IETF Logo Mail Archive

[kitten] Diffie-Hellman modulus sizing in Kerberos PKINIT

Robbie Harwood <rharwood@redhat.com> Fri, 30 July 2021 14:31 UTC

Return-Path: <rharwood@redhat.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C4783A2C02 for <kitten@ietfa.amsl.com>; Fri, 30 Jul 2021 07:31:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.548
X-Spam-Level:
X-Spam-Status: No, score=-2.548 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PK7m7A6H9K8O for <kitten@ietfa.amsl.com>; Fri, 30 Jul 2021 07:31:21 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF1D03A2C00 for <kitten@ietf.org>; Fri, 30 Jul 2021 07:31:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1627655480; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=HO9QI3tjgVdmqgZX7uZ9bbMTP+XxWHVfklCfCvxR8dg=; b=gZgzDWTwyQJaqn9SLx0p7ojaSgBMiBtt4+tEaDEIoKh6R5FOk55byj2vwAIQCEGcrjZng6 +X4+YkQiuooRcmLPp/V7+//Zj2/rU+c6EB5WwBMb2pPR0LFhdsllCocjg8LtXDOwczFHC/ v91+aT05JvbqLzau3p0UnOq8TxkSCGQ=
Received: from mail-qv1-f69.google.com (mail-qv1-f69.google.com [209.85.219.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-322-0cumWvnXPIyqWgsrVrQCUw-1; Fri, 30 Jul 2021 10:31:17 -0400
X-MC-Unique: 0cumWvnXPIyqWgsrVrQCUw-1
Received: by mail-qv1-f69.google.com with SMTP id gg10-20020a056214252ab02902f3a4c41d77so6043298qvb.18 for <kitten@ietf.org>; Fri, 30 Jul 2021 07:31:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version; bh=HO9QI3tjgVdmqgZX7uZ9bbMTP+XxWHVfklCfCvxR8dg=; b=adUM9aT1rNkO8rZ829yKxDvF4+LzC8nUk7z18QuBz8B+hCaXQo8P2ZO3UOax+Uoo6N HDMkQQqIdgmVQe/owb4fPimGFNiRcHmcQRJ4gtMDrS7++yAuZPRgCS9lL1P9Ve22GRB9 24uPoWjkaB6c21CWTUsycEEmvv5hi162Z+8OCUmx+uubEnKXe31u22OYbn2hi3ZAWTTF giN+3pHFbV5kzUhZzTfiXlIlyPxgLSrS324uRIDKaSnsX3/6JNZULMuJqesOADJIwNuv OlI95q2zj3JDmduRYPEe3A4KOslMy+gW/FZzmp6jzbbB6edUvC0UJkiZhqq+B3pF+XU9 XVdg==
X-Gm-Message-State: AOAM533lACXacaLTmtXr2Grsax8DsL7/Lqx52CiVosM4d7AjqNzDEXZI 0fHEsTRTRVi23luRPuMBOgnzLxU2OjsxkgK/loRGheO5DasQi6oGSe9ZF0OTlZw6CAIE4V0lU1+ o16qt0a4=
X-Received: by 2002:a37:658c:: with SMTP id z134mr2662543qkb.310.1627655477173; Fri, 30 Jul 2021 07:31:17 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJz1PSXzr2iYR2JjVn5/7z2tDJft8fS9LpbsVRi//UKpczIM0/iq/R9TSaHjmLIOFxa1l0/sEA==
X-Received: by 2002:a37:658c:: with SMTP id z134mr2662516qkb.310.1627655476862; Fri, 30 Jul 2021 07:31:16 -0700 (PDT)
Received: from localhost (c-71-232-17-31.hsd1.ma.comcast.net. [71.232.17.31]) by smtp.gmail.com with ESMTPSA id t64sm976371qkd.71.2021.07.30.07.31.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 30 Jul 2021 07:31:16 -0700 (PDT)
From: Robbie Harwood <rharwood@redhat.com>
To: curdle@ietf.org, kitten@ietf.org
Date: Fri, 30 Jul 2021 10:31:14 -0400
Message-ID: <jlgeebfzxe5.fsf@redhat.com>
MIME-Version: 1.0
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=rharwood@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/6ddB7RMYxjUoqVhsEQPAxqJyDgQ>
Subject: [kitten] Diffie-Hellman modulus sizing in Kerberos PKINIT
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 14:31:26 -0000

Hi curdle + kitten,

I've put together a short document to update the minimum DH modulus size
used in Kerberos Public Key Initial Authentication (RFC 4556), similar
to what RFC 8270 did for SSH.

It can be found at:
https://datatracker.ietf.org/doc/draft-harwood-krb-pkinit-dh-upsize/

Be well,
--Robbie

v2.8.7 | Report a Bug | By Email