Re: [kitten] GSS-only enctypes
Tom Yu <tlyu@mit.edu> Wed, 01 April 2015 21:58 UTC
Return-Path: <tlyu@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 005861A8863 for <kitten@ietfa.amsl.com>; Wed, 1 Apr 2015 14:58:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SDuBEHYofvVR for <kitten@ietfa.amsl.com>; Wed, 1 Apr 2015 14:58:43 -0700 (PDT)
Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 637F61A896F for <kitten@ietf.org>; Wed, 1 Apr 2015 14:58:43 -0700 (PDT)
X-AuditID: 12074424-f79f56d000000da5-28-551c6a12adb8
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id 7F.22.03493.21A6C155; Wed, 1 Apr 2015 17:58:42 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id t31LwfoN006579; Wed, 1 Apr 2015 17:58:41 -0400
Received: from localhost (sarnath.mit.edu [18.18.1.190]) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t31LweC5002773; Wed, 1 Apr 2015 17:58:40 -0400
From: Tom Yu <tlyu@mit.edu>
To: Nico Williams <nico@cryptonector.com>
References: <CAK3OfOj+Pe8kdAqfXR5EJgw38ekHSUwYv7NBEAZU3FpScbH3cw@mail.gmail.com> <alpine.GSO.1.10.1504011603320.22210@multics.mit.edu> <551C5C53.10901@mit.edu> <CAK3OfOgPg1xs7yg=Mh5+qb2L5j2ZDZVwr1D+NXs5QOzpnHA3Hw@mail.gmail.com>
Date: Wed, 01 Apr 2015 17:58:37 -0400
In-Reply-To: <CAK3OfOgPg1xs7yg=Mh5+qb2L5j2ZDZVwr1D+NXs5QOzpnHA3Hw@mail.gmail.com> (Nico Williams's message of "Wed, 1 Apr 2015 16:05:53 -0500")
Message-ID: <ldvk2xvpl2q.fsf@sarnath.mit.edu>
Lines: 28
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrAIsWRmVeSWpSXmKPExsUixCmqrSuUJRNqMGWLiMXRzatYLE5dO8Lm wOTx8tQ5Ro8lS34yBTBFcdmkpOZklqUW6dslcGU8W/KKpaCLp+Lm4rVMDYyfOLsYOTkkBEwk Nv16xwphi0lcuLeeDcQWEljMJDHxhBqEvYFR4lCHcxcjF5D9mlFiUutGsCI2AWmJ45d3MYHY IgKaEtfnLQWLMwu4S6y4dAssLiygLjHn1zQWiEGvGCXmb0kHsVkEVCW+3JvODDKUU2Aio8T2 5zOZQRK8AroSx5e9AhvEI8AJZE9jh4gLSpyc+YQFYoGWxI1/L5kmMArMQpKahSS1gJFpFaNs Sm6Vbm5iZk5xarJucXJiXl5qka65Xm5miV5qSukmRlBAsruo7GBsPqR0iFGAg1GJh7chSjpU iDWxrLgy9xCjJAeTkiivXZBMqBBfUn5KZUZicUZ8UWlOavEhRgkOZiURXkkRoBxvSmJlVWpR PkxKmoNFSZx30w++ECGB9MSS1OzU1ILUIpisDAeHkgTvuwygRsGi1PTUirTMnBKENBMHJ8hw HqDhbiA1vMUFibnFmekQ+VOMilLivLtAEgIgiYzSPLheWMJ4xSgO9Iow73eQKh5gsoHrBoY/ 0EcivA7zpEEGlyQipKQaGEW8Uy7cdhFT0rTMMs+SiFo6teB2xWnjyni+cy2KpjujpVMlV+1L viGvy/9La8qBg7bZ36fa9e7cYWERKcGftOcGw7OpulK8CxbkBq6Y9Zfh98pwMy1G0f5fT39v +HKm0MHit1tV0nfpSHtFHr17TncUX27wkZ6z/iVbsLva/OcbcqdfczX9rMRSnJFoqMVcVJwI ANxwQEDzAgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/Ev0dIUBjTpi9jBN97dAkkaHF3wo>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] GSS-only enctypes
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 21:58:45 -0000
Nico Williams <nico@cryptonector.com> writes: > On Wed, Apr 1, 2015 at 4:00 PM, Greg Hudson <ghudson@mit.edu> wrote: >> On 04/01/2015 04:04 PM, Benjamin Kaduk wrote: >>> I'm not sure that we got enough active input at the meeting on this >>> question to be able to declare consensus. Regardless, we should ask the >>> list if there are objections to (or support for) using the Kerberos >>> enctype number space for enctypes with restricted usability (i.e., only >>> for subsession keys, or GSS, etc.). >> >> I didn't totally understand all of Nico's reasoning about this when he >> spoke at the meeting. In general I think it's fine; it lets us >> negotiate AEAD enctypes using RFC 4537 enctype negotation and the >> existing subkey fields when mutual auth is used. > > Conversely, not reusing the RFC3961 enctype namespace means a) adding > a new extension like RFC4537 to carry the client's/initiator's AEAD > enctype list and sub-keys, b) extending AP-REP to carry the > server's/acceptor's sub-key and choice of AEAD enctype. That seems > like lots of unnecessary complexity. I generally agree with that reasoning. I think we should clearly document the security considerations of the "restricted usage enctype" approach. We should also require that future specifications of restricted usage enctypes clearly document the security considerations of using the restricted enctype outside of the intended scope, e.g., compromise of all future authentication if there is nonce reuse of a long-term AES-GCM key.
- [kitten] GSS-only enctypes Nico Williams
- Re: [kitten] GSS-only enctypes Benjamin Kaduk
- Re: [kitten] GSS-only enctypes Greg Hudson
- Re: [kitten] GSS-only enctypes Nico Williams
- Re: [kitten] GSS-only enctypes Tom Yu
- Re: [kitten] GSS-only enctypes Nico Williams
- Re: [kitten] GSS-only enctypes Benjamin Kaduk
- Re: [kitten] GSS-only enctypes Nico Williams