Re: [kitten] Kerberos preauth negotiation techniques

Benjamin Kaduk <kaduk@MIT.EDU> Thu, 12 February 2015 20:34 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 269DC1A1EB7 for <kitten@ietfa.amsl.com>; Thu, 12 Feb 2015 12:34:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KhxmIOZNEOnX for <kitten@ietfa.amsl.com>; Thu, 12 Feb 2015 12:34:09 -0800 (PST)
Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 915221A6F3F for <kitten@ietf.org>; Thu, 12 Feb 2015 12:34:03 -0800 (PST)
X-AuditID: 12074425-f79846d0000054e1-ee-54dd0e3ab7fd
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id E0.8F.21729.A3E0DD45; Thu, 12 Feb 2015 15:34:02 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id t1CKY19p019025; Thu, 12 Feb 2015 15:34:02 -0500
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t1CKXxl8016287 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 12 Feb 2015 15:34:01 -0500
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id t1CKXxT9012983; Thu, 12 Feb 2015 15:33:59 -0500 (EST)
Date: Thu, 12 Feb 2015 15:33:59 -0500 (EST)
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Greg Hudson <ghudson@MIT.EDU>
In-Reply-To: <x7da90k47ox.fsf@equal-rites.mit.edu>
Message-ID: <alpine.GSO.1.10.1502121529430.3953@multics.mit.edu>
References: <x7da90k47ox.fsf@equal-rites.mit.edu>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrCIsWRmVeSWpSXmKPExsUixG6nrmvFdzfEYOFBaYujm1exODB6LFny kymAMYrLJiU1J7MstUjfLoEr492/40wFJ/kqpsz9ytTAuJG7i5GTQ0LARKJv8l9mCFtM4sK9 9WxdjFwcQgKLmSRublzMDOFsZJS4tnA1E4RziEni49VZrBBOA6PE1a8HWUD6WQS0JWasf8EK YrMJqEjMfLORDcQWEVCU+L3yLSOIzSwgLLH+3AywfcICthKTb38HszkFjCSmTzrMBGLzCjhI PG6ZwA5iCwkYSnT++g7WKyqgI7F6/xQWiBpBiZMzn7BAzNSSWD59G8sERsFZSFKzkKQWMDKt YpRNya3SzU3MzClOTdYtTk7My0st0rXQy80s0UtNKd3ECA5MF9UdjBMOKR1iFOBgVOLhDTC+ EyLEmlhWXJl7iFGSg0lJlPcI190QIb6k/JTKjMTijPii0pzU4kOMEhzMSiK86h+BynlTEiur UovyYVLSHCxK4rybfvCFCAmkJ5akZqemFqQWwWRlODiUJHg5eYGGChalpqdWpGXmlCCkmTg4 QYbzAA23BanhLS5IzC3OTIfIn2JUlBLnZQBJCIAkMkrz4HphieMVozjQK8K87iBVPMCkA9f9 CmgwE9DgiTNugwwuSURISTUwdsd27LvO5bdQvu/hzcykb4a9m06d3OT8KbumKjusR9bIKDRu ggb3BwcW02Vyhf+fJrQs3ycj8D3q6Yl9e2XLmVQjN2d1PMiYErTFZn7pkdzesCnH13UcmM72 rymq7QG3rFNQ6VJl7/Am80JZ30NVrQIMZxeVf3/jxP3nhfw6xcy3zx3kLJyUWIozEg21mIuK EwE5+HEB9wIAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/NO0Bv97knZLfrbDgvIJeZxMi-1s>
Cc: kitten@ietf.org
Subject: Re: [kitten] Kerberos preauth negotiation techniques
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Feb 2015 20:34:12 -0000

On Wed, 11 Feb 2015, Greg Hudson wrote:

> 1. Add a third round trip.  The exchange could look like this:
>
>     C: unauthenticated AS-REQ
>     K: PREAUTH_REQUIRED (empty hint)
>     C: AS-REQ (client sub-negotiation parameters)
>     K: MORE_PREAUTH_DATA_REQUIRED (KDC parameter choice, KDC public value)
>     C: AS-REQ (client public value, key confirmation, second factor)
>     K: ticket or error
>
> 2. Use pseudo-enctypes:
>
>     C: unauthenticated AS-REQ (pseudo-enctypes in etype field)
>     K: PREAUTH_REQUIRED (KDC public value in hint)
>     C: AS-REQ (client public value, key confirmation, second factor)
>     K: ticket or error
>
> 3. Use client preauth hints:
>
>     C: unauthenticate AS-REQ (padata containing sub-negotiation params)
>     K: PREAUTH_REQUIRED (KDC public value in hint)
>     C: AS-REQ (client public value, key confirmation, second factor)
>     K: ticket or error
>
> ---
>
> As I write this, I am leaning towards option 1.  My only reservation is
> that I would like this mechanism to eventually displace encrypted
> timestamp in the Kerberos ecosystem, and it might be a shame to make
> essentially all password-based initial Kerberos authentications take
> three round trips.  What are other people's thoughts?

I agree that (1) is the cleanest in terms of fitting into the existing
structures.  But, practical considerations of reducing the round-trip
count may end up causing us to go with (3), which is also fairly elegant
but has the wart of needing to update RFC 6113.  I generally like to avoid
changing existing specs that had a lot of thought go into them, but
perhaps this is a minor enough change that it would be acceptable.  Do you
want to write a little bit about the existing pa-hint and how this new
usage would differ from the current standardized usage?

-Ben