IETF Logo Mail Archive

Re: [kitten] Review of draft-ietf-kitten-channel-bound-flag-04

Greg Hudson <ghudson@mit.edu> Mon, 11 March 2019 20:59 UTC

Return-Path: <ghudson@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BCBB13115C for <kitten@ietfa.amsl.com>; Mon, 11 Mar 2019 13:59:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cu9qzdHK6cNe for <kitten@ietfa.amsl.com>; Mon, 11 Mar 2019 13:59:15 -0700 (PDT)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-eopbgr770097.outbound.protection.outlook.com [40.107.77.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3B761200ED for <kitten@ietf.org>; Mon, 11 Mar 2019 13:59:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bN9PYxWPSRIKOBKTu9yL4Wr1bdVKCSqN8WFwdpjc+zA=; b=elKgr/ydEXDxwh7PMDPyBfAlfvy8cPSmwBm3glJzS4CkRmzs2n3wn68B/59ThdLyiR1XYXXT8U8YyLxqmYGh+SIamBWvfIHeHPm2gzhgxGso3jfe0ENp8q33kSY8qJnjGDyCi/4WnKnC4DVjtOit1dUf4/ZdARjEp4PDsgKhnKA=
Received: from MWHPR01CA0048.prod.exchangelabs.com (10.172.172.162) by DM5PR0101MB3178.prod.exchangelabs.com (10.174.181.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1686.18; Mon, 11 Mar 2019 20:59:13 +0000
Received: from CO1NAM03FT062.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e48::205) by MWHPR01CA0048.outlook.office365.com (2603:10b6:300:101::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1686.16 via Frontend Transport; Mon, 11 Mar 2019 20:59:13 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; cryptonector.com; dkim=none (message not signed) header.d=none;cryptonector.com; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by CO1NAM03FT062.mail.protection.outlook.com (10.152.81.50) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1686.19 via Frontend Transport; Mon, 11 Mar 2019 20:59:11 +0000
Received: from [18.101.8.166] (VPN-18-101-8-166.MIT.EDU [18.101.8.166]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x2BKx9nV026867 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 11 Mar 2019 16:59:10 -0400
To: Nico Williams <nico@cryptonector.com>
CC: kitten@ietf.org
References: <tslbm38vl8h.fsf@suchdamage.org> <20190311185706.GD4211@localhost> <20190311200510.GE4211@localhost>
From: Greg Hudson <ghudson@mit.edu>
Openpgp: preference=signencrypt
Autocrypt: addr=ghudson@mit.edu; keydata= xsFNBFLMQYIBEADZLNv8Jpeo2d4XSLE+k6m1VD2iOyX66wErZKaQpYrGB/leWKfz8l6c3pWd iVUnCoyxKlhRuGVArszdh2wUSRgHnMl86JC/vIdawdOdbnlTVfOJTiP3EfycsMUUDG6GckLY e+xxo7sM/bpXpGkbIWc0Ec/vbQt67eeW2En1AqL+ezJdVN9XL8icH2Hu6HlqxGgleC5H0yAi kM4yvNjo5z2M/Dr/x63bLcIdKkSRPzd0OaBg2g0Yh651eYpPu0e1Gi6785ZBjV4bnv3K5oLo 5XsiHIZ60maHWTEyMO/byw4aS2cCWIovXurvz699KSF83B296+xhsFhhz4+kbQgXvJt4kIoI pdpX6xbIkeVlc+FuUbyE8MUGveA3TFHXZ4+0f2tvTekey/62FOeXnrqc4NsBViir3zGTXAqC 7PQTNnX/86jyW+9SnJo9XbSBB3NV0K5I2o1cDzqRPqy/4fsoq8SxQwRga0CSId1PzE9PUEUY V0FCldo9LvPsUK9YE7AuwC+bcQiVLah5TF+5Kk7yLSaRxzQ3fI5lcqk5UPUqMLa87cRBdnal niuHVg0u3W22RMPkWe2iPIYYdr4TQDzCkD2JXpXNaZ3KipVT5aqowwfPEt7b6ti0vjrOInij YzFmVNMGKYabwh2zxKWQQ8GO5mUVu09CSe33H4EW7pDP+zHr2wARAQABzR1HcmVnIEh1ZHNv biA8Z2h1ZHNvbkBtaXQuZWR1PsLBeAQTAQIAIgUCUsxBggIbAwYLCQgHAwIGFQgCCQoLBBYC AwECHgECF4AACgkQDLoIV1+Dct8dZBAA1Mtoq1RPuUQg6hL2qFjwTEXeonWq8czkQ1fNNzO9 x8I3VLn5L6CmWeAmxRU1DD0qZ5HL24+Mwnvy/eazp4/CSgiPC52KfbNsnQtg/E+8ruFQVHA/ 3HZXuCT/Nz4s06N3fMZrJLCGNEHRD0S43kb2GGboVY3ykO3FbPJB/DxDqtIMqt6B1SZ87UAR CVsRc296X3TsF9BgoQ/n54XfYAzrACkuIH9biHmH6wB1eykCeuhkCsu5Zf/tlSXJCFiuhvS+ CX2EbNKF+0MLcGAavSzbjTnQw3kv8unSgecbEQ7A8ibGx6Jwgnvy0gzu6w4prhR40pVYDcL+ sKsmQg6jo/uPvGdEqHISFSK8FxGGAonaAwg0014bXLaPo2MckcZ+szcHA/z4vpTdB1vChexL omM5ZTeSJaFfeYsspv8sq6EL1x21c7A+ngCmB70/OZR6dcgf9/ILmcjBiYfJHYukXTIvGT6y QJbok19So8RJKUYjzzHDKBweg8x6HdIrdy7HTcLzsqY9PFGg7/YlbLlGQwYXhK1b4uBmWyE7 I/402+57I1YpMYND7vsTmJuE13Gv5ZGhYn5pSzX9ZTWY13LgGymkWBXPxfefkHKTV9ROCGEL t7SV3Nf7ZsCGLRGmDT6oqLz75/IrhKEcHIfD4ct+QvIm6pvPNvikQMwPWSd52GazILLOwU0E UsxBggEQAKaz/wX8nsSUaivmwW4NVlbmTsErHUt9iNHm9CmieuoDv1o8qUqEV6RiONIs0q5Y +dcooazhHRNpjAST2rbQFBZebfpVRKYAGzHoZEQ6OV8Eao+NjAGazS8RuwIxpeZ36r3AyVhe TAIvIzwpQFDNKTIUNbXctHrZ157TlxDuKwZ3+Yw/bhQE5YGrSLm17wIMcY3UHiE1mO5X0ohR dDeTf93PignUUvWvRRQLyxRGsBLz/CCwmCJZeu/FjnDk8HkEbAlmFAJ+YZu9rQ40vU6Z40KY L5U9PIn0FdSxviK7mys+VbFYV6mXWXZN8dOkHuG6zSdmobE90G6ZzAPcI4cyql63N+kUOb3b hGI/Wvn6tUbWeIc8UvQGpYb0+eOKHQBNKUOq5RV98hZorZRCu2W2RzZSxiufyONvtonbUtYs BMdw+gqUpK0ir782lc3cKbj+X5iiyg3ZGvBmTU6FN/MiX6MnTyEwOScFboKe6vB8ZgwII85K n9qlSI3xH56JBXamMP0yqJf57q0WfP8V7lFtm8SmhU2NQyP3wRYDm2+bLTNCmRPJN2ZUgkTx c/Qjov8TeeiTfX9S3ea/GJOdgA1mQfSkmUoOWROnwDBbKGBXNzkkoJna8j/zWgo/mQ5gNdIu HXcIdDKbyyhVH3+DwxXYWyYP/pnIk3AVCss75dXcdStfABEBAAHCwV8EGAECAAkFAlLMQYIC GwwACgkQDLoIV1+Dct+oSA/9HyTkr+UQbaucXE9pP87yasObKCBxYhoeRjzBhgtYUtSDuH2o xl5M3wmTNOooQSa8R1ljhax9v02pqspIA9hyGjGjvZ6jPydDsANNcohdbMjCzXNdrCF5149w gbGQ07rkc5JNyajzxH4GE/BXclTzwTYAaHvYM5PEQLDhmubK3M/kBvjWpZxLAJAobMi/jVwQ cmai+N56X9Ht/FVIQlmCuXoMAE9ScVWFaq8JnCo9VZ0G045NcxdEoQXVUXb3E5cmZ0Ld9sUm SKSJKjYWjfE4c/8oylZuo9LDTwozBEp/jsASjL0g8F3QJsQUkFkKROd45xHcIkFulshS3xkG gMu6UduV2ypPz987f+0wdVwx+KYnmnUB83gxqVucFRxfZZXiUHUml4rJ7Ww2+//H9FFPfw9f aPMg7nLFm2T0to3pwgyisLH/aThzW3TY7CZ7gkvMDtbo9EHrN4Nl3onuOtOKQpIMbFVqX4YZ m6znSLuUiWDUd8rvQfz+4ndZKIFOG1YIKwQBV8tN1RYBGY9bhv2Wtt5X6SKIzkUhDdgeyzci MC1M3N0Pqoqrms7FdBKAd0BE7puhQ24U42APss+Ur6WyRZMQTKc41SZWfrWV30agytUVdtRu gxERw74qeGAz6o3if42vI6u30SR6OCLMMSobqKc7HQvJ2qv3Z6j9kt1zXiE=
Message-ID: <2a5b3df4-f728-bc6b-b504-10ff19536521@mit.edu>
Date: Mon, 11 Mar 2019 16:59:09 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <20190311200510.GE4211@localhost>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(396003)(346002)(39860400002)(136003)(376002)(2980300002)(189003)(199004)(6706004)(23676004)(6916009)(47776003)(14444005)(106002)(104016004)(65956001)(356004)(50466002)(11346002)(65806001)(64126003)(229853002)(786003)(53546011)(58126008)(486006)(6246003)(65826007)(2616005)(88552002)(26005)(31686004)(476003)(4326008)(186003)(36906005)(316002)(106466001)(5660300002)(305945005)(2906002)(246002)(126002)(8936002)(26826003)(230700001)(478600001)(956004)(426003)(7696005)(31696002)(2486003)(336012)(76176011)(36756003)(75432002)(446003)(86362001)(8676002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR0101MB3178; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: c84d74f4-0c1b-4479-b775-08d6a66469bf
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(4608103)(4709054)(2017052603328)(7153060); SRVR:DM5PR0101MB3178;
X-MS-TrafficTypeDiagnostic: DM5PR0101MB3178:
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-Microsoft-Exchange-Diagnostics: 1; DM5PR0101MB3178; 20:oSM/7267cEuY0rDEBb4wNQfKcD9Xs6ssD1x7TcVlP5u7kyHinR8ke/gucCx781f2f8LULF269W2AN7qmtbfDcXyWGYhB87muUptNBAHVA79jfOYI/RoQP8ZKp0Z0DcSCsqgGMxtGJQvzJ58oxewXoC1mszq8e0DSVKykHxLUjsHKf4nvz+rcARzggV881TKpz0h2xsubNjfPBdwHcSeIuIowm+70S95fjRbegt1BSU1ZsIwzJzu+cppozhAt9aJm56GWhWaiEFcrAr65zCHYuD7puwtiiI1f7znjTa1wVVgot5mp+oxAX5YB1qCGvJaQRgXqGY4TvyeY1+SD5t8dvIaO7IUr9ulRFA1SYAw+MD+CO7X6+3GwzuWe9lUz8byLmCnWCYzg28Tufgmaw5OXCip0Im99iOrfj1jTtMt5nonviyMRn81Qq+XWfRHhT2VhUC+4KN/YpewXyMZXDxZ1jk2GeCS85NAsHGGtKjHJYIxdrg9wVb5vwi7UCUIfcviuX0LgrOTw/oGJ2aCrKPOyKaDOi0WyUhC8IV9Qx/PHcFehs5YA3oOLUycBCBpbVbwx/ZaEbOllZqQzzc0CPsaV+Ud/97W20oYNU3kfQw8UiQk=
X-Microsoft-Antispam-PRVS: <DM5PR0101MB317811F17DE31FB1E4AC6C92BC480@DM5PR0101MB3178.prod.exchangelabs.com>
X-Forefront-PRVS: 09730BD177
X-Microsoft-Exchange-Diagnostics: 1;DM5PR0101MB3178;23:HZZnEnpi7/bMHbZJjLDuwFIPPKGTuB4oMvyW+U7wIBXfVsnU3W/4kdnL6amf0yUzDwv/rDhfPsHk4gcvzgoCC58DyMDJOv7D5CeaO1WMhScfUqc8eKXH6BG5lLrbyU6DBEhtR6gK0kDSZWDBaCUvQpR1mfOn4aqiq9wc0E9rG4TkTiSmO+41It9ZaCfXaTvPmBFrGDeecRIVDIY0ynYZul8fD99c7J2zPAajAdirczBvcIhmK2yKJG/l+Mp1XKXQyX8/APtcRjkxTgETQGOd32qBG2KPRdbpEql2kBLWO3aCZSo7xx7ns7XYMpNmopYZblBZynvCCzfEt7dW0OwCiThbbRJ2/98agonhTEHUUzhi6FKTIufUS678kdVEKteZDFGynWDvpZB/onS14GXCXe4Ilc+g88CuT3NORKd915vNV+6QbqPqPXOV9l6ia5tFuzT+UH1qyv1cO9KwMOdGTBrJxXtMq44bgl+wwQtnQUNA1c94p3uiKetDeMynn3iIP79XoC0uoQWsb0BJKyLaOqb06yvbjrJ90ugo4gTBRxTGF1TN9KjWmxEjhAO/lktUiYq3+H2MaYeDBCw1cil1fytMTwheMjRjEsM9XGrx+JXYYOQASKbzBT9QG5a+Hqof6YGelB0aJn1+fx5UPj+8ZaM5beXM7IPhfstTMq1rnH1qWDSDqpwYdky5wuSXYbOjtVe/eCA3a+H6j+A6snsC46TLEPKmrnGeGNJC0MtzlX8ODNTpTzb1UI45ZwO0wVhvbUPtYmCskzipvfiSnUdYt8lWRJi5BYeO/oe6ohglAWVIIUP5hxV1ZHWDTQRQnyT2GkXYAs5tGpM4TSwAZkIjYc5ESnqKzKicrU5rTZjyyag2mV/slpowMVuJZ9J3xyAlyd+UhVtsacKxs7SHVPMAis8Tq3rh7oweTfPd87eHagdBObvnRJLgAbQjHkKz3WuHNPkzNob68LJ+et5zLEfdW8J//g1lmC64MskPviqFv1VHbf6YUtAaHYk8WWwjvULL01ZBFIaIEAKOmYb8vcLJLUc7AME09L9vdX/Q3APlRlPv7YSo5RcNf/OYlp8gOPevB1eK1GuShg4j5zoRn4JwceqrTu7TOowsNmQtD6QAfFmZHg6hzqM5ugIyG0hrgH2bbJfrXN3f+3oUSk8un4jw6WRpR5/fLvtkas5EchxK8isOAOpS7Uuuma7DSjKJaE1Ex17prtETY0opVVTMvvrO1xJ0slL9gnN8jvSjQsvmebyXselICQIzWN/jQkolAV/QcJmZlImLOrL1s54TzPhszw==
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: iuer0V6iQDkFAxicHWd7U1hPWTV4yn9i3UqkRp4InYp9ilvrWfBbatYbkYF1e6wB6m+7++DKXtBoZSV06dUumSxysQaxTF2ff3K8+4BjZwQ30pBtRmhmxshpc6t62dpWsblvaS88gaHMycSG7wdjCwWz6lbhJiv+fcFAkvKhl2AhWuyhN2j2BnzWOZB9Xnth095R7YtdzQiR9U8sUI0Ad+gBTbuO9DQ8w7tffz/XajspHPmAxDjn6J2ZM7makhoh2n5IKvmdvax+nQM/rIWB5DCltuhYPMHOTM/9Cu7u/vHcc2KimCekfCoARRV6SDohtNxg+Yrijk7gPquDpUxtFwuYVQVGA6evI2A0nLlYe/8q0NiyIrrI9ltogUKfmFi6Falk9WSSCzwQin4yyEpvegl9eou+V2ab4yc0qami9pg=
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Mar 2019 20:59:11.6477 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: c84d74f4-0c1b-4479-b775-08d6a66469bf
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0101MB3178
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/DtswplLrbTIQDwvC-gdvArClgO4>
Subject: Re: [kitten] Review of draft-ietf-kitten-channel-bound-flag-04
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2019 20:59:17 -0000

On 3/11/19 4:05 PM, Nico Williams wrote:
>    If the application provided channel bindings, and channel binding
>    succeeded, then the mechanism MUST include GSS_C_CHANNEL_BOUND_FLAG
>    in the ret_flags.

MUST for accept_sec_context and MAY for init_sec_context, I assume.
(Since existing mech protocols don't provide CB confirmation, and CB
confirmation is typically impossible when mutual auth isn't used.)
>    If the application did not provide channel bindings, but the peer
>    did, then the mechanism may or may not fail security context
>    establishment, but if it succeeds, it MUST NOT indicate the
>    GSS_C_CHANNEL_BOUND_FLAG ret_flag to either peer.
> 
>    If both peer applications provided channel bindings and channel
>    binding failed, then a mechanism MAY fail to establish a security
>    context, but if it permits the context to establish, then it MUST NOT
>    set GSS_C_CHANNEL_BOUND_FLAG in the ret_flags.

My first concern is that this provides no meaningful promises to the
application about how accept_sec_context() will be affected by channel
bindings.  It might or might not cause failure on mismatched bindings
and it might or might not cause failure if the initiator provides no
bindings.  We could add mechanism attributes to distinguish, but that
unfortunately only helps if the acceptor is limited to one or a few
mechs (none of which is SPNEGO), since the choice to supply bindings
comes before we know the mechanism of the initiator token.

My second concern is that if an acceptor application does not see the
channel-bound ret_flag, it cannot distinguish between mismatched
bindings, a lack of bindings from the initiator, or an old
implementation.  (Knowledge of the mech implementation might rule out
some of those possibilities.)

If the goal is to allow applications, whose protocols can optionally use
gss_wrap(), to save some CPU cycles when channel bindings succeed, this
might be good enough--though in many cases admins would have to decide
whether to supply channel bindings based on knowledge they shouldn't
need to have.  I'm not sure if this is a worthwhile goal--do we know of
any specific applications which would benefit?

If the goal is to achieve defense-in-depth against MITM attacks when TLS
security fails, for protocols which never use gss_wrap() and at the cost
of disallowing proxies, then these semantics don't seem likely to
achieve the goal.

v2.23.0 | Report a Bug | By Email