IETF Logo Mail Archive

Re: [kitten] Replacing Kerberos

Nico Williams <nico@cryptonector.com> Thu, 23 February 2023 22:04 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69E15C14F74A for <kitten@ietfa.amsl.com>; Thu, 23 Feb 2023 14:04:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LQAE_trRAihq for <kitten@ietfa.amsl.com>; Thu, 23 Feb 2023 14:04:46 -0800 (PST)
Received: from purple.birch.relay.mailchannels.net (purple.birch.relay.mailchannels.net [23.83.209.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E8FFC14E515 for <kitten@ietf.org>; Thu, 23 Feb 2023 14:04:45 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id DDBDE2618EA; Thu, 23 Feb 2023 22:04:44 +0000 (UTC)
Received: from pdx1-sub0-mail-a303.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 6D9C026130E; Thu, 23 Feb 2023 22:04:44 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1677189884; a=rsa-sha256; cv=none; b=0/8mTjS7vu1VnGAhzH7hHsDjawFoLwdtmiB6i8xFqMDGC+NfCfsVldAVKHv8kY60FZkJbx 9LHxCGaHX2nwsJYe4bfOuB6KiFdbOrcN2VZZ2PudnuLMxefstRclgTL7xOhbnnk71ScQ2e vzdjUop1YuOraRL+5HptA3TJN999SZy3gezNcXZhGfV5z69ZL+7AAB3LuEG3sg61C+pYrE /Lq40FmVGnMUQ9jsPN7OCQwyeBtoWnOfIQmeB4rKcjeHQY7TQs3KAB5ycXRfF9QNnVLwGM OO4eUENt9WTImBIWdkC5myd5iwR9bQb9Hxatiiau3zvWrJ2dXmrQIYZSXDwN1A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1677189884; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=9mipv7Tb4jOdGhwdPLE123l8TDA7lpqvWHRqfaf/T5M=; b=b6xtghK7c32rinDdEUy782BZRUUVBBTeBzxQP9xY8wC7WT9L5RLnaXYeX9xZQ2POMm1kFH RQa96zUA2PFzyyeOm22OH1lsUZszqzhCBj/I3otBFiMm4jGQqmcQzPa0uyw0Giw6GhmPNX E5PZfaHuafVW2iLadLMKs7i0Or7PA+dtikdMZyoPi1hQAGq+BgEhTSm+C7IAbPcM3q4Kjz rhZa2GkUjKjYiKUL7y3+1xdXjNT9cHKVPPYOp6UvIICbvGouQWRQZosY+Hp69Lx9gqeA6J mefwJqcn3jWs6s77SER4S7njLSv90qEiQ4iHuMiOa+xBF0ghWpYbZW21ZrZ0Bw==
ARC-Authentication-Results: i=1; rspamd-5db48964c-9shrn; auth=pass smtp.auth=dreamhost smtp.mailfrom=nico@cryptonector.com
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Stretch-Wipe: 5305d2714b5c7771_1677189884704_276097623
X-MC-Loop-Signature: 1677189884704:3015191313
X-MC-Ingress-Time: 1677189884703
Received: from pdx1-sub0-mail-a303.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.109.138.62 (trex/6.7.1); Thu, 23 Feb 2023 22:04:44 +0000
Received: from gmail.com (075-081-095-064.res.spectrum.com [75.81.95.64]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a303.dreamhost.com (Postfix) with ESMTPSA id 4PN6Wb4d5Nz3m; Thu, 23 Feb 2023 14:04:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptonector.com; s=dreamhost; t=1677189884; bh=9mipv7Tb4jOdGhwdPLE123l8TDA7lpqvWHRqfaf/T5M=; h=Date:From:To:Cc:Subject:Content-Type:Content-Transfer-Encoding; b=jc1SzYHmp8H1vbxvXv287FNVJINDtr9xbzVmA+pbyFKi65iA1xcSUBOcnLCFJfSPd WzDOu9YMxrawFSQ8L2Oe1q7OVdBY/AyQ2jjDqhtvYuBDvOYttbtIa5f2kDvMdWMkhi wbPB3E+rSX3etxbJEyB29AclrHBykgpnnm/xVXpPs4cm8fFZ/QKJ1Hy4DzIuLP+hzu 4uJnHdiGqHq32cQy4zvxHqKsIegXPcIC46qmmezpFFXikBQnDFj9c5l5no15kg/1gC PjBgiM3ufkvpJNPp6FcXz83osEnId4gOzO3NiTxii1CIc1G0Moo+QgNs0oWx5P1hdl oVzBnHA5fpT3w==
Date: Thu, 23 Feb 2023 16:04:41 -0600
From: Nico Williams <nico@cryptonector.com>
To: D.Rogers@gmx.net
Cc: Erin Shepherd <erin.shepherd@e43.eu>, "kitten@ietf.org" <kitten@ietf.org>
Message-ID: <Y/fi+VMeFWPdhgXJ@gmail.com>
References: <MW4PR21MB1970A9D254B943A1763C55FF9CA09@MW4PR21MB1970.namprd21.prod.outlook.com> <de4cbe7b-85b5-7001-3a8c-74787990c6e0@secure-endpoints.com> <eb9fa7a4-a00d-f388-27aa-3624df8ce4f2@secure-endpoints.com> <MW4PR21MB197060FB388E7922FAADEB079CA19@MW4PR21MB1970.namprd21.prod.outlook.com> <Y/GFY3wTO+TBg638@gmail.com> <134D46FA-1E2A-4DB0-9B8D-6897136972CA@e43.eu> <trinity-6e7be0e9-e437-4cdc-b08c-bd12133e26cd-1677185769010@3c-app-gmx-bs20>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <trinity-6e7be0e9-e437-4cdc-b08c-bd12133e26cd-1677185769010@3c-app-gmx-bs20>
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/SBVimKozI-qxjChTxGBIaJ6ACGM>
Subject: Re: [kitten] Replacing Kerberos
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Feb 2023 22:04:50 -0000

On Thu, Feb 23, 2023 at 09:56:09PM +0100, D.Rogers@gmx.net wrote:
>    I dont know if its worth mentioning but in 2013 I published a paper
>    concerning combining Kerberos with IPsec. Perhaps some ideas may still be
>    relevant
>     
>    http://www.ijoee.org/uploadfile/2013/1006/20131006120339992.pdf

I'll take a look.  Some related research / protocols you might be
interested in:

 - RFC 4430 Kerberized Internet Negotiation of Keys (KINK)
   RFC 3129 Requirements for Kerberized Internet Negotiation of Keys

   This is a KE protocol for IPsec, like IKE, but based on Kerberos.

 - RFC 5386 Better-Than-Nothing Security: An Unauthenticated Mode of IPsec
   RFC 5660 IPsec Channels: Connection Latching

   This is a scheme for using IPsec (with potentially anonymous
   end-points) w/ channel binding from application layer authentication
   schemes.  The only missing piece is a definition of the channel
   bindings for an "IPsec channel" (we never got to it mainly because we
   ran out of energy).

   An "IPsec channel" is a packet flow for a ULP connection (e.g., TCP
   connection, or UDP "connection", etc.) where a) the SPD is held
   unchanged for that flow during the flow's lifetime, b) the SAs
   protecting that flow retain the same end-points during the flow's
   lifetime.

   See the concluded BTNS WG: https://datatracker.ietf.org/wg/btns/about/

IPsec deals in IP addresses, so it has to have an authorization function
of "authenticated entity" to "claimed IP address(es) / address range".
In an environment with dynamic IP addressing that's a problem: you can't
guarantee that the other end of some packet flow remains the same for
the lifetime of that packet flow.

The approach that we (well, I) took regarding this problem was to expand
on Dan McDonald's "connection latching" functionality in Solaris (see
the IP_SEC_OPT socket option) to go beyond SPD latching and also latch
the identities of the two end-points.  "Latching" here means "ensure
they don't change [while the connection remains alive]".  Then add
channel binding (which we never got around to) from application layer
authentication systems.

IMO the connection latching approach is better than the KINK approach
because then one need not work hard on credential provisioning for IKE
(since anonymous credentials will do) and also there is no need to worry
about dynamic IP address allocations nor about how to authorize
authenticated entities to IP addresses.  Except this only really works
for transport mode IPsec.  If you wanted to do Kerberos authentication
to a security gateway... well, at Sun we had a fabulous VPN system
called "punchin" that Dan wrote that essentially ran the equivalent of a
tunnel over transport mode IPsec to the gateway so that you could
authenticate to the gateway using an "application" protocol (punchin)
that would cause the SG to plumb your tunnel's routing, and presto, you
were on-network.  Since Dan wrote punchin, naturally it used the
IP_SEC_OPT socket option that he also wrote.  We could have used
Kerberos via IAKERB, or by plumbing enough routing to reach the KDCs
before the rest of the routing came up.

Nico
--

v2.23.0 | Report a Bug | By Email