IETF Logo Mail Archive

Re: [kitten] [EXTERNAL] Re: Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03

Nico Williams <nico@cryptonector.com> Wed, 22 February 2023 04:14 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5A43C14CEFA for <kitten@ietfa.amsl.com>; Tue, 21 Feb 2023 20:14:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4zxRE0nhLFBR for <kitten@ietfa.amsl.com>; Tue, 21 Feb 2023 20:14:11 -0800 (PST)
Received: from quail.birch.relay.mailchannels.net (quail.birch.relay.mailchannels.net [23.83.209.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96102C14F720 for <kitten@ietf.org>; Tue, 21 Feb 2023 20:14:11 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id C05D81017F5; Wed, 22 Feb 2023 04:14:10 +0000 (UTC)
Received: from pdx1-sub0-mail-a299.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 51BAD101694; Wed, 22 Feb 2023 04:14:10 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1677039250; a=rsa-sha256; cv=none; b=CKrUE7USLYWcgqbSW/YUTD3GyCS0zdLPDzWVAZ/2XO6+jZyiYh9PZY67V424pNAxDy/Dfh RhgbuifQ34Ob2qxMfvBynyG8CzFFRPcdHdBg/z4UHddNLeJ9MGebmW9eq+eGTEHsYqpdpQ TvYmQpCDgB30Ih6jw78xtfrrfM4vYHpg/f1Txe4VFZIuYOuF3SbxNnp+37akRV7m/I2Dux kRd0tncdGxzo2KrX6p756kU98q/4ypXtq41Tjt9lh3oV2wB2vKQjU+GVCZL8oPv6DoGA6/ FtufxUcyWlMBuI2TC9gRQMwrNrmloF7SMVM6AfhYlFezVdF/qbbxuqpqM7FmPQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1677039250; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:dkim-signature; bh=xLVJXEpNYrUuVlVlqVoVox0l7cOqM+hqoddEkvM9rP0=; b=v8j9xG8ZUFcYvT6fdct3Kp2LCsHZrSz2b76eH/M4dtglFgRMX1GLNWEOEwrzXcuujeUrt5 lkbGsgi3uBSqyi6akgOugz+Z0F/t+eRMt219/FwmArZzaPtoA3iYirrxb3Y2VbCvebQ05Z NOUvEWR8QfWYdcl6ZywzzLTc6bqnEQBfxjYYHH4x+YMi0b8JYWmTmFGd4OHGQo6qkaFP7Y capp2tK6FngN1DeOXPjcy/bhUN/4eDd69ychuK/wBBhn52CO/KULG8PXUHIQ9Jpkd6BhoY eHblJW3Fy6saSpIYOmUxNsRHTE20dryStZz1I7/oavs5itMQ0y197T5cTPblsw==
ARC-Authentication-Results: i=1; rspamd-5db48964c-tlhbm; auth=pass smtp.auth=dreamhost smtp.mailfrom=nico@cryptonector.com
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Unite-Tart: 5415b3b400153776_1677039250586_2842070584
X-MC-Loop-Signature: 1677039250586:3203863495
X-MC-Ingress-Time: 1677039250585
Received: from pdx1-sub0-mail-a299.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.103.24.101 (trex/6.7.1); Wed, 22 Feb 2023 04:14:10 +0000
Received: from gmail.com (075-081-095-064.res.spectrum.com [75.81.95.64]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a299.dreamhost.com (Postfix) with ESMTPSA id 4PM2pn4B2HzBR; Tue, 21 Feb 2023 20:14:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptonector.com; s=dreamhost; t=1677039250; bh=xLVJXEpNYrUuVlVlqVoVox0l7cOqM+hqoddEkvM9rP0=; h=Date:From:To:Cc:Subject:Content-Type; b=SwouBs/VHfxJqmKrXj3DFieIAUgpUhYMCmSbI0LFnmXseeL591o2fCp/NGVfTL5Zt zTksBn0t3RdC38ucG6ch7dPIOfH+eL9np2VC6g2PoKOG2HD8mGbl6k+ODAu+OXhkD/ qgBJyNq79aEtOwDRa/8U9GAiUjfDaJ0GtxbqMTtOK4pZlYYhM5IU/8ltth9WYCnwMD O2NXoO7zf85RRBW+i/yANVqaZ7RnfmELcA76Ww+z6LbeDSiJBCHwl2q0gb9bzcHJzL NGFcYwPVTjMWSif+o8o5m6LJTQm1wD2YOyc8x8SA3m2Fwm16HwY4yrZ3nQitmSZxSy NgU+2fCYrQuOw==
Date: Tue, 21 Feb 2023 22:14:06 -0600
From: Nico Williams <nico@cryptonector.com>
To: "Steve Syfuhs (AP)" <Steve.Syfuhs@microsoft.com>
Cc: Luke Howard Bentata <lukeh@padl.com>, "kitten@ietf.org" <kitten@ietf.org>
Message-ID: <Y/WWjumkyhEjMvda@gmail.com>
References: <7064A9EB-EB01-426C-9BED-AFB97FA93551@padl.com> <Y/Q7hdTOF1HaxQKM@gmail.com> <Y/RFX4XywCAlhCeB@gmail.com> <MW4PR21MB197087AF4BB7632B0DF662619CA59@MW4PR21MB1970.namprd21.prod.outlook.com> <Y/T/3wwBIMZ+2mf6@gmail.com> <MW4PR21MB197051A332E7DD85FFB91EE69CA59@MW4PR21MB1970.namprd21.prod.outlook.com> <Y/UMA7xZYpOAWK4N@gmail.com> <MW4PR21MB19700BA2F20F8CC779F72CD39CA59@MW4PR21MB1970.namprd21.prod.outlook.com> <Y/VnjL/IBYXFWkYX@gmail.com> <MW4PR21MB1970EAD9739BFA099B05F4779CAA9@MW4PR21MB1970.namprd21.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <MW4PR21MB1970EAD9739BFA099B05F4779CAA9@MW4PR21MB1970.namprd21.prod.outlook.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/JaUuoH6iXog1aGe5KuL1J9ts-kA>
Subject: Re: [kitten] [EXTERNAL] Re: Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2023 04:14:15 -0000

On Wed, Feb 22, 2023 at 03:07:48AM +0000, Steve Syfuhs (AP) wrote:
> True. In the cross-realm krbtgt case we give it an hour I think. I was
> always under the impression that we had that coded that way because of
> replication delays. Or are you thinking hypothetically if one were to
> build this from scratch, today?

People I know will be doing one of these trust account password changes
soon.  It'd be good to know if it's really one hour so we can tune down
the krbtgt/${AD_REALM} principals' ticket lifetimes.

A then-client of mine did one of these rotations in 2012, and we tuned
x-realm krbtgt ticket lifetimes way down ahead of rotating the keys on a
Saturday to avoid any downtime.  Workable, but expensive in terms of
labor.  Key rotations should be smooth w/o manual intervension.  This is
especially important given that because they've not been smooth people
don't rotate them, and now you're retiring RC4 and so they have to
rotate them.  Is there some guidance doc for this somewhere?

> GMSA-wise, a ticket will never be encrypted with an out of date key.
> It's issued to the N key with the ticket set to expire when the
> password is set to roll over. If you're looking to postdate a ticket
> (not something I'm keen on folks doing), you could encrypt to N+1
> because all versions of the key are always derivatives of a constant
> secret plus a time epoch. TOTP on a grander scale if you will.

I feel a bit uncomfortable with non-overlapping key periods.  For one
thing there's clock skew to think about.  For another the ticket
lifetimes will not be the same every time a client requests a ticket --
weird! but especially given that they decrease to zero.  The window of
time for which that could be a problem seems small, but I bet it does
cause problems.  Maybe you've seen hiccups in your telemetry?  I worry
that hiccups in apps that retry with a backoff timer might be getting
papered over and you're missing hiccups in non-Windows, customer apps.

I would prefer that key lifetimes overlap a bit.  The Heimdal virtual
principal service namespace feature too does time-based key derivation
(good to know we're not the only ones thinking of such things!), but it
does allow the service to fetch multiple kvnos (all the ones the service
could need given configured ticket lifetimes and key epochs and current
time), and does not cause ticket lifetimes to be variable.

This a friendly suggestion that AD should store at least up to two keys
per account (plus a time at which each key was set).

Nico
--

v2.23.0 | Report a Bug | By Email