IETF Logo Mail Archive

Re: [kitten] Question about AES mode in Kerberos

Nico Williams <nico@cryptonector.com> Fri, 13 January 2023 18:48 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46701C159495 for <kitten@ietfa.amsl.com>; Fri, 13 Jan 2023 10:48:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4WtQmgRCDxGm for <kitten@ietfa.amsl.com>; Fri, 13 Jan 2023 10:48:48 -0800 (PST)
Received: from bird.elm.relay.mailchannels.net (bird.elm.relay.mailchannels.net [23.83.212.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 376DDC1524B9 for <kitten@ietf.org>; Fri, 13 Jan 2023 10:48:48 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 61E9B5C1346; Fri, 13 Jan 2023 18:48:47 +0000 (UTC)
Received: from pdx1-sub0-mail-a264.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id E11BA5C1814; Fri, 13 Jan 2023 18:48:46 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1673635727; a=rsa-sha256; cv=none; b=4S647u/cKu6QVSLnODZMByG8dfiVaejqSVxLHpQPJNajAWqg5RIyQRx5mt/dGUQ/WRyFug tFda9aYA0au6CdvUOQJfIn7GnYqoFP8aSSmgPMKj3G0dAGDWZRJpQX5KSIlMDpckJXS4eb 56wz8YOBIDi/YxUYCMheX//MfDU83+wQKO/Zav7QDsDIVnH4hvxKLFjpQLZbl1Ch2Xvz2R JXfqhJ/YzGTATVuVA1A6ThKfwkCM+IIhrOt1Aqpkxj+bW4g88oJVQY10xOK6c9QmocAw/f qhxJRFZ9C1cwNI1hduvmLKi7FsS4t5oqVfDaSefWHgUE6ro5tubP6o/4bP4ypg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1673635727; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:dkim-signature; bh=NfhPD5MWwbQjv4jah8dwNG2HQ3hjZeppgWMOOcwa5tM=; b=Qk5e1AkVgJf1MyTp4yiO9PbXnlTNbRoSNydmVJtENeqd5Bs1TMHpXlVtSVTKMkGVFx8Qos lv3O6f+HkXGEMUNGbqkCCnEL512yBiH1oZe5gaBFpilSVzC/5YqOZKj48C8ueWkHpuMEBS eGftcTtwU6tlkLuQ/PM/e7nQKztf9BXNx/WV8uEEvBmiShL0v8PTaeMTh/HhuX0ZKeORPJ K6zKJENeiJhepMGVPxSMbOryoBTFsw+u56n/ZoPgsPnTYLRScufstyeTxIHVBNE5hgigDY o3D9vbYOizGsg+1O/VoFlwBAAGIppMx8wi1g2+URKst2/BUGf5Y2yxtP3GsTMg==
ARC-Authentication-Results: i=1; rspamd-7cf955c847-b2tfg; auth=pass smtp.auth=dreamhost smtp.mailfrom=nico@cryptonector.com
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Ruddy-Cooing: 420d33f901cc8d32_1673635727215_3664191608
X-MC-Loop-Signature: 1673635727215:3864068275
X-MC-Ingress-Time: 1673635727215
Received: from pdx1-sub0-mail-a264.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.120.227.166 (trex/6.7.1); Fri, 13 Jan 2023 18:48:47 +0000
Received: from gmail.com (cpe-66-25-27-1.tx.res.rr.com [66.25.27.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a264.dreamhost.com (Postfix) with ESMTPSA id 4Ntr6P6lRYz8T; Fri, 13 Jan 2023 10:48:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptonector.com; s=dreamhost; t=1673635726; bh=NfhPD5MWwbQjv4jah8dwNG2HQ3hjZeppgWMOOcwa5tM=; h=Date:From:To:Cc:Subject:Content-Type; b=OBz/e5ethRTgocxIP/NyWVzdjtrkiBGkxddnpZlVGAj8lKea9hwDQkt6yKlZ+rUke EUqlIRikKGBywfUcIAzQIdxMDbD8HEu5MVmSi6bxTAnUGWzBMuryXCRBU8oT2VSae3 uZM5tEcDSR6tf5Iq30PwiJfaHygKDzvr0pmvUdf3sXRNoPBoFc/Q8BnDpiUQ4MaHYn VuHwhnFi6lYEeRUteqHavm2aIb4yEoA71rvhCFZh+lMz/hpEUnp1/pWFH4su7XDvIj I44lMihJ/ioGNYmPQStqTw+Z7CCbmbPwK6ywz0HJdJtAhlAO+dPAYImey+HFDrS4ws ++65WxkUDL0OA==
Date: Fri, 13 Jan 2023 12:48:42 -0600
From: Nico Williams <nico@cryptonector.com>
To: Greg Hudson <ghudson@mit.edu>
Cc: Olga Kornievskaia <aglo@umich.edu>, Luke Howard Bentata <lukeh=40padl.com@dmarc.ietf.org>, "kitten@ietf.org" <kitten@ietf.org>
Message-ID: <Y8GnikmipD1G68HJ@gmail.com>
References: <CAN-5tyGGJXoo9RfKEGTsk8XeQDpZ--VSnO7nunzvnBBzrRB0WQ@mail.gmail.com> <558f31de-7fac-26c7-fe81-8e486968f0ef@secure-endpoints.com> <7B46A5A4-4415-4627-B964-44F2516D84FE@padl.com> <9464B1FF-6784-4D59-A4F6-1B5D58C2B94F@padl.com> <CAN-5tyE4eau116TkDLbvn+pTOjK_C+WEvi9SnUELr+4riTpZcw@mail.gmail.com> <cb3ff38f-7e62-0711-9a6c-50a96b571e2d@mit.edu> <CAN-5tyFA41VMz_3tBmh+FeefBBJOxfi1AoUCqUkRHR3z43qrKg@mail.gmail.com> <9bf334b8-cdde-b5a2-608f-6dbb4a353aa2@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <9bf334b8-cdde-b5a2-608f-6dbb4a353aa2@mit.edu>
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/a7BB_3D9m4GrxOm2DCeW3iFvYYs>
Subject: Re: [kitten] Question about AES mode in Kerberos
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jan 2023 18:48:52 -0000

On Mon, Jan 09, 2023 at 05:55:24PM -0500, Greg Hudson wrote:
> On 1/9/23 15:25, Olga Kornievskaia wrote:
> > May I ask a stupid question? Is there something inherently different
> > about nonce handling/producing in Kerberos that's different from TLS?
> 
> The symmetric encryption facilities in TLS are in service only to the
> channel protocol.  TLS is regularly used to carry large amounts of data in a
> variety of application protocols.
> 
> The symmetric encryption facilities in Kerberos are in service primarily to
> the stateless authentication protocol, which uses long-term keys. Kerberos
> channel protocols exist (KRB-PRIV and GSS), using the same encryption
> facilities, but they are used less widely than the authentication protocol
> and much less widely than TLS.

That GSS is less widely used than TLS for bulk is not a reason not to
make GSS performant for bulk.

Unless we want to deprecate GSS-API.  Which we well could.  As the world
moves to JWT-like authentication systems (i.e., single-token, half round
trip systems with no key exchange) GSS becomes quainter and quainter as
anything other than an API for TLS in the same way that SSPI
-Microsoft's GSS equivalent- is an API for TLS in SChannel.

As far as _Internet_ protocols go, the only ones that use GSS for bulk
are FTP and NFS, with FTP being practically obsolete and NFS moving to
TLS.  But there are proprietary protocols that use GSS too.

Nico
--

v2.23.0 | Report a Bug | By Email