Re: [kitten] SPAKE and non-deterministic RFC 3961 checksums
Robbie Harwood <rharwood@redhat.com> Tue, 26 September 2017 15:24 UTC
Return-Path: <rharwood@redhat.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46F9713309D for <kitten@ietfa.amsl.com>; Tue, 26 Sep 2017 08:24:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CFXC7oPN1is0 for <kitten@ietfa.amsl.com>; Tue, 26 Sep 2017 08:24:37 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD13C134213 for <kitten@ietf.org>; Tue, 26 Sep 2017 08:24:37 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 60E713B728; Tue, 26 Sep 2017 15:24:37 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 60E713B728
Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=rharwood@redhat.com
Received: from localhost (ovpn-66-196.rdu2.redhat.com [10.10.66.196]) by smtp.corp.redhat.com (Postfix) with ESMTP id 371EB71C4A; Tue, 26 Sep 2017 15:24:34 +0000 (UTC)
From: Robbie Harwood <rharwood@redhat.com>
To: "Henry B (Hank) Hotz, CISSP" <hbhotz@oxy.edu>, Benjamin Kaduk <kaduk@MIT.EDU>
Cc: kitten@ietf.org, Simo Sorce <simo@redhat.com>
In-Reply-To: <B9ED4047-4BAF-4F58-A4CF-5CE420371BB7@oxy.edu>
References: <x7d1sn5zyl8.fsf@equal-rites.mit.edu> <20170919015937.GN96685@kduck.kaduk.org> <1505920169.1143.15.camel@redhat.com> <20170923190527.GU96685@kduck.kaduk.org> <1506358991.3211.1.camel@redhat.com> <20170926022550.GZ96685@kduck.kaduk.org> <B9ED4047-4BAF-4F58-A4CF-5CE420371BB7@oxy.edu>
Date: Tue, 26 Sep 2017 11:25:28 -0400
Message-ID: <jlgd16dmqhj.fsf@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Tue, 26 Sep 2017 15:24:37 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/VG-DMsg8t7A2Kx30xKtvLpj8rM4>
Subject: Re: [kitten] SPAKE and non-deterministic RFC 3961 checksums
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Sep 2017 15:24:39 -0000
"Henry B (Hank) Hotz, CISSP" <hbhotz@oxy.edu> writes: >> On Sep 25, 2017, at 7:25 PM, Benjamin Kaduk <kaduk@MIT.EDU> wrote: >> >> That said, Greg noted on IRC that if we do have a "no DES and SPAKE >> together" requirement, the KDC knows the initial reply key and can >> do the right thing fairly easiliy, including rejecting optimistic >> attempts from (broken) clients. So, I'm starting to come around to >> the camp of "prevent SPAKE with 1DES, and require all future mandatory >> checksum types to be deterministic". (Possibly all future checksum >> types entirely, but that may be too aggressive.) > > Do we really have that many single-des deployments to worry about > anymore? Everything I know of, including AFS and AD/Windows, has > better alternatives available and just waiting to be turned on. Surely > nobody is still using JGSS in Java 1.4. I don't think we can really know until we start pulling support for it, rather than just having it off by default. Our model makes it easy to deploy a KDC in a "compatibility" mode (which I suspect a lot of sites do) and then worry less about what clients are running around. Thanks, --Robbie
- Re: [kitten] SPAKE and non-deterministic RFC 3961… Benjamin Kaduk
- Re: [kitten] SPAKE and non-deterministic RFC 3961… Henry B (Hank) Hotz, CISSP
- Re: [kitten] SPAKE and non-deterministic RFC 3961… Robbie Harwood
- Re: [kitten] SPAKE and non-deterministic RFC 3961… Henry B (Hank) Hotz, CISSP
- Re: [kitten] SPAKE and non-deterministic RFC 3961… Henry B (Hank) Hotz, CISSP
- Re: [kitten] SPAKE and non-deterministic RFC 3961… Benjamin Kaduk
- [kitten] SPAKE and non-deterministic RFC 3961 che… Greg Hudson
- Re: [kitten] SPAKE and non-deterministic RFC 3961… Benjamin Kaduk
- Re: [kitten] SPAKE and non-deterministic RFC 3961… Simo Sorce
- Re: [kitten] SPAKE and non-deterministic RFC 3961… Henry B (Hank) Hotz, CISSP
- Re: [kitten] SPAKE and non-deterministic RFC 3961… Benjamin Kaduk
- Re: [kitten] SPAKE and non-deterministic RFC 3961… Simo Sorce
- Re: [kitten] SPAKE and non-deterministic RFC 3961… Benjamin Kaduk