Re: [kitten] krb5 gss_pseudo_random implementation/spec variance
Nico Williams <nico@cryptonector.com> Thu, 12 December 2013 00:33 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A9851AE11B for <kitten@ietfa.amsl.com>; Wed, 11 Dec 2013 16:33:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WQvCPMdbp394 for <kitten@ietfa.amsl.com>; Wed, 11 Dec 2013 16:33:26 -0800 (PST)
Received: from homiemail-a29.g.dreamhost.com (caiajhbdcbbj.dreamhost.com [208.97.132.119]) by ietfa.amsl.com (Postfix) with ESMTP id 7BE441AE106 for <kitten@ietf.org>; Wed, 11 Dec 2013 16:33:26 -0800 (PST)
Received: from homiemail-a29.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a29.g.dreamhost.com (Postfix) with ESMTP id 8E00D674058 for <kitten@ietf.org>; Wed, 11 Dec 2013 16:33:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=uvppsIckrFFj6x0PR9SI uDEwm9Q=; b=KtARezBKOAR1BMnVfTGs5j8ZvZMW3kIWsjuAy6ns0tTKkJonvRqc 9Obfut+Bo3SnZwAUSu9XuEJ1sVnUuviyzVe/SaV6nGvyihkIeH/jOmKVmUOsa87J Kw8CC6sN6MqaEz+hatu5nFMUFZBA/52tXTCaWwg20xFv/kI0Vfg5tb0=
Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com [209.85.212.170]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a29.g.dreamhost.com (Postfix) with ESMTPSA id 37481674057 for <kitten@ietf.org>; Wed, 11 Dec 2013 16:33:20 -0800 (PST)
Received: by mail-wi0-f170.google.com with SMTP id hq4so36915wib.5 for <kitten@ietf.org>; Wed, 11 Dec 2013 16:33:18 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=9xYPZmZEMACVCMAH7mNXAl5nEsRojP4aL37V4F2TAl0=; b=Ez1H+8+pQtaRpoDgBZSsJ8W/ApQmd8mJEesL7nd52Gw5qk77EbNvcJJ94jcpbkMRG0 Uzf6UXo/AlZv5PqfXBez62OgiVEy0EFa6ixfiytizSAlT9CjJansrwLfReBpiKDf6lOi RSeGTW+d4JOitmD4l+LkWKwJlmyajmcdarwoVSXksty2whSXSbMiCzJa1iSr5SsGVsy+ VrDA14CZJ73UE4ZQfwFHnUz5uLcwOZGyUoeS0i7OFG2Dnp0936TcVDwmJpQFvSojbbUR VLbOWsGCD8BFKBqGZ/aP8iM0cWBzM/d1ybySPSX29+7GhEb0DzfKkaujzyJZMvmEXSTD 0F0w==
MIME-Version: 1.0
X-Received: by 10.194.2.108 with SMTP id 12mr4052609wjt.64.1386808398105; Wed, 11 Dec 2013 16:33:18 -0800 (PST)
Received: by 10.217.10.6 with HTTP; Wed, 11 Dec 2013 16:33:17 -0800 (PST)
In-Reply-To: <alpine.GSO.1.10.1312111913460.27579@multics.mit.edu>
References: <x7d61qv852r.fsf@equal-rites.mit.edu> <alpine.GSO.1.10.1312111913460.27579@multics.mit.edu>
Date: Wed, 11 Dec 2013 18:33:17 -0600
Message-ID: <CAK3OfOjMb_++w-RJ2AaNDCTQyCSWO8JWBNvMMG+z4Dc-VtJOkw@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Content-Type: text/plain; charset="UTF-8"
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] krb5 gss_pseudo_random implementation/spec variance
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Dec 2013 00:33:27 -0000
I think we should submit an I-D with a) the update to the original, b) test vectors. (b) is difficult because we have no standard way to get a security context with specific keys in it. We really should standardize something like the lucid context stuff specifically so that a) we could publish test vectors for the mechanism, b) re-use RFC4121 tokens in other non-Kerberos mechanisms. Nico --
- [kitten] krb5 gss_pseudo_random implementation/sp… Greg Hudson
- Re: [kitten] krb5 gss_pseudo_random implementatio… Jeffrey Hutzelman
- Re: [kitten] krb5 gss_pseudo_random implementatio… Benjamin Kaduk
- Re: [kitten] krb5 gss_pseudo_random implementatio… Nico Williams
- Re: [kitten] krb5 gss_pseudo_random implementatio… Greg Hudson