IETF Logo Mail Archive

[kitten] draft-ietf-kitten-cammac kdc-verifier omission

Greg Hudson <ghudson@mit.edu> Wed, 11 February 2015 21:19 UTC

Return-Path: <ghudson@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A7381A1BDC for <kitten@ietfa.amsl.com>; Wed, 11 Feb 2015 13:19:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id panMW0w0M_ew for <kitten@ietfa.amsl.com>; Wed, 11 Feb 2015 13:19:30 -0800 (PST)
Received: from dmz-mailsec-scanner-5.mit.edu (dmz-mailsec-scanner-5.mit.edu [18.7.68.34]) by ietfa.amsl.com (Postfix) with ESMTP id 626A61A1BF8 for <kitten@ietf.org>; Wed, 11 Feb 2015 13:19:29 -0800 (PST)
X-AuditID: 12074422-f79d16d0000024cf-7d-54dbc7600945
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-5.mit.edu (Symantec Messaging Gateway) with SMTP id 4D.4E.09423.067CBD45; Wed, 11 Feb 2015 16:19:28 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id t1BLJRGW031895 for <kitten@ietf.org>; Wed, 11 Feb 2015 16:19:28 -0500
Received: from localhost (equal-rites.mit.edu [18.18.1.59]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t1BLJRiI021777 for <kitten@ietf.org>; Wed, 11 Feb 2015 16:19:27 -0500
From: Greg Hudson <ghudson@mit.edu>
To: kitten@ietf.org
Date: Wed, 11 Feb 2015 16:19:26 -0500
Message-ID: <x7d7fvo404h.fsf@equal-rites.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrGIsWRmVeSWpSXmKPExsUixG6nrptw/HaIwe/TqhZHN69icWD0WLLk J1MAYxSXTUpqTmZZapG+XQJXxvc1i5kLzvNV3Lp3iamB8Tl3FyMnh4SAicS1P9+YIGwxiQv3 1rN1MXJxCAksZpLo/PWLHcI5zijR8ayLFcLpYJLYPvU3K0gLm4CyxPr9W1lAbBEBYYndW98x g9jCAuYSq28fArNZBFQlFqw7DzSWg4NXwFBi6foQkDCvgKDEyZlPwFqZBSQkDr54wTyBkWcW ktQsJKkFjEyrGGVTcqt0cxMzc4pTk3WLkxPz8lKLdE31cjNL9FJTSjcxgoPDRWkH48+DSocY BTgYlXh4PbbeChFiTSwrrsw9xCjJwaQkyht59HaIEF9SfkplRmJxRnxRaU5q8SFGCQ5mJRFe xm1AOd6UxMqq1KJ8mJQ0B4uSOO+mH3whQgLpiSWp2ampBalFMFkZDg4lCV6LY0CNgkWp6akV aZk5JQhpJg5OkOE8QMPLQGp4iwsSc4sz0yHypxgVpcR5ZUASAiCJjNI8uF5Y9L5iFAd6RZi3 E6SKBxj5cN2vgAYzAQ2eOANscEkiQkqqgbHealvpC+Vv53YzXry6/u0bRT0O3dBrvGwb1KR/ PU3cJGM1qXeO7xsjpfrG7z56e76U3q428Q4+8OzX3b8vrkw7v2tLOL/Krsn//QSyuTdf3neo 6Nfbv7rKLuaXe2fqFH7dezCM772w65wrkxrvHPr63Yn7c8xnhtpPzEXKOY/OKRo8nOX98sMi JZbijERDLeai4kQAF3zMA7kCAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/1cogAo_PJpNeERuF6Cn1l8fL2iY>
Subject: [kitten] draft-ietf-kitten-cammac kdc-verifier omission
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2015 21:19:34 -0000

draft-ietf-kitten-cammac is in the RFC editor queue, so I assume it's
too late to make any non-trivial corrections, but we noticed an issue
with the security considerations section when going over cross-realm
scenarios.

When we decided to make kdc-verifier optional, we provided guidance to
KDC implementors to avoid attacks where services can forge CAMMAC data
and get KDCs to put kdc-verifiers on them.  So we wrote:

    The KDC MUST NOT create a new CAMMAC from an existing one unless the
    existing CAMMAC has a valid kdc-verifier, with two exceptions:

    1. [Local TGTs under certain assumptions about realm KDCs]

    2. [Ticket modification requests, but the KDC] MUST NOT place a
       kdc-verifier in the new CAMMAC.

We missed a third case.  If the header ticket is an incoming cross-realm
TGT, any CAMMACs in that ticket can only be verified with the
svc-verifier; the kdc-verifier, if present, will be signed with the
foreign realm's local TGS key.  (Section 4 makes it clear that the
kdc-verifier always uses the local TGS key and the svc-veriifer uses the
cross TGS key for cross-realm TGTs.)  Nevertheless, the KDC may choose
to filter and propagate CAMMAC-signed authdata originating from the
foreign realm.  For example, a KDC might choose to propagate
authentication indicators, perhaps translating them into local realm
indicator conventions, since only the foreign realm can know how the
client originally authenticated.  If the local KDC is propagating
authdata originating from the foreign realm, it must place a local realm
kdc-verifier on the CAMMAC it produces if the issued ticket might be
used in an S4U2Proxy request.

I suspect we will have to submit an errata for this, amending "two
exceptions" to "three exceptions" and adding a third exception to cover
the case of incoming cross-realm requests.

v2.23.0 | Report a Bug | By Email