IETF Logo Mail Archive

Re: [kitten] Replacing Kerberos (Re: Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03)

Nico Williams <nico@cryptonector.com> Mon, 20 February 2023 07:18 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3FE3C1516E3 for <kitten@ietfa.amsl.com>; Sun, 19 Feb 2023 23:18:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JiVAqYgKcD8Y for <kitten@ietfa.amsl.com>; Sun, 19 Feb 2023 23:18:26 -0800 (PST)
Received: from aye.elm.relay.mailchannels.net (aye.elm.relay.mailchannels.net [23.83.212.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F440C151553 for <kitten@ietf.org>; Sun, 19 Feb 2023 23:18:26 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 451743E19FB; Mon, 20 Feb 2023 07:18:25 +0000 (UTC)
Received: from pdx1-sub0-mail-a299.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id CD8A23E1373; Mon, 20 Feb 2023 07:18:24 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1676877504; a=rsa-sha256; cv=none; b=YXdrXji9OJ1Y+OdfL4aLNHRwdttJWrs1c3i0KuMg66KrNGVmShYOKNcD9TuskcUYOAoSgV t9vtxed0kPQrCQTl8AXWVqEoKYtV8iF+nb3AwGBsaGNFoGMTWpePvIJzMRRO3CFGntOm5r gwAEXR0sSwRHR9ZTArn/LoiqMP1jEoY9EWZVfqiUiLX6S0IkNNzq/fLUoGnXW8AiQCRXiJ Bu+E8WqZGlU8CPMtqY18cYeFuZZ0SP4XxNsRbHDXeTDzqUpj9k0cLZBIM0QTOIh0L+rMVM 7huRclZ5UnqiqfDsGcnDEmdvzWYM5SGFJzP3fqfUaToRg1m3+11Jk2+bJWX2vA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1676877504; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=N3OFZ+k3b7mbjl4i5GzaxMrdoJAzRHD+DIbI7ndtHfs=; b=zWeMmQq683QFckCUIogr+i55Ueii9yC+Vxy3nATQKWvqdPQVRoBff+DT3U+NnQukCOTn7z j794kgi96U52mBGbEz4flSNernqs9wUmsT4y/eu2Aj5BRZ82f1Dvyqab2qOo5YnRa6f6HI tCXlxMI9PV+VtMlirnEDf+0m8dczgwZFPZlR+S03CJ1QD9HcSuScg6qdX+G6Y+KqlRBwMx f5KlZbCBbWIIC9SRtBbkmhA5IZFvUeCTuo9ZI9c8feziWAJ+lw+w9ZOc9A14K8AvJJd9HC 4i8AHUeP+A7Dhz1lI52R/NLD/6Qc5xRlCVxKV1QCmrkR4XHuAyQvi73nSNryVg==
ARC-Authentication-Results: i=1; rspamd-9788b98bc-qjg4h; auth=pass smtp.auth=dreamhost smtp.mailfrom=nico@cryptonector.com
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Thread-Trouble: 5a367d8b719797ea_1676877505093_2351172586
X-MC-Loop-Signature: 1676877505092:736057386
X-MC-Ingress-Time: 1676877505092
Received: from pdx1-sub0-mail-a299.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.123.200.110 (trex/6.7.1); Mon, 20 Feb 2023 07:18:25 +0000
Received: from gmail.com (075-081-095-064.res.spectrum.com [75.81.95.64]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a299.dreamhost.com (Postfix) with ESMTPSA id 4PKv0J1DfGz3M; Sun, 19 Feb 2023 23:18:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptonector.com; s=dreamhost; t=1676877504; bh=N3OFZ+k3b7mbjl4i5GzaxMrdoJAzRHD+DIbI7ndtHfs=; h=Date:From:To:Cc:Subject:Content-Type:Content-Transfer-Encoding; b=cFQc5LKIxhoCunO2b0tFuqx41H00basBp8kVm2TfeHpersQuzgmh3wCV62k7n7wqZ lyVBRq4+o13bDpld3UY3b1yyagxAuTjjVKA7r2aoLrp4evBBeCggjwa5yLYyndZwVI oRiNiWlY7wmFilN7uIn3HIQJahA/eoaZtbzyoG0u2eezE8oEoRAuatbU39LdQH4621 WD6YYt0EW5wB4gYOI5S1kPuHdWZgT5VH5QaIQ3gBWR4AYWnSDq4Shx5IRJLW44nDQ4 D2crOx7rgwSHcja/pFduFGem4nBE96q+eGicDVoIdjE1PzM9urz7SsHhwCNLRbbfng qmZxybmYmBA9A==
Date: Mon, 20 Feb 2023 01:18:21 -0600
From: Nico Williams <nico@cryptonector.com>
To: Luke Howard <lukeh=40lukehoward.com@dmarc.ietf.org>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Message-ID: <Y/MeveuKvtmb6k0N@gmail.com>
References: <MW4PR21MB1970A9D254B943A1763C55FF9CA09@MW4PR21MB1970.namprd21.prod.outlook.com> <de4cbe7b-85b5-7001-3a8c-74787990c6e0@secure-endpoints.com> <eb9fa7a4-a00d-f388-27aa-3624df8ce4f2@secure-endpoints.com> <MW4PR21MB197060FB388E7922FAADEB079CA19@MW4PR21MB1970.namprd21.prod.outlook.com> <Y/GFY3wTO+TBg638@gmail.com> <3E71967A-D192-4439-A8AC-D94BA8FF0631@lukehoward.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <3E71967A-D192-4439-A8AC-D94BA8FF0631@lukehoward.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/Av0fs-Abrw9yU9O8O0k4yI4Pv9Y>
Subject: Re: [kitten] Replacing Kerberos (Re: Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Feb 2023 07:18:30 -0000

On Mon, Feb 20, 2023 at 03:33:14PM +1100, Luke Howard wrote:
> Ten years ago (!) I implemented (and, with Nico’s help, documented) a
> GSS-API/SASL mechanism based on Mozilla’s BrowserID protocol with the
> following properties:

I had completely forgotten about this until you reminded me a few days
ago :/

> JWT-based
> ECDH key exchange
> Key confirmation / mutual authentication
> Fast symmetric key-based re-authentication
> 1.5 round trip variant for avoiding a replay cache
> Kerberos-style naming
> JWT “authorisation data” through RFC6680 naming extensions
> RFC4121 message protection services / PRF
> Advertisement of server certificates via NegoEx

> https://datatracker.ietf.org/doc/html/draft-howard-gss-browserid

Looking at draft-howard-gss-browserid-07 I see that while this is based
on JWT, the client makes its own tokens using a key certified by the
IdP, right?

Nowadays I think the primary variation should be where the IdP makes the
token (rather than the client) bearing an ECDH public key provided by
the client (when it requests the token) and where the IdP can also
indicate what the server's ECDH public key is.  Though I still also like
the draft-howard-gss-browserid-07, it's just that factoring out
certificates will make it easier for others to implement.

To make things even easier you might submit a new I-D with just a
certificate-less variant, and then resubmit the original if there's
interest in the certificate-based variant.

Nico
--

v2.23.0 | Report a Bug | By Email