IETF Logo Mail Archive

[kitten]Windows IAKerb w/ SPNEGO

Michael B Allen <ioplex@gmail.com> Sat, 25 May 2024 15:40 UTC

Return-Path: <ioplex@gmail.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D02AC14F60F for <kitten@ietfa.amsl.com>; Sat, 25 May 2024 08:40:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.97
X-Spam-Level:
X-Spam-Status: No, score=-1.97 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, PDS_SHORT_SPOOFED_URL=0.124, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z91bDYhanitY for <kitten@ietfa.amsl.com>; Sat, 25 May 2024 08:40:05 -0700 (PDT)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 403B5C14F604 for <kitten@ietf.org>; Sat, 25 May 2024 08:40:05 -0700 (PDT)
Received: by mail-lj1-x229.google.com with SMTP id 38308e7fff4ca-2e95a1d5ee2so36293651fa.0 for <kitten@ietf.org>; Sat, 25 May 2024 08:40:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1716651603; x=1717256403; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=cmI1yJRgWNTsOuYQmqswIAwJIB5YU/oKN7ZqAZwp8uo=; b=iZq1Bj1Ws1fM61ONL+bgkPv/JEYrmAVRqGqWgqxRdrghodqQ45Etk4V+BkhLuk/5uN 2sKjGkrNcFaf97FJPUn7hQPbx3AL6ueE7QcJGy/ncNceege/P6nSyYjMwrwsQg+RdGG9 Q1hlDXsjGowvdjixjsKPviYG48agJ9X3F6G3VH0687DNq3+/VXVxOjOc9Z7k/npedXvF nqUXCwRpP4z60Q2Jojmzq3OuqdKsUvc0Zrac85FcYu+x68uz7kPQz/KHB4Oh4bZjx1lf r4z1Q6TYPCqMvzf8mbze+EUZyzPJKjWalIZYFVaDeWxMag3auCEMZicwEhirIiQXRZx+ rNRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716651603; x=1717256403; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=cmI1yJRgWNTsOuYQmqswIAwJIB5YU/oKN7ZqAZwp8uo=; b=cQvZFWhKu0b7uSGLKM/Oe4qo0/m8GsJ1KwlGy8eUyZ27gcosE61o6AbUERiJEPkbRN oK7i3ySrVPUgpAhXHK+CnMOB8ELDL3hfDvlOltsPQ2t/YgGdUHrF4zm+XsUu/B/0qedD tErsOuDcdgVYZAC+4UIqA3U9FXrZvRYnFZGRnvGT20YmCg6ycVCyGQx5UkWcGQw8VqV3 q/kPdz78gpX1AfMRjCu8ag5kkFDK5N2II298uUs7VaFJ3LfwnyvBdvLfJbSMIkmeWveE JqmWWnOhXPwcDcJ6ZGL6DdfaUPwGvqFtq7+QN4T006zaJ/CdI9Y7+cqFUnkgvO+Elc/q BlYw==
X-Gm-Message-State: AOJu0Yz8UW+zXy7woAEDUHrOPXZ2wyzAifE6/g8HQegaPU48aZil8uGA 5Te9B38Hn9NaIAsAbi7X5fYwBCRtM9E7ZMm/z4NwIbU+gGEbEHOuwac/FdLW7VL9WXdUkRAH0ev LXOrFLSy5Kc2LB3R6Dhvj3OJwVmwf18tD
X-Google-Smtp-Source: AGHT+IEe6+eZ4SR6nLt6//7MMJ01McmPr+QR6zwPebD58TQuB/p0YazMV16IyO1rG2NrX9imbiPvr4QGO81TqDLx9Jw=
X-Received: by 2002:a2e:9b0a:0:b0:2e6:935f:b6d3 with SMTP id 38308e7fff4ca-2e95b096b74mr39461721fa.14.1716651602015; Sat, 25 May 2024 08:40:02 -0700 (PDT)
MIME-Version: 1.0
From: Michael B Allen <ioplex@gmail.com>
Date: Sat, 25 May 2024 11:39:50 -0400
Message-ID: <CAGMFw4hWNADYQ_rRvZFH4e6Y1ED1t4Un9qvJZTzwshkiepx3_w@mail.gmail.com>
To: kitten@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f1026a061949188d"
Message-ID-Hash: RKAZWDZRP2MEJ4N2M5AKAO75CQPMFAXK
X-Message-ID-Hash: RKAZWDZRP2MEJ4N2M5AKAO75CQPMFAXK
X-MailFrom: ioplex@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-kitten.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [kitten]Windows IAKerb w/ SPNEGO
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/GVc_yOZnZzsQ-axeBFxAYGYMkjs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Owner: <mailto:kitten-owner@ietf.org>
List-Post: <mailto:kitten@ietf.org>
List-Subscribe: <mailto:kitten-join@ietf.org>
List-Unsubscribe: <mailto:kitten-leave@ietf.org>

Will the upcoming Windows implementation of IAKerb use SPNEGO NegTokenInit
mechToken with IAKerb OID 1.3.6.1.5.2.5 or existing KRB5 OID
1.2.840.113554.1.2.2 or something else?

If it uses the KRB5 OID, will this not cause existing acceptors to generate
a cryptic and potentially very annoying error on the unknown TOK_ID 0x05
0x01 IAKERB_PROXY?

If a new OID were used, the server could decide to start accepting KRB5 w/
IAKerb and eventually make the KRB5 OID an alias for IAKerb.

Mike

-- 
Michael B Allen
Java AD DS Integration
https://www.ioplex.com/ <http://www.ioplex.com/>

v2.46.0 | Report a Bug | By Email | System Status