IETF Logo Mail Archive

Re: [kitten] Question about AES mode in Kerberos

Olga Kornievskaia <aglo@umich.edu> Fri, 06 January 2023 14:48 UTC

Return-Path: <olga.kornievskaia@gmail.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06F95C151716 for <kitten@ietfa.amsl.com>; Fri, 6 Jan 2023 06:48:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.496
X-Spam-Level:
X-Spam-Status: No, score=-1.496 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IVEsr6uQhvba for <kitten@ietfa.amsl.com>; Fri, 6 Jan 2023 06:48:23 -0800 (PST)
Received: from mail-pg1-x52f.google.com (mail-pg1-x52f.google.com [IPv6:2607:f8b0:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BCD5C14CF07 for <kitten@ietf.org>; Fri, 6 Jan 2023 06:48:23 -0800 (PST)
Received: by mail-pg1-x52f.google.com with SMTP id s67so1298366pgs.3 for <kitten@ietf.org>; Fri, 06 Jan 2023 06:48:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=MZtTj5WuYgL5cJ3PnJH5VwGZ0w4KDiUAfqpnBWWxJLk=; b=Qmqfw4qXOYxABDtqMGrRqC1ajSFxGyu8J+pt3ZDXNRJP3ROHGzmT93CraHU6hGra6G M+cSmlcnd0J5hjpWG+x8Fx+A3ABl0JG8RYzwZ7knykLww0kCDofr00h02Q/1qum0XVbI Yp6ZdCssL6DhZ1k4+aVfAVUH73oq4nC7yybE94s8sOXgOd3zG16AxyuvFXp0wIV8MmHJ +6ZCDFsnCgyQ69rZYHb/jnkeh0z+rYrrMbSnrp5O1kIfUcTAkYo1eMi3xeALIQBCcjhd 0rMQkPJO86Cj7Iz6g5BntGOMXpMaZbcc8JxFAtkrgqiibPZHpGoNnhg75Q2MDvVAit0w AJDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MZtTj5WuYgL5cJ3PnJH5VwGZ0w4KDiUAfqpnBWWxJLk=; b=7GE7iuMsOZcS7YldMeUOZCKjsgXu7CTdhxPDIXU6PIbCCnQwbus/0dFBm7E1pq1V4g xr6rJnoy5w5NsmDm1EdPYCey0G8U+Wp3V8/PpT1QRmw+0jFmu1P8n6Vod4diA+OGPsh7 zBAAYjsr0Dxbm2RPXr2YrZk3qEUNKwM0tCBWLOu4Bzalr6Z/156o8y7U/Si+qimG/hMy w+HDIXQq+CU+dcjgXrrRAJABosq1cuhLjE6Kh0JNtQQJKtBXKcT5ujUQZZ1kKr3AvQev hqRkVmOfiIzR6JIHsBX5DtGVsx/G9tF1S9rWcdONyc39GA4m9Ji1SI2hsCv9QEWTc5di 60Vw==
X-Gm-Message-State: AFqh2krFgTnoav4fD34xZ8uwSS5pT6lf9f9e0YvDC+LvDJdKiDGjCeIe e6En/1WeMCFgrIXGbEDOVeTuf1ttV2C+mvvEmPeVaAEA
X-Google-Smtp-Source: AMrXdXu94ockxiOBJ2SRuntMe9jJCM8dRzjQZ6gdtGU6HYYntxKYc8u5CsCcAcsGRY94Tsafh5Ibh+zOW9VRKCqEMO4=
X-Received: by 2002:a62:170c:0:b0:580:bff8:2589 with SMTP id 12-20020a62170c000000b00580bff82589mr2909823pfx.39.1673016502802; Fri, 06 Jan 2023 06:48:22 -0800 (PST)
MIME-Version: 1.0
References: <CAN-5tyGGJXoo9RfKEGTsk8XeQDpZ--VSnO7nunzvnBBzrRB0WQ@mail.gmail.com> <558f31de-7fac-26c7-fe81-8e486968f0ef@secure-endpoints.com> <7B46A5A4-4415-4627-B964-44F2516D84FE@padl.com> <9464B1FF-6784-4D59-A4F6-1B5D58C2B94F@padl.com>
In-Reply-To: <9464B1FF-6784-4D59-A4F6-1B5D58C2B94F@padl.com>
From: Olga Kornievskaia <aglo@umich.edu>
Date: Fri, 06 Jan 2023 09:48:11 -0500
Message-ID: <CAN-5tyE4eau116TkDLbvn+pTOjK_C+WEvi9SnUELr+4riTpZcw@mail.gmail.com>
To: Luke Howard Bentata <lukeh=40padl.com@dmarc.ietf.org>
Cc: Jeffrey Altman <jaltman@secure-endpoints.com>, "kitten@ietf.org" <kitten@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/_I1tu1wW70mzPCayZSe7VnMrDu8>
Subject: Re: [kitten] Question about AES mode in Kerberos
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jan 2023 14:48:27 -0000

I know you can't speak for them but what are the chances that MIT's
implementation would support it as well. RHEL distro uses MIT kerberos
and nfs-utils are linked with that. We would also need to work on the
linux NFS kernel implementation to support AES-GCM but it doesn't make
sense to do it until that crypto is negotiated by the KDC.

On Wed, Jan 4, 2023 at 7:56 PM Luke Howard Bentata
<lukeh=40padl.com@dmarc.ietf.org> wrote:
>
> I’d be happy to refresh the drafts and implementation but, chances are they’d just sit on the shelf for another seven years. I’d want to see some interest from at least two parties before putting the time in.
>
> On 4 Jan 2023, at 10:14 am, Luke Howard <lukeh=40padl.com@dmarc.ietf.org> wrote:
>
> FYI you can find (expired) Internet Drafts here:
>
> https://www.ietf.org/archive/id/draft-howard-krb-aead-00.txt
> https://www.ietf.org/archive/id/draft-howard-gssapi-aead-00.txt
>
> I can’t recall offhand if I tweaked the protocol post writing the drafts.
> _______________________________________________
> Kitten mailing list
> Kitten@ietf.org
> https://www.ietf.org/mailman/listinfo/kitten
>
>
> _______________________________________________
> Kitten mailing list
> Kitten@ietf.org
> https://www.ietf.org/mailman/listinfo/kitten

v2.23.0 | Report a Bug | By Email