IETF Logo Mail Archive

Re: [kitten] [EXTERNAL] Re: IANA number assignment for checksum type

Jishnu Renugopal <Jishnu.Renugopal@microsoft.com> Tue, 15 June 2021 20:39 UTC

Return-Path: <Jishnu.Renugopal@microsoft.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85FC83A3D0E for <kitten@ietfa.amsl.com>; Tue, 15 Jun 2021 13:39:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ei9-fqhluHeB for <kitten@ietfa.amsl.com>; Tue, 15 Jun 2021 13:39:28 -0700 (PDT)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2123.outbound.protection.outlook.com [40.107.243.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA6403A3D15 for <kitten@ietf.org>; Tue, 15 Jun 2021 13:39:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l78feJOwa7QvswjEOP2uFnQbTYfIib+6OBKFhHd0iFLAzat6Ob8Q0tvDhzkfhLVuH1U1bEFpVK/YegAjSR+HV4J/PdEUeNnG/p+VMJv0zIPAS+yrg/GNL6SblbQIKMadkEAS3crxOBtrTK7bkn+17sJ3Q9SE5c/7tzSGnXdBSYDcxWGjcfxlZI4odbhjcmM2V5hDaLMKRDN5Izy5FmoWPsq2Qn08SSNvIjc5MkQ3hbMpTy6xlsaltV7HuY2x7euAHtCYGkcU8nlOl9xzZUymG9B+3uA0xMdeHarCJYHWI87CscRxgZ0jogr4YAaCtaUlDSZM40ecsUOV4vv8zNdupA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Al2YLDHBmlk7HtkwiX+qlEEsey4j4JNh7Kxg+FjY2wA=; b=Pcvon+l065tNmSfk8ejIbDXX5/J1izyTbzabkI10g2TddGwwHNkTUSSU/Po+YNlXzNn+xI/vOUxn0SNhxVLJ+S6lQUrx73T2S2ikdkb61YZb3ErNyZuE33TmXleFT70UM++p+sKOKVlKukIBSwJ72W2NpjFoWcFP/XhDjRXFS3hR61mFpFuJ19iGfUSgKTGi6JsZiRg/eW8sPoxkE4Fv+TTGzBdoTo6H2QnOCxAkYYFmCIz3Ejv0cknQUJuNVaMRPH/SgzZCUxyWBn3uH0sJldPpKJXmdtmYcC2Ubwt+j5XOFp2qNezMGvx4mwCKmhXFNxWsIVGQRMUgY6AJz5Brtw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Al2YLDHBmlk7HtkwiX+qlEEsey4j4JNh7Kxg+FjY2wA=; b=QgIKPYWLtWInqPf2KVgrlYAih7A63tOIpMzNsYBpRDXXZtqrvFdFzxXXd3ajeqyz7MvbGvVHVx5h2uP2AnUy6KYjL45Gi+jXGsr35xPNG3Zdmh6SdgZAk1iv8Fb3mSVRqbnZdY+ejdS5f58Hb4mCbeG3B1LCRKXtHuRDoqt32Vk=
Received: from MWHPR2101MB0809.namprd21.prod.outlook.com (2603:10b6:301:76::35) by MWHPR21MB0639.namprd21.prod.outlook.com (2603:10b6:300:127::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.8; Tue, 15 Jun 2021 20:39:23 +0000
Received: from MWHPR2101MB0809.namprd21.prod.outlook.com ([fe80::1954:781:7752:858d]) by MWHPR2101MB0809.namprd21.prod.outlook.com ([fe80::1954:781:7752:858d%3]) with mapi id 15.20.4264.004; Tue, 15 Jun 2021 20:39:23 +0000
From: Jishnu Renugopal <Jishnu.Renugopal@microsoft.com>
To: Robbie Harwood <rharwood@redhat.com>, "kitten@ietf.org" <kitten@ietf.org>
Thread-Topic: [EXTERNAL] Re: [kitten] IANA number assignment for checksum type
Thread-Index: AQHXXKrS7OUGYrTltkis22LvBLiTvKsVUmGAgAA/9VM=
Date: Tue, 15 Jun 2021 20:39:23 +0000
Message-ID: <MWHPR2101MB08098FF14AE954451F03EB1295309@MWHPR2101MB0809.namprd21.prod.outlook.com>
References: <MWHPR2101MB0809EB5EFF1989B9E1F1772295379@MWHPR2101MB0809.namprd21.prod.outlook.com>, <jlg4kdz9ivm.fsf@redhat.com>
In-Reply-To: <jlg4kdz9ivm.fsf@redhat.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-06-15T20:34:27.7818421Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Privileged
authentication-results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b40e4426-7dd1-4611-8479-08d9303da91c
x-ms-traffictypediagnostic: MWHPR21MB0639:
x-microsoft-antispam-prvs: <MWHPR21MB063972A7A807F515B5BBEB4A95309@MWHPR21MB0639.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:5797;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: x6+QSRcCYIeviTX8wiJ+smb9196vlP2wUO/kqGJi+Y4mR7JleXbwgGxjSGDAc8skqg12cEZSo+briud4D5pc5wirM8HW4DzJD1gBQG7DC8wcOvkpEi6sM7Q3Rdxopoa3HMlteYRCeHzNaNXX7PBm16iTzYwP8SaSAAif0SaVEpDNxtHqiuTZCiVvCnhkW9dAgRoIZEEyyVR2CbwL6QWHRHtYmRUdg/NRrCjCZTvtFQbzJLTLJ9wLuqp4ut6u++plvbY+j+qvfRy2qpS9WUYLp27i+va9wl5LI337h7gU17ms9hHjRWHiut8L+fIxwFPQvDi9quoPMJTUQkH5y4aNuUqZF16yOkGBkEiHe/eLY90d3VtZw6Nvzooy+3tMfjqNfy3kBO36F3TCedswRqO9HmrPhKsbD1oxdg7WsfOdCAoC+tPqBjeuztGD7eYLBwN9WijvfDL1Du+7Flf2FEWXdvzZEERwEo5a6MhIj4WwWDRUbFVHsLmrStIb506D7kdqDBaEB966Ps8KNpvyJ78R7PPF4LK0YSf6I7wCTqLpW/OgycTU8ouLQvXZp9kc3ui/R1Lz5W5Ko/QzE4s8BkpMmcTyV8TI1xb66JihK59gYYYWtYGi2K03xLWxs8oqhvogF6NVo1RoSxWTM6vWG4Sp3NrHyR95i7uQ+2RNyJxomvJv0ewc3/eVj9oRgdZdQBEv4nJuyPQIORBkHtSPoJcJ/Gr/jG7bcQdzLYk4tBzeJDz9sQssdDhXd0j6LNU54EKd/GULCALBY1VGXNesbuA/CQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR2101MB0809.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(33656002)(86362001)(38100700002)(66556008)(10290500003)(5660300002)(166002)(7696005)(53546011)(8936002)(8990500004)(83380400001)(110136005)(8676002)(82950400001)(82960400001)(6506007)(66446008)(966005)(66476007)(316002)(9686003)(55016002)(186003)(52536014)(478600001)(71200400001)(122000001)(66946007)(76116006)(64756008)(2906002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?G87qlNvoZHFmcMc9un6SPUxboJBp4tydZJCtGfCfJ7F7+/MUAEK+aYsm?= =?Windows-1252?Q?TCWaYba558Ea60mbJ7zIqOvvZeJrSFD0SoSzs9QBtkazLUUffZbrd2WX?= =?Windows-1252?Q?EOLLW7DoXoPeMSJ0Bveq0aRT+RgSNLN28EJts8FRzdgc1LYtkxFTr3gk?= =?Windows-1252?Q?FpBU5pJDUuSEKKg+kM++M2TgJFHM9SQOcavnNVak89Pwsb4qT8ZfZpr4?= =?Windows-1252?Q?+B9d3ZZnec4Ykqd90tTUU3BMW9fq1vQ3q4Bko4spb1OU0+t5enytraYE?= =?Windows-1252?Q?QIAHZJRwPIY2ZyJ30dmxmZtEK0QZXziqxlTc+fSIbS8GftpbLA0K8OFB?= =?Windows-1252?Q?Yp8r2QeiBM5/yEL06o+CU5Qr8bi6YpUL7x1/Y7irB4HGHw+ZFBhXD50Y?= =?Windows-1252?Q?ssDvNtFMEkRsWcmbJCxWY/teqtv9LZln3GvU62S5l6rBp9vdr6MJdUVp?= =?Windows-1252?Q?E0O6+kvDE31RC6EVgTHU2uR+/bFGiHZyUALVFtiY8Ryg+Hywaysx9RXB?= =?Windows-1252?Q?JtsiYbEoIYQF1TiJEbX/ZVg6Gm3OkP06zSMv49pHM47OASlqWktb764z?= =?Windows-1252?Q?Xxq0sfBDDZgTVgw2nxl9wizyBzWQDfhmr9LTg479qSXeh6avLeh71XFp?= =?Windows-1252?Q?t5qAD52rKzRF4Xn1QbSD/C3kZDBfbaabpLStqHRGPEXXDtCbEmjKJHn0?= =?Windows-1252?Q?ng+fi7rMFYNA/GYnzEHVW5oPDHFcbwJTiWjcf5RG1kxXpVkLmxTlEScm?= =?Windows-1252?Q?UQubmW4PG/l9FvZrtVguWpc34KFzHuiDEL/81/cxc8717pjgzwiqy5iu?= =?Windows-1252?Q?Qx+OZvmU0kPkVvcr7MHV9tcoGxxKAD9SPz55NmZ0hPt/XDNOlEuyeQ70?= =?Windows-1252?Q?/NAoVqsBDCeOCsAVmbDOSHD2LLKJ0hZ0LKMvK0L2e4b5+FqfIdLiISh9?= =?Windows-1252?Q?gMRQQbUUpDVk7YCNaUpT7OMQCZ2/QInTPFhhsihfciGJxB1c1JVTp7de?= =?Windows-1252?Q?pNC4hXWs/Tiqb4WPkFxzPaR3CA53GGGH4thuTUTe3ngAuaggo+vB5g/7?= =?Windows-1252?Q?Q74+MPYYLxCPK5fCERRqq58PLxc7tU9kPmVfX30tTHZoDo7XvOaPu8ID?= =?Windows-1252?Q?6q2FYg6AHHO+UpSTqv8/Wvza4iTmgLLlnpKoKIfG7Cy+a9B8bZEp+Rrf?= =?Windows-1252?Q?vUFJiuehZxKs0iSMDdJXC4ZuC3EQfBDSWlzcsf95y0+kbuHKBf2KsyVN?= =?Windows-1252?Q?u1Y34LxauVTqGb9OglBsjz3iyhPw3dEuFxXUUBpAjJbhESZsQn3YA+yo?= =?Windows-1252?Q?vDkjWvk39PdDerWJmEiUwWjWH9Pib2tFG1CJR69UKBj2FQKByjqHKVbm?= =?Windows-1252?Q?nyzQfhDpkE5gis4OkNf9tvwy2Ixr5TEwvxkz5o3kDTra5DTSmohDnZ1R?= =?Windows-1252?Q?LpzgbG5NJU+ZP1teRbgSBryIZ9pbyoajI2txIntS0J6GSmj/ca7IUsZe?= =?Windows-1252?Q?Wz9NvmOq?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MWHPR2101MB08098FF14AE954451F03EB1295309MWHPR2101MB0809_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR2101MB0809.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b40e4426-7dd1-4611-8479-08d9303da91c
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jun 2021 20:39:23.7193 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: uQSb2VxMhs7aPTHQuiHA30orBxB2RJhVLtkDS3MlHPBK6dMugehIqCinbKlUT50UiDO9RgvWG2PJtjL9xq/v9w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0639
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/J5Je5qh2cQ8PhjkqmW8opZuz98U>
X-Mailman-Approved-At: Tue, 15 Jun 2021 13:46:15 -0700
Subject: Re: [kitten] [EXTERNAL] Re: IANA number assignment for checksum type
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jun 2021 20:39:33 -0000

From: Robbie Harwood<mailto:rharwood@redhat.com>
Sent: Tuesday, June 15, 2021 9:45 AM
To: Jishnu Renugopal<mailto:Jishnu.Renugopal@microsoft.com>; kitten@ietf.org<mailto:kitten@ietf.org>
Subject: [EXTERNAL] Re: [kitten] IANA number assignment for checksum type

Jishnu Renugopal <Jishnu.Renugopal=40microsoft.com@dmarc.ietf.org>
writes:

> Hi folks,
>
> We are working on adding new checksum types for the Windows
> implementation of Kerberos namely – SHA256, SHA384, and SHA512 – all
> unkeyed.
>
> We were wondering if we can get IANA assignments for these types here:
> Kerberos Parameters
> (iana.org)<https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#kerberos-parameters-2>-2>.

Hi,

It sounds like you're adding support for RFC 8009 (AES Encryption with
HMAC-SHA2 for Kerberos 5 - https://datatracker.ietf.org/doc/html/rfc8009
) - is that right?

That document defines aes128-cts-hmac-sha256-128 as 19 and
hmac-sha384-192-aes256 as 20 (section 7).  It looks like those are
reflected in the registry you link (though it's possible that's been
updated between your post and my reply).

Thanks,
--Robbie

We are implementing RFC 8636 partially.
Instead of rfc8636 (ietf.org)<https://datatracker.ietf.org/doc/html/rfc8636#section-3> which updates paChecksum from RFC 4556 where it is always a SHA1 checksum; we are extending pkauthenticator to include other checksums also. In this case, SHA2.

Best,
Jishnu

v2.8.7 | Report a Bug | By Email