Re: [kitten] An idea to go beyond 32 flags in draft-ietf-kitten-kerberos-iana-registries-03
Greg Hudson <ghudson@mit.edu> Thu, 14 April 2016 15:19 UTC
Return-Path: <ghudson@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02F8E12D714 for <kitten@ietfa.amsl.com>; Thu, 14 Apr 2016 08:19:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.197
X-Spam-Level:
X-Spam-Status: No, score=-5.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tFKRC9fNfQOi for <kitten@ietfa.amsl.com>; Thu, 14 Apr 2016 08:19:01 -0700 (PDT)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4743912D66B for <kitten@ietf.org>; Thu, 14 Apr 2016 08:19:01 -0700 (PDT)
X-AuditID: 1209190c-5a7ff70000003b81-fd-570fb4e3923f
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id F0.3D.15233.3E4BF075; Thu, 14 Apr 2016 11:18:59 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id u3EFIx8m020618; Thu, 14 Apr 2016 11:18:59 -0400
Received: from [18.101.8.92] (vpn-18-101-8-92.mit.edu [18.101.8.92]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id u3EFItIt026543 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 14 Apr 2016 11:18:56 -0400
To: Rick van Rein <rick@openfortress.nl>, Tom Yu <tlyu@mit.edu>
References: <570E0415.5090501@openfortress.nl>
From: Greg Hudson <ghudson@mit.edu>
X-Enigmail-Draft-Status: N1110
Message-ID: <570FB4DF.9070100@mit.edu>
Date: Thu, 14 Apr 2016 11:18:55 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <570E0415.5090501@openfortress.nl>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrKIsWRmVeSWpSXmKPExsUixG6novt4C3+4wcqllhZHN69isXj66h6b A5PHkiU/mTw2/GtiC2CK4rJJSc3JLEst0rdL4Mr4snMfY8E3qYr1tx6zNjC2iXUxcnJICJhI tPz4zdLFyMUhJNDGJDHx9XVGkISQwEZGiUuLiiHsg0wSM577dTFycAgLpEnsWOoKEhYRsJdY tGoDE0hYSEBP4uhRTpAws4C6xNHnTWwgNpuAssT6/VtZIFbJSfR2TwKzeQXUJPoP/QKrYRFQ lfi96COYLSoQIfFk7klGiBpBiZMzn4DVcwroS+xZ+YENYr6exI7rv1ghbHmJ5q2zmScwCs5C 0jILSdksJGULGJlXMcqm5Fbp5iZm5hSnJusWJyfm5aUW6Rrq5WaW6KWmlG5iBIUupyTPDsYz b7wOMQpwMCrx8D6o4Q8XYk0sK67MPcQoycGkJMrLmAEU4kvKT6nMSCzOiC8qzUktPsQowcGs JMJ7YyNQjjclsbIqtSgfJiXNwaIkzlu4/3SYkEB6YklqdmpqQWoRTFaGg0NJgnfOZqBGwaLU 9NSKtMycEoQ0EwcnyHAeoOETQGp4iwsSc4sz0yHypxgVpcR580ESAiCJjNI8uF5waknliHnF KA70ijAvGzDRCPEA0xJc9yugwUxAg8ve8YIMLklESEk1ME5L8VQLu/hzH1/hzhyNhC+F66/H GRrL8qt8XjVZqUljlhlDq9k6ka9/oiPeT0z7sHiWRsv5usRdl+JmigibnzXZ7rH3yf3L81Zd NRJsCHUOi5Trrd7ce8vt/c0l9i+8zsRNS2rmsWG9yR3Rd8Oar/ZbyM/DPjtniTwr3PylodAk MWvHzjOyAUosxRmJhlrMRcWJAHVYkoIIAwAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/YHfi_JG3r7_ae0tVtej7IJuJfx4>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] An idea to go beyond 32 flags in draft-ietf-kitten-kerberos-iana-registries-03
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Apr 2016 15:19:04 -0000
On 04/13/2016 04:32 AM, Rick van Rein wrote: > (1) specifications should not follow implementations, and certainly not > confirm bad ones; > (2) limiting to 32 named bits will confirm this lowest common > denominator and increase the number of flawed implementations; > (3) after confirming a 32-bit limit, we have cut off any chance of > growing beyond this; > (4) software that is incapable of being updated is a security problem, > not something that a spec should seek to confirm; > (5) we currently cannot supply bits for experimental/private use, for > instance for development purposes; developers end up stealing bits and > the registry becomes an administration of such sins. (There is a brief earlier conversation here: http://www.ietf.org/mail-archive/web/kitten/current/msg04761.html ) (1) IETF specifications often follow implementations and take into account their limitations. The desirable outcome of IETF work is practical interoperability, not strict adherence to a waterfall model. As examples, we recently re-issued RFC 4402 as RFC 7802 because implementations screwed up the PRF count, and we are in the process of re-issuing RFC 6112 because an implementation screwed up the case of a key-derivation pepper input. (2) Heimdal and MIT krb5 both use 32-bit values for the flags fields in RFC 4120, and use those fields in public library API structures. (Shishi uses 32-bit flag values but I don't know anything about its library APIs; I don't think Microsoft has a Kerberos library API.) There isn't much danger of increasing the number of implementations with this limitation; the damage is already done. (3) Applying this rule to the registry now does not preclude changing it later. The same high implementation costs would apply regardless of how the current registry rules are set. (4) I find this argument really hyperbolic in several respects. Most importantly, there are lots of ways to extend RFC 4120 beyond adding flag values. "Flags" are just a compressed representation of boolean values; there are typically other, less efficient ways to add boolean values to the surrounding ASN.1 sequence, such as authorization-data in Ticket or padata in KDC-REQ. (5) This is a real cost, though I can't think of a historical case where an implementation has squatted on an RFC 4120 flag value. It needs to be weighed against the implementation cost of extending flag values. > The suggestion below puts some suggestive pressure towards proper > implementation, by hinting at a future with bits beyond 32, also for > experimental/private use. I don't think this suggestion has any practical benefit. Anyone who registers a flag value above 35 with a non-standards-track specification would find themselves quite disappointed in their ability to use this flag in any of the widely used krb5 implementations. > Note that allowing more bits than anticipated is purely a parsing > matter; any implementation has a limited number of flags that it can > understand, and so the only requirement is to be able to parse DER > structures with more bits than understood [...] In some cases, implementations also need to be able to re-encode flag values (particularly TicketFlags) without losing information. For instance, RFC 7751 section 4 requires KDCs to encode an EncTicketPart, which contains a TicketFlags, for the ticket surrounding a CAMMAC.
- [kitten] An idea to go beyond 32 flags in draft-i… Rick van Rein
- Re: [kitten] An idea to go beyond 32 flags in dra… Greg Hudson
- Re: [kitten] An idea to go beyond 32 flags in dra… Benjamin Kaduk
- Re: [kitten] An idea to go beyond 32 flags in dra… Rick van Rein