Re: [secdir] Security review of draft-ietf-kitten-gssapi-channel-bindings-06
Jeffrey Hutzelman <jhutz@cmu.edu> Wed, 01 April 2009 14:14 UTC
Return-Path: <jhutz@cmu.edu>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1DA9F3A6D5A for <kitten@core3.amsl.com>; Wed, 1 Apr 2009 07:14:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.965
X-Spam-Level:
X-Spam-Status: No, score=-5.965 tagged_above=-999 required=5 tests=[AWL=0.634, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NQIqC3pJ517q for <kitten@core3.amsl.com>; Wed, 1 Apr 2009 07:14:20 -0700 (PDT)
Received: from jackfruit.srv.cs.cmu.edu (JACKFRUIT.SRV.CS.CMU.EDU [128.2.201.16]) by core3.amsl.com (Postfix) with ESMTP id 00B6C3A67E1 for <kitten@ietf.org>; Wed, 1 Apr 2009 07:14:19 -0700 (PDT)
Received: from [192.168.1.108] (ATLANTIS-HOME.PC.CS.CMU.EDU [128.2.184.185]) (authenticated bits=0) by jackfruit.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n31EF75J015692 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 1 Apr 2009 10:15:08 -0400 (EDT)
Date: Wed, 01 Apr 2009 10:15:08 -0400
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: canetti <canetti@post.tau.ac.il>, secdir@mit.edu, kitten@ietf.org, Ran Canetti <canetti@csail.mit.edu>
Subject: Re: [secdir] Security review of draft-ietf-kitten-gssapi-channel-bindings-06
Message-ID: <FB6FB592364F1BA21463888C@atlantis.pc.cs.cmu.edu>
In-Reply-To: <200904010920.n319KOb5006961@mx03.srv.cs.cmu.edu>
References: <200904010920.n319KOb5006961@mx03.srv.cs.cmu.edu>
X-Mailer: Mulberry/4.0.8 (Linux/x86)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Scanned-By: mimedefang-cmuscs on 128.2.201.16
Cc: jhutz@cmu.edu
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2009 14:14:21 -0000
--On Wednesday, April 01, 2009 12:20:06 PM +0300 canetti <canetti@post.tau.ac.il> wrote: > > > > *I have reviewed this document as part of the security directorate's > *ongoing effort to review all IETF documents being processed by the > *IESG. These comments were written primarily for the benefit of the > *security area directors. Document editors and WG chairs should treat > *these comments just like any other last call comments. > > > This is a very short document. It describes a more generic way of > formatting the API for channel bindings. The move to a more generic > format is welcome. One potential objection here, however, is to the > requirement that compliant implementations MUST interpret the API as > having the new format. This may have backwards compatibility issues, and > for no apparent good reason. It might be better to specify the format so > that an implementation will be able to take also older API formats. > (Since this is not an interoperability or security-sensitive issue, there > seems to be no reason for the IETF to MANDATE one way over another.) Since it's the only one that applies to implementatios, I assume you're referring to the requirement that, when bindings of the GSS-API to a particular programming language model channel bindings as octet strings, the input be treated as corresponding only to the application-data portion of the channel bindings structure rather than some (unspecified) encoding of the channel bindings structure. This requirement is needed for interoperability. GSS-API mechanisms supporting channel bindings are responsible for checking that the channel bindings claimed by the initiator and acceptor are the same, and failing the authentication process otherwise. This is typically done by transferring an integrity-protected copy of the channel bindings data or a hash thereof. Naturally, for this to work it is important that when the channel bindings are actually the same, so are the data strings used by the mechanism implementations at both ends. More generally, it is important that for any given set of channel binding data, the data string used to represent that data by any given mechanism always be the same. This is accomplished at three layers... - By defining abstract interfaces between GSS-API applications and the GSS-API framework or mechanism, including what information about channel bindings must be passed down. This is done in RFC2743, updated and clarified by the present document. - By defining concrete bindings to the abstract interfaces in various specific programming languages. This is done in RFC2744 for C, and by RFC2853 (to be updated by a current KITTEN document) for Java. - By defining, for each mechanism, the procedure for transforming the abstract channel binding information into a particular octet string used to verify channel bindings on the wire. What the present requirement is about is insuring that, when the concrete bindings for a particular language provide only for a single octet string rather than for all of the elements in the GSS-CHANNEL-BINDINGS structure, the interpretation of that octet string is consistent from one implementation to the next. Note that this is not a change to the API; it is a clarification which improves interoperability by requiring all implementations of an ambiguous API to resolve the ambiguity in the same way. -- Jeff
- Security review of draft-ietf-kitten-gssapi-chann… canetti
- Re: [secdir] Security review of draft-ietf-kitten… Jeffrey Hutzelman
- Re: Security review of draft-ietf-kitten-gssapi-c… Nicolas Williams
- Re: Security review of draft-ietf-kitten-gssapi-c… canetti