Re: Security review of draft-ietf-kitten-gssapi-channel-bindings-06
canetti <canetti@post.tau.ac.il> Sat, 04 April 2009 14:36 UTC
Return-Path: <canetti@post.tau.ac.il>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 583AA3A69B1 for <kitten@core3.amsl.com>; Sat, 4 Apr 2009 07:36:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.53
X-Spam-Level:
X-Spam-Status: No, score=-1.53 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DATE_IN_PAST_06_12=1.069]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hwu2EptXz0lF for <kitten@core3.amsl.com>; Sat, 4 Apr 2009 07:36:18 -0700 (PDT)
Received: from doar.tau.ac.il (gate.tau.ac.il [132.66.16.26]) by core3.amsl.com (Postfix) with ESMTP id 189AE3A6860 for <kitten@ietf.org>; Sat, 4 Apr 2009 07:36:17 -0700 (PDT)
Received: from [192.168.0.101] (c-98-224-221-50.hsd1.mi.comcast.net [98.224.221.50]) by doar.tau.ac.il (Postfix) with ESMTP id 9A753BEFA; Sat, 4 Apr 2009 17:37:17 +0300 (IDT)
Message-ID: <49D70E1A.7050306@post.tau.ac.il>
Date: Sat, 04 Apr 2009 10:36:58 +0300
From: canetti <canetti@post.tau.ac.il>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: Nicolas Williams <Nicolas.Williams@sun.com>
Subject: Re: Security review of draft-ietf-kitten-gssapi-channel-bindings-06
References: <49D331C6.7000407@post.tau.ac.il> <20090401213536.GT9992@Sun.COM>
In-Reply-To: <20090401213536.GT9992@Sun.COM>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: kitten@ietf.org, secdir@mit.edu, Ran Canetti <canetti@csail.mit.edu>
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Apr 2009 14:36:19 -0000
Thanks Jeff and Nico for the tutorial. The current specification does seem very reasonable. Best, Ran Nicolas Williams wrote: > On Wed, Apr 01, 2009 at 12:20:06PM +0300, canetti wrote: >> *I have reviewed this document as part of the security directorate's >> *ongoing effort to review all IETF documents being processed by the >> *IESG. These comments were written primarily for the benefit of the >> *security area directors. Document editors and WG chairs should treat >> *these comments just like any other last call comments. > > Thanks! > > I know that Jeff has already answered this... > >> This is a very short document. It describes a more generic way of >> formatting the API for channel bindings. The move to a more generic >> format is welcome. One potential objection here, however, is to the >> requirement that compliant implementations MUST interpret the API as >> having the new format. This may have backwards compatibility issues, >> and for no apparent good reason. It might be better to specify the >> format so that an implementation will be able to take also older API >> formats. (Since this is not an interoperability or security-sensitive >> issue, there seems to be no reason for the IETF to MANDATE one way >> over another.) > > Let's pick a programming language, say, Python, and suppose that the > Python bindings of the GSS-API followed RFC2743 with regards to channel > binding. > > An implementation of those bindings AND of the Kerberos V > GSS-API mechanism (RFCs 1964 and 4121) would have to decide how to map > the RFC2743 "OCTET STRING" channel binding input to the mechanism's > channel binding (which is defined in terms of RFC2744's > gss_channel_bindings_struct C struct rather than "OCTET STRING"). Two > implementations of such bindings would fail to interop when using > channel bindings if the implementors decided this matter differently. > > Worse, suppose that you had a Python bindings implementation that mapped > the RFC2743 OCTET STRING channel binding input to then initiator_address > field of the RFC2744 gss_channel_bindings_struct C struct. Then you > could not interop with C implementations of the same application > protocol when using channel binding[*]. > > IMO the only reasonable decision for the implementors would be to map > the RFC2743 OCTET STRING channel binding input to the RFC2744 > application_data field of gss_channel_bindings_struct. And indeed, this > may require changing some of the putative implementations of the > putative Python bindings of the GSS-API. I don't see any alternatives. > > [*] Only RFC2744 application_data makes sense for channel binding > nowadays. Use of network addresses for channel binding was long ago > abandoned -- think of NATs :( -- and anyways, channel binding > to cryptographically secure channels makes much sense, while channel > binding to network addresses does not make much sense at all. > > Nico
- Security review of draft-ietf-kitten-gssapi-chann… canetti
- Re: [secdir] Security review of draft-ietf-kitten… Jeffrey Hutzelman
- Re: Security review of draft-ietf-kitten-gssapi-c… Nicolas Williams
- Re: Security review of draft-ietf-kitten-gssapi-c… canetti