IETF Logo Mail Archive

Re: [secdir] Security review of draft-ietf-kitten-gssapi-channel-bindings-06

Jeffrey Hutzelman <jhutz@cmu.edu> Wed, 01 April 2009 14:14 UTC

Return-Path: <jhutz@cmu.edu>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1DA9F3A6D5A for <kitten@core3.amsl.com>; Wed, 1 Apr 2009 07:14:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.965
X-Spam-Level:
X-Spam-Status: No, score=-5.965 tagged_above=-999 required=5 tests=[AWL=0.634, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NQIqC3pJ517q for <kitten@core3.amsl.com>; Wed, 1 Apr 2009 07:14:20 -0700 (PDT)
Received: from jackfruit.srv.cs.cmu.edu (JACKFRUIT.SRV.CS.CMU.EDU [128.2.201.16]) by core3.amsl.com (Postfix) with ESMTP id 00B6C3A67E1 for <kitten@ietf.org>; Wed, 1 Apr 2009 07:14:19 -0700 (PDT)
Received: from [192.168.1.108] (ATLANTIS-HOME.PC.CS.CMU.EDU [128.2.184.185]) (authenticated bits=0) by jackfruit.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n31EF75J015692 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 1 Apr 2009 10:15:08 -0400 (EDT)
Date: Wed, 01 Apr 2009 10:15:08 -0400
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: canetti <canetti@post.tau.ac.il>, secdir@mit.edu, kitten@ietf.org, Ran Canetti <canetti@csail.mit.edu>
Subject: Re: [secdir] Security review of draft-ietf-kitten-gssapi-channel-bindings-06
Message-ID: <FB6FB592364F1BA21463888C@atlantis.pc.cs.cmu.edu>
In-Reply-To: <200904010920.n319KOb5006961@mx03.srv.cs.cmu.edu>
References: <200904010920.n319KOb5006961@mx03.srv.cs.cmu.edu>
X-Mailer: Mulberry/4.0.8 (Linux/x86)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Scanned-By: mimedefang-cmuscs on 128.2.201.16
Cc: jhutz@cmu.edu
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2009 14:14:21 -0000

--On Wednesday, April 01, 2009 12:20:06 PM +0300 canetti 
<canetti@post.tau.ac.il> wrote:

>
>
>
>    *I have reviewed this document as part of the security directorate's
>    *ongoing effort to review all IETF documents being processed by the
>    *IESG.  These comments were written primarily for the benefit of the
>    *security area directors.  Document editors and WG chairs should treat
>    *these comments just like any other last call comments.
>
>
> This is a very short document. It describes a more generic way of
> formatting the API for channel bindings. The move to a more generic
> format  is welcome. One potential objection here, however, is to the
> requirement  that compliant implementations MUST interpret the API as
> having the new  format. This may have backwards compatibility issues, and
> for no apparent  good reason. It might be better to specify the format so
> that an  implementation will be able to take also older API formats.
> (Since this is not an interoperability or security-sensitive issue, there
> seems to be no reason for the IETF to MANDATE one way over another.)

Since it's the only one that applies to implementatios, I assume you're 
referring to the requirement that, when bindings of the GSS-API to a 
particular programming language model channel bindings as octet strings, 
the input be treated as corresponding only to the application-data portion 
of the channel bindings structure rather than some (unspecified) encoding 
of the channel bindings structure.

This requirement is needed for interoperability.  GSS-API mechanisms 
supporting channel bindings are responsible for checking that the channel 
bindings claimed by the initiator and acceptor are the same, and failing 
the authentication process otherwise.  This is typically done by 
transferring an integrity-protected copy of the channel bindings data or a 
hash thereof.  Naturally, for this to work it is important that when the 
channel bindings are actually the same, so are the data strings used by the 
mechanism implementations at both ends.  More generally, it is important 
that for any given set of channel binding data, the data string used to 
represent that data by any given mechanism always be the same.

This is accomplished at three layers...

- By defining abstract interfaces between GSS-API applications and the
  GSS-API framework or mechanism, including what information about channel
  bindings must be passed down.  This is done in RFC2743, updated and
  clarified by the present document.

- By defining concrete bindings to the abstract interfaces in various
  specific programming languages.  This is done in RFC2744 for C, and
  by RFC2853 (to be updated by a current KITTEN document) for Java.

- By defining, for each mechanism, the procedure for transforming the
  abstract channel binding information into a particular octet string
  used to verify channel bindings on the wire.


What the present requirement is about is insuring that, when the concrete 
bindings for a particular language provide only for a single octet string 
rather than for all of the elements in the GSS-CHANNEL-BINDINGS structure, 
the interpretation of that octet string is consistent from one 
implementation to the next.


Note that this is not a change to the API; it is a clarification which 
improves interoperability by requiring all implementations of an ambiguous 
API to resolve the ambiguity in the same way.

-- Jeff

v2.23.0 | Report a Bug | By Email