Re: [kitten] draft-ietf-kitten-rfc4402bis-00 (was: Re: WGLC for three "bis" documents: draft-ietf-kitten-rfc4402bis-00, draft-ietf-kitten-rfc5653bis-01, draft-ietf-kitten-rfc6112bis-00)
Nico Williams <nico@cryptonector.com> Wed, 18 February 2015 03:40 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C2211A86EF for <kitten@ietfa.amsl.com>; Tue, 17 Feb 2015 19:40:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.044
X-Spam-Level:
X-Spam-Status: No, score=-1.044 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tnBaIBKK7zo6 for <kitten@ietfa.amsl.com>; Tue, 17 Feb 2015 19:40:58 -0800 (PST)
Received: from homiemail-a89.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 5F1391A86E3 for <kitten@ietf.org>; Tue, 17 Feb 2015 19:40:58 -0800 (PST)
Received: from homiemail-a89.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a89.g.dreamhost.com (Postfix) with ESMTP id 20F19318059 for <kitten@ietf.org>; Tue, 17 Feb 2015 19:40:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=uy2+zSDdxHyNX8zJZq2E 4vWWfXQ=; b=RTsT4L+/G6uCqyhZckTiro53Ovuv2W3n1hn2wTq9kERmUiZeOGrN BDprALjTpw+qp6O0XyTFGxkKAF+XpZXtHsSDriTvqzSTTDyY+fPBm8XYvlj1A1dN BuRzxs5Wd5HHBg9zwibWOJ5gCXnQJBDZzhQe/SlGq8qIbxHYEchwqHI=
Received: from mail-ie0-f181.google.com (mail-ie0-f181.google.com [209.85.223.181]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a89.g.dreamhost.com (Postfix) with ESMTPSA id 0D82031805D for <kitten@ietf.org>; Tue, 17 Feb 2015 19:40:58 -0800 (PST)
Received: by iecrp18 with SMTP id rp18so30519856iec.9 for <kitten@ietf.org>; Tue, 17 Feb 2015 19:40:57 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.107.27.143 with SMTP id b137mr13976974iob.76.1424230857559; Tue, 17 Feb 2015 19:40:57 -0800 (PST)
Received: by 10.64.130.66 with HTTP; Tue, 17 Feb 2015 19:40:57 -0800 (PST)
In-Reply-To: <alpine.GSO.1.10.1502172140380.3953@multics.mit.edu>
References: <alpine.GSO.1.10.1501201753140.23489@multics.mit.edu> <54CE9F5B.9070808@mit.edu> <alpine.GSO.1.10.1502131258090.3953@multics.mit.edu> <54E2BFE4.4000003@oracle.com> <alpine.GSO.1.10.1502172140380.3953@multics.mit.edu>
Date: Tue, 17 Feb 2015 21:40:57 -0600
Message-ID: <CAK3OfOirmVgxgmW7LzO18yuC8ZFCHJs2HsB4wK-0bxpNSAFGuw@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/AsPXHCG6B65HtFBEKScUNdb1ABs>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] draft-ietf-kitten-rfc4402bis-00 (was: Re: WGLC for three "bis" documents: draft-ietf-kitten-rfc4402bis-00, draft-ietf-kitten-rfc5653bis-01, draft-ietf-kitten-rfc6112bis-00)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Feb 2015 03:40:59 -0000
On Tue, Feb 17, 2015 at 8:43 PM, Benjamin Kaduk <kaduk@mit.edu> wrote: > On Mon, 16 Feb 2015, Shawn M Emery wrote: >> Thanks for your review, comments in-line... >> On 02/13/15 11:16 AM, Benjamin Kaduk wrote: >> >> > The original RFC 4402 security considerations include: >> > >> > [...] if an >> > application can be tricked into providing very large input octet >> > strings and requesting very long output octet strings, then that may >> > constitute a denial of service attack on the application; therefore, >> > applications SHOULD place appropriate limits on the size of any input >> > octet strings received from their peers without integrity protection. >> > >> > It is not clear to me that integrity protection is sufficient to alleviate >> > the denial of service attack, since verifying the message integrity may >> > itself consume a substantial amount of resources. >> >> I interpret this statement differently: >> >> If integrity protection is not enforced then an attacker can construct an >> arbitrarily long string. > > > Woudln't the attacker be able to do that without needing a very large > input string, though? I guess the claims it that each individual > pseudo-random() call is more expensive on a long input, so your > interpretation is still plausible. I think the original was about use of the PRF to bind something like, say, a TLS handshake. Now suppose you send such messages that are very large prior to completing authentication. Anyways, it's not a realistic problem. I think that was stretching to cover what in retrospect strikes me as a non-issue. Nico --
- [kitten] On stream-based GSSContext methods in RF… Wang Weijun
- Re: [kitten] On stream-based GSSContext methods i… Weijun Wang
- Re: [kitten] On stream-based GSSContext methods i… Nico Williams
- Re: [kitten] On stream-based GSSContext methods i… Nico Williams
- Re: [kitten] On stream-based GSSContext methods i… Thomas Maslen
- Re: [kitten] On stream-based GSSContext methods i… Wang Weijun
- Re: [kitten] WGLC for three "bis" documents: draf… Sam Hartman
- Re: [kitten] WGLC for three "bis" documents: draf… Shawn M Emery
- Re: [kitten] WGLC for three "bis" documents: draf… Weijun Wang
- Re: [kitten] WGLC for three "bis" documents: draf… Martin Rex
- [kitten] WGLC for three "bis" documents: draft-ie… Benjamin Kaduk
- Re: [kitten] WGLC for three "bis" documents: draf… Benjamin Kaduk
- Re: [kitten] WGLC for three "bis" documents: draf… Weijun Wang
- Re: [kitten] WGLC for three "bis" documents: draf… Greg Hudson
- Re: [kitten] WGLC for three "bis" documents: draf… Wang Weijun
- Re: [kitten] WGLC for three "bis" documents: draf… Benjamin Kaduk
- [kitten] draft-ietf-kitten-rfc5653bis-02 review Benjamin Kaduk
- Re: [kitten] WGLC for three "bis" documents: draf… Greg Hudson
- Re: [kitten] WGLC for three "bis" documents: draf… Weijun Wang
- Re: [kitten] WGLC for three "bis" documents: draf… Benjamin Kaduk
- Re: [kitten] WGLC for three "bis" documents: draf… Weijun Wang
- Re: [kitten] WGLC for three "bis" documents: draf… Benjamin Kaduk
- Re: [kitten] WGLC for three "bis" documents: draf… Benjamin Kaduk
- Re: [kitten] WGLC for three "bis" documents: draf… Weijun Wang
- Re: [kitten] WGLC for three "bis" documents: draf… Weijun Wang
- Re: [kitten] WGLC for three "bis" documents: draf… Greg Hudson
- Re: [kitten] WGLC for three "bis" documents: draf… Weijun Wang
- Re: [kitten] WGLC for three "bis" documents: draf… Bill Mills
- Re: [kitten] WGLC for three "bis" documents: draf… Greg Hudson
- Re: [kitten] draft-ietf-kitten-rfc5653bis-02 revi… Wang Weijun
- Re: [kitten] last week of WGLC for three "bis" do… Benjamin Kaduk
- Re: [kitten] WGLC for three "bis" documents: draf… Benjamin Kaduk
- Re: [kitten] WGLC for three "bis" documents: draf… Nico Williams
- Re: [kitten] WGLC for three "bis" documents: draf… Nico Williams
- Re: [kitten] draft-ietf-kitten-rfc5653bis-02 revi… Nico Williams
- Re: [kitten] draft-ietf-kitten-rfc5653bis-02 revi… Nico Williams
- Re: [kitten] draft-ietf-kitten-rfc4402bis-00 (was… Shawn M Emery
- Re: [kitten] WGLC for three "bis" documents: draf… Benjamin Kaduk
- Re: [kitten] draft-ietf-kitten-rfc4402bis-00 (was… Benjamin Kaduk
- Re: [kitten] draft-ietf-kitten-rfc4402bis-00 (was… Nico Williams
- Re: [kitten] WGLC for three "bis" documents: draf… Benjamin Kaduk
- Re: [kitten] WGLC for three "bis" documents: draf… Benjamin Kaduk
- Re: [kitten] draft-ietf-kitten-rfc4402bis-00 Shawn M Emery