Re: [kitten] Kerberos extra round trips I-D revised
Greg Hudson <ghudson@mit.edu> Tue, 11 November 2014 17:59 UTC
Return-Path: <ghudson@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A75021A19EF for <kitten@ietfa.amsl.com>; Tue, 11 Nov 2014 09:59:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.795
X-Spam-Level:
X-Spam-Status: No, score=-4.795 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.594, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UBa3Vr0SFx9e for <kitten@ietfa.amsl.com>; Tue, 11 Nov 2014 09:59:46 -0800 (PST)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C319C1A00F2 for <kitten@ietf.org>; Tue, 11 Nov 2014 09:59:44 -0800 (PST)
X-AuditID: 1209190e-f79d46d000003643-85-54624e8fd83e
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 04.46.13891.F8E42645; Tue, 11 Nov 2014 12:59:43 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id sABHxbEX007564; Tue, 11 Nov 2014 12:59:37 -0500
Received: from [18.101.8.150] (vpn-18-101-8-150.mit.edu [18.101.8.150]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id sABHxZi8006759 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 11 Nov 2014 12:59:36 -0500
Message-ID: <54624E87.8010007@mit.edu>
Date: Tue, 11 Nov 2014 12:59:35 -0500
From: Greg Hudson <ghudson@mit.edu>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Benjamin Kaduk <kaduk@mit.edu>, Nico Williams <nico@cryptonector.com>
References: <20141027071704.GC14215@localhost> <alpine.GSO.1.10.1411071543280.27826@multics.mit.edu>
In-Reply-To: <alpine.GSO.1.10.1411071543280.27826@multics.mit.edu>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrGIsWRmVeSWpSXmKPExsUixG6nrtvvlxRisOO2vMXRzatYLE5dO8Lm wOTx8tQ5Ro8lS34yBTBFcdmkpOZklqUW6dslcGWseHibsWC5XMWdTw+YGhiXSHQxcnJICJhI HNp2nhXCFpO4cG89WxcjF4eQwGwmiTlNG5kgnI2MEuuOrGWBcI4wSXw8/ZEZpIVXQE1i7Z3/ QC0cHCwCqhJf1seChNkElCXW79/KAhIWFQiTmLqUB6JaUOLkzCdgYREBT4kP041AwswCwhIX tu8Fu0FYwEZiy+V37CC2kECKxL2uxYwgNqeAk8TqjQ0sEPV6Ejuu/2KFsOUlmrfOZp7AKDgL yYZZSMpmISlbwMi8ilE2JbdKNzcxM6c4NVm3ODkxLy+1SNdYLzezRC81pXQTIyh4OSX5djB+ Pah0iFGAg1GJh1fDPzFEiDWxrLgy9xCjJAeTkijvdq+kECG+pPyUyozE4oz4otKc1OJDjBIc zEoivJISQDnelMTKqtSifJiUNAeLkjjvph98IUIC6YklqdmpqQWpRTBZGQ4OJQnejb5AjYJF qempFWmZOSUIaSYOTpDhPEDDS0FqeIsLEnOLM9Mh8qcYFaXEeaeCJARAEhmleXC9sOTyilEc 6BVh3k6QKh5gYoLrfgU0mAlo8LuSBJDBJYkIKakGRi7zJX5cu8OONra/P7d4tea6c4dOXjuT /X9GxtX6uyevT6ov+GYQ/azsXOfn/LVbpcqUJ+WHXmMUfHQ2eG12UMFLY0W/h4qXjqmvbNQR 7dkt9epUuNyr2QYuC1v3bTXfPc95T9yaRt9PYftk711pS7x1O4HB2mfHqh9/ilMaPLsimNi2 ies9MFViKc5INNRiLipOBADTVA6JCQMAAA==
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/DPznBB9D6iEIJglC7oKygcleAyY
Cc: kitten@ietf.org
Subject: Re: [kitten] Kerberos extra round trips I-D revised
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Nov 2014 17:59:48 -0000
I support adopting this document. My comments so far: * Encrypting in the null enctype/key isn't a formalized RFC 3961 concept. The RFC will need to explicitly say what goes into the EncryptedData message when encryption isn't possible. * In section 2, there are two bullet points about whether the initiator should attempt to recover, the first for receiving any KRB-ERROR2 and the second for receiving a KRB-ERROR2 with the ke-continue-needed flag set. In the first bullet point, what does "attempt to recover" imply? If the acceptor sent a KRB-ERROR2 without ke-continue-needed, it's not expecting another message, is it? * Do we really need to address the case where the acceptor can decrypt the Ticket but not the Authenticator? If not, we can get rid of KrbErrorEncPartFlags and the receiver can easily deduce the key from the EncryptedData and whether it sent an authenticator subkey. * My preference is not to specify KRB-ERROR2 messages going from the initiator to the acceptor under any circumstances. It seems like a fair amount of implementation complexity for minimal gain; at best the acceptor is going to write something about the error to a log file. * Section 2 says that an initiator MAY produce a token (softened from a MUST in earlier draft versions), but section 2.2 says it MUST produce a KRB-ERROR2 if it rejects an additional round trip. Which is it? I assume there was some concern about early abandonment of the GSSAPI exchange by one of the parties. In my experience, this isn't a serious problem. The MIT krb5 GSS acceptor was doing early abandonment for many releases due to a bug, and while it could obscure error conditions by failing to send an error packet to the client, it didn't seem to break any application protocols. * If the initiator is going to send KRB-ERROR2 messages to the acceptor, we need to specify what key it uses for encryption. (The simplest answer is to use the same key as the acceptor did.) * I don't see any reference to key usages in the draft. If the initiator sends KRB-ERROR2 messages to the acceptor using the same key as the acceptor used, it should use a different key usage to prevent reflection attacks. * How useful is service name redirection if it can only work when the acceptor was able to decrypt the ticket? (The draft bars service name redirection via unencrypted KRB-ERROR2 for fairly obvious security reasons.) * Does it make any sense to put a fast-reauth ticket in a KRB-ERROR2? Wouldn't we want it in an AP-REP instead? (That would render it out of scope for this draft.) * In the U2U flow, is there a reason not to use zero-length octet strings? * Is case 2 of the U2U flow useful? If not, it presents additional attack surface on the initiator implementation for no good reason. * I don't yet have a strong opinion on whether to add a GSS_EXTS_FINISHED binding. There might be a reason for it, but if we can't think of one then I would prefer to avoid the extra complexity. * Do we need new redir-srealm/redir-sname fields for redirection or could we just use srealm/sname? Section 5 says that srealm/sname must mirror those in the Ticket, but I don't see the point of that requirement; an attacker can't replay a KRB-ERROR2 for a different ticket because the key won't match. * Is it right to specify new ASN.1 type definitions to be added to the RFC 4120 ASN.1 module, or should we create a new module with its own OID and import declarations? * Defining KrbErrorEncPartFlags as KerberosFlags seems like a bad fit; it is conceptually an enumeration, not a bitmask. I also have several thoughts about replay cache avoidance, but will put those in a separate message. Editorial comments: * "SHALL have a the" -> "SHALL have the" * "without no fifth token" -> "without a fifth token"
- [kitten] Kerberos extra round trips I-D revised Nico Williams
- Re: [kitten] Kerberos extra round trips I-D revis… Benjamin Kaduk
- Re: [kitten] Kerberos extra round trips I-D revis… Nico Williams
- Re: [kitten] Kerberos extra round trips I-D revis… Benjamin Kaduk
- Re: [kitten] Kerberos extra round trips I-D revis… Nico Williams
- Re: [kitten] Kerberos extra round trips I-D revis… Greg Hudson
- Re: [kitten] Kerberos extra round trips I-D revis… Greg Hudson
- Re: [kitten] Kerberos extra round trips I-D revis… Nico Williams
- Re: [kitten] Kerberos extra round trips I-D revis… Nico Williams
- Re: [kitten] Kerberos extra round trips I-D revis… Greg Hudson
- Re: [kitten] Kerberos extra round trips I-D revis… Nico Williams
- Re: [kitten] Kerberos extra round trips I-D revis… Nico Williams