IETF Logo Mail Archive

Re: [kitten] Any Interest in a Key Delivery Service?

"Henry B (Hank) Hotz, CISSP" <hbhotz@oxy.edu> Wed, 13 September 2017 05:11 UTC

Return-Path: <hbhotz@oxy.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 633411330BF for <kitten@ietfa.amsl.com>; Tue, 12 Sep 2017 22:11:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.534
X-Spam-Level:
X-Spam-Status: No, score=-3.534 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R3y_Z5YfB3-x for <kitten@ietfa.amsl.com>; Tue, 12 Sep 2017 22:11:57 -0700 (PDT)
Received: from mailout.easymail.ca (mailout.easymail.ca [64.68.200.34]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2290F133059 for <kitten@ietf.org>; Tue, 12 Sep 2017 22:11:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id 25430C8938; Wed, 13 Sep 2017 05:11:56 +0000 (UTC)
Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo01-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ygBMFkilwjNy; Wed, 13 Sep 2017 05:11:56 +0000 (UTC)
Received: from macbook-air-2.lan (66-215-86-135.dhcp.psdn.ca.charter.com [66.215.86.135]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id 930EDC08BD; Wed, 13 Sep 2017 05:11:51 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: "Henry B (Hank) Hotz, CISSP" <hbhotz@oxy.edu>
In-Reply-To: <20170913013057.B1BEE8E632@pb-smtp2.pobox.com>
Date: Tue, 12 Sep 2017 22:11:50 -0700
Cc: "kitten@ietf.org <kitten@ietf.org>" <kitten@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <7BAC4A7B-5585-4CF0-8373-9BD54C3281FD@oxy.edu>
References: <2FB98F5F-3981-4EFF-8CFF-FF6B5B3D485C@oxy.edu> <20170913013057.B1BEE8E632@pb-smtp2.pobox.com>
To: Ken Hornstein <kenh@pobox.com>
X-Mailer: Apple Mail (2.2104)
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/0wTJQ3UwDrMwm6U4a4RfemDsEmk>
Subject: Re: [kitten] Any Interest in a Key Delivery Service?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2017 05:11:59 -0000

> On Sep 12, 2017, at 6:30 PM, Ken Hornstein <kenh@pobox.com> wrote:
> 
>> I have run into a couple of cases where I wanted the kdc to provide --
>> not a service ticket -- but an actual encryption key for some data at
>> rest. (Specifically an encrypted disk or a database.)
> 
> It seems like a lot of people use KMIP for that.  I think it would make
> sense to be able to use Kerberos to authenticate to KMIP, but in my brief
> interaction with some people who claimed to be KMIP people, they did
> not understand why I would want that

Bashes head against wall. . .

> (there is a super brief mention
> of Kerberos in the protocol document, but if you read it closely clearly
> they weren't serious about doing Kerberos authentication for real; the
> protocol would need a lot more specification to be something you could
> implement).
> 
> —Ken

OK, so should we produce a spec that tells them how to do it, or would that just trigger NIH (not invented here)?

Personal email.  hbhotz@oxy.edu

v2.23.0 | Report a Bug | By Email