Re: [kitten] Freshness Security Considerations for minimum/maximum size
Michiko Short <michikos@microsoft.com> Fri, 16 December 2016 19:33 UTC
Return-Path: <michikos@microsoft.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A393412953E for <kitten@ietfa.amsl.com>; Fri, 16 Dec 2016 11:33:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Level:
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gGn3YIbXI2Aa for <kitten@ietfa.amsl.com>; Fri, 16 Dec 2016 11:33:00 -0800 (PST)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0099.outbound.protection.outlook.com [104.47.34.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 970B1129440 for <kitten@ietf.org>; Fri, 16 Dec 2016 11:33:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=CuRccGFR8h2dYiYSp78DDJ3xBo5Xz+SmFkp598rSHxk=; b=BR6RR9Z6bXbDrTMu5bIXzlb8ZaQFz+CQa1gqshs3K5BupXSUMq3zKfSCkFbyIe5icqbYuhn8vYtJxM8ouuXUJYY7AmyLN7sFAhidDDBXtmUslhAwlfmoLqpcDC1QIguGONdWjqDLkQOE/FJrOODVUlhiDzdQboyuLNKtwyMcdjU=
Received: from CY1PR03MB2315.namprd03.prod.outlook.com (10.166.207.138) by CY1PR03MB2314.namprd03.prod.outlook.com (10.166.207.137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.771.8; Fri, 16 Dec 2016 19:32:59 +0000
Received: from CY1PR03MB2315.namprd03.prod.outlook.com ([10.166.207.138]) by CY1PR03MB2315.namprd03.prod.outlook.com ([10.166.207.138]) with mapi id 15.01.0771.014; Fri, 16 Dec 2016 19:32:59 +0000
From: Michiko Short <michikos@microsoft.com>
To: "Henry B (Hank) Hotz, CISSP" <hbhotz@oxy.edu>, Greg Hudson <ghudson@mit.edu>
Thread-Topic: [kitten] Freshness Security Considerations for minimum/maximum size
Thread-Index: AdJL+WK9inTSuXD+SZmasY5nwhJ7MAAEkkwAAALX7IAC7v4nAA==
Date: Fri, 16 Dec 2016 19:32:59 +0000
Message-ID: <CY1PR03MB2315BDAB54B6B8CE41584E4FD09C0@CY1PR03MB2315.namprd03.prod.outlook.com>
References: <CY1PR03MB2315AC54FFAF0CC292EBDD71D08F0@CY1PR03MB2315.namprd03.prod.outlook.com> <3cee1ab5-8f73-fce0-58a8-36a1697c9b77@mit.edu> <0ABB5934-C7E7-4DBD-B21A-3986B4DB6440@oxy.edu>
In-Reply-To: <0ABB5934-C7E7-4DBD-B21A-3986B4DB6440@oxy.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=michikos@microsoft.com;
x-originating-ip: [2001:4898:80e8:6::681]
x-ms-office365-filtering-correlation-id: 80005169-4227-46cb-ad6d-08d425ea57e0
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:CY1PR03MB2314;
x-microsoft-exchange-diagnostics: 1; CY1PR03MB2314; 7:EM/ZCGc0JhzDvjf6ODauIEjGcJjA6p9eLN2GvfT+lxsrWFbXtSAeN/h/RQegtvnYrM7sUZdTu1EYCliXmVi5GJODa74lluTW65BDylzCIIZlyWTwzcRrHKxQZNthw7i+sr8n3LfXG0euSi6lCcQ9tmjAe5nFIVo/dK0YE0XW0AL+PjIu1ebIB4vMzn+pZiqSpB7kbj4du0OZpjlMX5QNrF+dDgER4zKKSjvDb7WHRffi/67HCPc+IVkFFA9xExSedyHvbdKLMDmH+tgUMISjvnzkhWUcA1U0s5WsyL9457/FI56zFoO6p/EmYrlmE3qLAnE89pJCxZ7wUqldXtWzxf6nPQ2OQrQn+/aJ+XloLfQHGM/RcT/A3GahIe5krpGMxKrCpwmVXwxA91Zdn3sxcf75lLhTdwib5Zmf6LMZAqEWG2HXTQ8PnyVcsH/BbORcbcruaLhaTa3QxwigJMstKDAzsxCSDr1EtEeg+ElxUvI=
x-microsoft-antispam-prvs: <CY1PR03MB231428922F275F851B2A02D4D09C0@CY1PR03MB2314.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(61426038)(61427038)(6041248)(20161123564025)(20161123558021)(20161123560025)(20161123562025)(20161123555025)(6047074)(6072148); SRVR:CY1PR03MB2314; BCL:0; PCL:0; RULEID:; SRVR:CY1PR03MB2314;
x-forefront-prvs: 01583E185C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(39450400003)(39840400002)(39410400002)(39860400002)(39850400002)(199003)(189002)(377454003)(13464003)(24454002)(5660300001)(2900100001)(122556002)(5001770100001)(54356999)(99286002)(9686002)(105586002)(5005710100001)(101416001)(106356001)(10090500001)(33656002)(50986999)(6116002)(102836003)(25786008)(97736004)(189998001)(74316002)(76176999)(7696004)(10290500002)(68736007)(92566002)(4326007)(305945005)(15650500001)(2906002)(77096006)(81166006)(38730400001)(6436002)(8676002)(81156014)(76576001)(7736002)(8936002)(3660700001)(2950100002)(86612001)(86362001)(6506006)(8990500004)(229853002)(2171001)(3280700002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR03MB2314; H:CY1PR03MB2315.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Dec 2016 19:32:59.0928 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR03MB2314
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/FYXSCNc0Gx87jRKL-gPLN4QB2fg>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] Freshness Security Considerations for minimum/maximum size
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Dec 2016 19:33:02 -0000
That could work on the KDC side. The client cannot. It does not know what is in the token or even have support for the etype that protects it. -----Original Message----- From: Henry B (Hank) Hotz, CISSP [mailto:hbhotz@oxy.edu] Sent: Thursday, December 1, 2016 1:08 PM To: Greg Hudson <ghudson@mit.edu> Cc: Michiko Short <michikos@microsoft.com>; kitten@ietf.org Subject: Re: [kitten] Freshness Security Considerations for minimum/maximum size Mildly disagree. The point is to avoid processing bogus messages. I’d suggest a security consideration noting this issue and recommending that anything too big to match any supported encryption type should be summarily thrown away. > On Dec 1, 2016, at 11:46 AM, Greg Hudson <ghudson@mit.edu> wrote: > >> Maximum length > > Saying anything about maximum lengths would be out of character for > Kerberos standards, I think. I don't think we should specify a > maximum length. Personal email. hbhotz@oxy.edu
- [kitten] Freshness Security Considerations for mi… Michiko Short
- Re: [kitten] Freshness Security Considerations fo… Greg Hudson
- Re: [kitten] Freshness Security Considerations fo… Henry B (Hank) Hotz, CISSP
- Re: [kitten] Freshness Security Considerations fo… Michiko Short