Re: GSS-API and SSL - their coexistence, and related issues
Marc Horowitz <marc@cygnus.com> Thu, 13 March 1997 06:17 UTC
Received: from cnri by ietf.org id aa09148; 13 Mar 97 1:17 EST
Received: from pad-thai.cam.ov.com by CNRI.Reston.VA.US id aa02696; 13 Mar 97 1:17 EST
Received: by pad-thai.cam.ov.com (8.8.5/) id <DAA25640@pad-thai.cam.ov.com>; Thu, 13 Mar 1997 03:56:15 GMT
To: bjb@trsvr.tr.unisys.com
Cc: cat-ietf@mit.edu, CryptoAPI@listserv.msn.com, ssl-talk@netscape.com
Subject: Re: GSS-API and SSL - their coexistence, and related issues
References: <3327210C.3FBA@trsvr.tr.unisys.com>
From: Marc Horowitz <marc@cygnus.com>
Date: Wed, 12 Mar 1997 22:55:25 -0500
Message-Id: <t53d8t4v42a.fsf@rover.cygnus.com>
Lines: 122
X-Mailer: Gnus v5.3/Emacs 19.34
Precedence: bulk
Bill Buffam <bjb@trsvr.tr.unisys.com> writes: >> Judging by the traffic level, it seems to me that there's a lot of >> apathy on the question of the merits and feasibility of putting GSS-API >> over SSL. Which leads me to think that perhaps this is the wrong >> question. I want to try to summarize what I think are the requirements, >> and what the options and issues are. I think your analysis is reasonable. I caught a bit of this thread on cat-ietf@mit.edu, and responded there, but seem to have missed the members of the other two lists, so I'm going to repost the whole thing. Apologies if you see it twice. I hate to say this, but if people reply, keeping it on all the lists would be good, since not everyone is subbed everywhere. --cut-- Mike Eisler <Michael.Eisler@eng.sun.com> writes: >> I've had similar thoughts. One could create a GSS-API mechanism >> that mimiced SSL's CipherSuites as QOP values (using the same >> numerical values). And one could also mimic SSL's CipherSuite >> negotiation during the GSS_Init_sec_context/GSS_Accept_sec_context >> handshake. >> >> The value in this would be in simplifying the deployment of >> protocols that use GSS-API security into operating environments >> that favor SSL (for example web browsers). While the result would >> NOT be the SSL protocol, it would be security equivalent to what >> SSL delivers. Presumably, if the operating environment has >> modularized the SSL layer appropriately, the GSS-SSL mechanism >> could share code with the SSL protocol's API: >> >> >> internal SSL-api GSS-API >> | | >> ssl-protocol engine gss-ssl-mech >> \ / >> ssl-crypto-code I've had similar thoughts to Mike's but I'd splice it in somewhat differently. SSL has two advantages. From an application author's point of view, you have a sockets-like api which implements a secure channel. From a security point of view, you have a deployed key infrastructure (which is somewhat fragmented and incomplete, but between netscape, verisign, and RSA, it's getting somewhere): internal ssl api | x.509 + sockets I would add gssapi in there as a cryptosuite: internal ssl (tls) api | (gssapi, x.509) + sockets | x.509-ssl, kerberos, spkm, whatever This would let new and old ssl apps continue to work together. A pair of new ssl apps could use any gssapi mechanism instead of x.509 certificates. Also, apps which didn't want to use ssl could still take advantage of the key management infrastructure (mainly the widely-known commercial CA's) growing up around SSL. Adding gssapi here would be very similar to Ari's kerberos draft. Marc --cut-- My response basically fits in as a variant of option 2c in Bill's analysis: >> (c) We can apparently embrace Kerberos migration within the SSL >> mechanism, as defined in >> ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-kerb-cipher-suites-00.txt >> This implies that SSL (or TLS or whatever it becomes) becomes the >> unifying framework within which all future session-oriented security >> mechanisms will live. It appears to set the stage for GSS-API and >> SSL/TLS to compete for the role of unifying orchestrator of >> session-oriented security. The very existence of this draft seems to me >> to be a tacit admission that current SSL techniques are more >> developer-friendly than GSS-API. Perhaps the authors could comment. My integration would seem to provide for a nice split between SSL/TLS and GSSAPI. SSL/TLS provides a simple API for application developers to implement to. Of course, for some applications, the simple approach of protecting the transport layer will be inadequate, and those developers can use the more complex but more powerful GSSAPI. GSSAPI can be used as an SSPI, as Microsoft is doing, and as an API. It would be very nice if MS would participate in this aspect of the IETF, so that there are not two different but related standards for this (MS and IETF). Other consumers of the GSSAPI could include ONC RPC, IPsec, and proprietary applications such as Oracle. GSSAPI, then, is used as an interface for providing different key *management* systems. What is interesting about the differences between SSL/X.509, Kerberos, PGP, etc. is not the difference in cryptosystems (RC4 vs DES vs IDEA), but the difference in key management approach (heirarchical public key infrastructure vs central trusted third-party vs web of trust). SSL key management can remain parallel to GSSAPI for backward compatibility, but future development should continue under GSSAPI, so that users of other API's can benefit. At the bottom of the abstraction is the application of cryptosuites to various key management infrastructures. There isn't a particular standard I can think of right now for this, but it would seem to be possible to define a standard to allow cryptographic algorithms (in particular, cryptosystems, hashes, MAC's, and combinations) to be portably and safely consumed by a wide range of security technologies. This layering does not allow one to make GSSAPI calls and get a series of tokens which are wire-compatible with SSL, but I don't think that's important, either. What GSSAPI does need is an extension to better support stream-oriented I/O. Richard Ward: are there any documents which describe the SSPI, and does it make sense on non-windows os's? (I know, you don't care :-) Marc
- Re: GSS-API and SSL - their coexistence, and rela… Bill Buffam
- Re: GSS-API and SSL - their coexistence, and rela… Rich Salz
- Re: GSS-API and SSL - their coexistence, and rela… Theodore Y. Ts'o
- [Fwd: Re: GSS-API and SSL - their coexistence, an… John Jones
- Re: GSS-API and SSL - their coexistence, and rela… Bill Buffam
- Re: GSS-API and SSL - their coexistence, and rela… Theodore Y. Ts'o
- Re: GSS-API and SSL - their coexistence, and rela… Marc Horowitz
- Re: GSS-API and SSL - their coexistence, and rela… Rich Salz
- Re: GSS-API and SSL - their coexistence, and rela… Marc Horowitz
- Re: GSS-API and SSL - their coexistence, and rela… Bill Buffam
- RE: GSS-API and SSL - their coexistence, and rela… Michel Ranger
- Re: GSS-API and SSL - their coexistence, and rela… Bill Buffam
- Re: GSS-API and SSL - their coexistence, and rela… Matt Hur
- Re: [Fwd: Re: GSS-API and SSL - their coexistence… Todd S. Glassey
- Re: GSS-API and SSL - their coexistence, and rela… Martin Rex
- Re: GSS-API and SSL - their coexistence, and rela… John Nunneley
- GSS-API and SSL - their coexistence, and related … Bill Buffam
- Re: GSS-API and SSL - their coexistence, and rela… David P. Kemp