Re: [kitten] I-D Action: draft-ietf-kitten-pkinit-freshness-01.txt

Michiko Short <> Mon, 27 April 2015 22:34 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 321621ABD35 for <>; Mon, 27 Apr 2015 15:34:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id CtnoChm0jEEt for <>; Mon, 27 Apr 2015 15:34:55 -0700 (PDT)
Received: from ( [IPv6:2a01:111:f400:fc10::1:743]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CA18A1ABD37 for <>; Mon, 27 Apr 2015 15:34:54 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Mon, 27 Apr 2015 22:34:35 +0000
Received: from ([]) by ([]) with mapi id 15.01.0148.017; Mon, 27 Apr 2015 22:34:35 +0000
From: Michiko Short <>
To: Greg Hudson <>, Sam Hartman <>
Thread-Topic: [kitten] I-D Action: draft-ietf-kitten-pkinit-freshness-01.txt
Thread-Index: AQHQXZiJ07vPZrskK0qMbSTckV74FZ0an2mggAAi1zCAAAm3AIAH5dPggD8GlGA=
Date: Mon, 27 Apr 2015 22:34:35 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <>
Accept-Language: en-US
Content-Language: en-US
authentication-results:; dkim=none (message not signed) header.d=none;
x-originating-ip: [2001:4898:80e8:ed31::4]
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BL2PR03MB210;
x-forefront-antispam-report: BMV:1; SFV:NSPM; SFS:(10019020)(6009001)(479174004)(51704005)(13464003)(377454003)(24454002)(99286002)(33656002)(74316001)(106116001)(76576001)(2656002)(86612001)(76176999)(50986999)(86362001)(54356999)(5001920100001)(2900100001)(19580405001)(19580395003)(92566002)(77156002)(93886004)(62966003)(102836002)(122556002)(230783001)(40100003)(551544002)(46102003)(5001770100001)(87936001)(2171001)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2PR03MB210;; FPR:; SPF:None; MLV:sfv; LANG:en;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5002010)(5005006)(3002001); SRVR:BL2PR03MB210; BCL:0; PCL:0; RULEID:; SRVR:BL2PR03MB210;
x-forefront-prvs: 0559FB9674
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Apr 2015 22:34:35.4064 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2PR03MB210
Archived-At: <>
Cc: "" <>
Subject: Re: [kitten] I-D Action: draft-ietf-kitten-pkinit-freshness-01.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 27 Apr 2015 22:34:57 -0000

Time for me to publish a new draft since this one is expiring. 

We found a use case in our implementation of PKInit where the client must request a freshness token or else they will get a principal not found error, so we need to keep the client behavior. I would prefer to not make that MS-PKCA Microsoft extension. It there any problem with keeping the client language as is? Also we would prefer to keep token generation limited to the public key case. Yes, we are hoping to expand the number of customers who use PKInit, but there will still be customers for a while who do not, have old servers, etc.

-----Original Message-----
From: Michiko Short 
Sent: Wednesday, March 18, 2015 1:07 PM
To: 'Greg Hudson'; Sam Hartman
Cc: Benjamin Kaduk;
Subject: RE: [kitten] I-D Action: draft-ietf-kitten-pkinit-freshness-01.txt

I think a KDC implementation can always choose to send a Freshness token, but that should be an implementation option not a requirement. Having a KDC only send the Freshness Token on client gives the option to limit generating Freshness tokens to just PKInit clients. 

-----Original Message-----
From: Greg Hudson [] 
Sent: Friday, March 13, 2015 12:26 PM
To: Michiko Short; Sam Hartman
Cc: Benjamin Kaduk;
Subject: Re: [kitten] I-D Action: draft-ietf-kitten-pkinit-freshness-01.txt

On 03/13/2015 02:55 PM, Michiko Short wrote:
> Once the tool reopens then I will submit the version without the client request behavior. 
> [Michiko Short] Creating a freshness token will be a crypto hit on the KDC, so sending freshness tokens to clients who will never use them will negatively impact KDC performance with no gains. If the PKInit client does not explicitly ask for the token, then clients using password authentication will also have freshness tokens generated and sent to them. 

That's worth considering.  Here are my thoughts:

* A freshness token doesn't have to be unique to a request or client; it just has to be unknown to an attacker far in advance of an AS exchange.
 A KDC could compute a new global freshness token every five minutes or so (by encrypting the current time in a TGS key, for instance) and use it for many requests.

* A KDC only needs to send a freshness token if it is offering PKINIT (or a future mechanism which also uses freshness tokens).  I guess it's unusual for that to be a per-client decision by the KDC; typically either the KDC is configured with PKINIT support or it isn't, and it offers PKINIT to all clients if it is.

* Is AES encryption a significant load factor on modern KDCs?  I don't have numbers for our KDC at the moment.  It probably depends a lot on whether AES-NI can be used.

* If a client wants to save the KDC the effort of computing a freshness token, it has to decide ahead of time whether it might be able to use PKINIT (or a future mechanism which also uses freshness tokens).  This is generally possible, but maybe a bit complex.