.46]) by ihmail.ih.lucent.com (8.11.7p1+Sun/8.12.11) with ESMTP id l334KLA26374; Mon, 2 Apr 2007 23:20:21 -0500 (CDT)
Message-ID: <4611D605.10401@lucent.com>
Date: Mon, 02 Apr 2007 23:20:21 -0500
From: "Vijay K. Gurbani" <vkg@alcatel-lucent.com>
Organization: Bell Labs Security Technology Research Group
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: simon@josefsson.org
Subject: [Gen-art] Gen-ART review of draft-ietf-krb-wg-tcp-expansion-01.txt
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.33
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d185fa790257f526fedfd5d01ed9c976
Cc: gen-art@ietf.org, wpolk@nist.gov, hartmans-ietf@mit.edu, jhutz@cmu.edu
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Errors-To: gen-art-bounces@ietf.org
I have been selected as the General Area Review Team (Gen-ART) reviewer for this draft (for background on Gen-ART, please see http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-krb-wg-tcp-expansion-01.txt Reviewer: Vijay K. Gurbani Review Date: 2 April 2007 IESG Telechat date: 03 April 2007 Summary: This draft is basically ready for publication, but has nits that should be fixed before publication. Comments: This draft describes a mechanism to negotiate TCP-specific Kerberos extensions. Most of my comments are nits except one in S5. Please check the comment in S5 to see if it makes sense (an "upgrade" attack.) S3, Second paragraph: s/which extensions a KDC support/which extensions a KDC supports S3, Second paragraph: The last sentence of the second paragraph appears to fit better as a second sentence to the third paragraph. My reasoning is that in the second paragraph, you are defining what a probe is, and then next sentence essentially states that a probe is not required if a client knows that the server supports a particular extension. Not co-incidentally, that is the exact argument of the third paragraph. S3, Page 4, first paragraph: s/a, by the client, required extension/an extension required by the client. S4, first paragraph: I have a hard time making sense of last sentence on page 4: "When this was written, this problem existed in ..." The first "this" refers to the document at hand, I think. The second "this" refers to the implementations that do not confirm to rfc4120. Yes? If so, then I suggest re-writing the offending sentence to: "When this document was written, the problem described earlier existed in ..." S5 While reading the downgrade attack scenario, it struck me whether an "upgrade" attack can be mounted (please see if the following makes sense)? Client MiTM KDC 0x00000001 ---> # Client sends a probe 0x81900101 ---> # It is modified en-route <--- 0x00000000 # Server agrees <--- 0x00000000 # Passed thru <--- [additional data] <--- [additional data] # Passed thru Here, the client sent a probe, which was turned to a specific request for some extensions. The KDC, as it turns out, supports this specific extension (I am not sure whether 0x81900101 is a valid extension; I simply use it as an example.) So, the KDC sends a 0x00000000 followed by extension- specific data. The client, meanwhile, gets its probe answered with a 0x00000000 followed by data and it does not know what to do. Oh, one more thing: the draft needs the new boilerplate statements. Thanks, - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 2701 Lucent Lane, Rm. 9F-546, Lisle, Illinois 60532 (USA) Email: vkg@{alcatel-lucent.com,bell-labs.com,acm.org} WWW: http://www.alcatel-lucent.com/bell-labs _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Gen-ART review of draft-ietf-krb-wg-tcp… Vijay K. Gurbani