Re: [kitten] Secdir last call review of draft-ietf-kitten-krb-spake-preauth-09
Greg Hudson <ghudson@mit.edu> Sat, 28 May 2022 06:21 UTC
Return-Path: <ghudson@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41DB7C14792E; Fri, 27 May 2022 23:21:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.954
X-Spam-Level:
X-Spam-Status: No, score=-8.954 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.857, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y8mWLxL3inDb; Fri, 27 May 2022 23:21:23 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1AF5C14F74A; Fri, 27 May 2022 23:21:14 -0700 (PDT)
Received: from [18.30.131.8] ([18.30.131.8]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 24S6L9iv007185 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Sat, 28 May 2022 02:21:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1653718872; bh=ulcwWdd91X8LvkQN7IfQk0WpTWs7otnxeOR/EFiLtZM=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=b/GpivTcGCSgbGtJ8YrdHVp+bdK7oMAfBRB2dx988SnDc+uTxpyAtUtf+kR3Xr1QP MBQMEko3/NPU3wq2d3rGsFrySeuoxoV44/wvfvVluMcobsG3LZ/3J52/rCTWHtMjmy UjOx/5ghFaZvCo1lzChpGI+vsudvFAMdaIYKohN1lpm8rQU4BzPEKbkEC0MCWuontQ eXPsT6wuIKibxJOtiAkDWswr71E9A1aDmMIerOZxuMjZ5sqwDC7P7Z22n6n9A4cwtR 6wtyypBDVIG6qyJkoZ2LbHoDC10m38k8bYmqMx3Yep1voWI4BZUblj6/+u3trcSH2U dgnWgHbqfxxTQ==
Message-ID: <35c2359f-b2fc-e315-1462-b4a3cf7327ca@mit.edu>
Date: Sat, 28 May 2022 02:21:09 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Content-Language: en-US
To: Barry Leiba <barryleiba@computer.org>, secdir@ietf.org
Cc: draft-ietf-kitten-krb-spake-preauth.all@ietf.org, kitten@ietf.org, last-call@ietf.org
References: <165349776624.43106.2538340888387044270@ietfa.amsl.com>
From: Greg Hudson <ghudson@mit.edu>
In-Reply-To: <165349776624.43106.2538340888387044270@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/fERr0cJxXnwlOiX4PKcgDPmYpSY>
Subject: Re: [kitten] Secdir last call review of draft-ietf-kitten-krb-spake-preauth-09
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 May 2022 06:21:28 -0000
Thanks for the review. I am working on an update to address this feedback; here are answers where the feedback asked questions. On 5/25/22 12:56, Barry Leiba via Datatracker wrote:> Clients and KDCs MUST implement the > edwards25519 group, but MAY choose not to offer or accept it by > default. > > How can one tell, externally, whether edwards25519 is not implemented, or > simply is being refused? One cannot tell from the another endpoint. The goal of this mandatory-to-implement provision is to ensure that any two SPAKE preauth implementations can be configured to interoperate. This is similar to analagous requirements in TLS (RFC 5246 section 9 and 8446 section 9.2), although those document stop at mandating implementation. > Upon receipt of this AS-REQ, a KDC which > requires pre-authentication and supports SPAKE SHOULD reply with a > KDC_ERR_PREAUTH_REQUIRED error, with METHOD-DATA containing an empty > PA-SPAKE PA-DATA element > > SHOULD? Why might it not? What happens if it doesn’t? (So, why isn’t it > MUST, and how can an implementor decide whether it’s OK not to?) A principal might be configured to require specific pre-authentication mechanisms. Or a principal might have no associated long-term keys, in which case only preauth mechanisms like PKINIT or FAST OTP (which do not use long-term keys) can be offered. > I do wonder, in Section 10.5, why “client implementations SHOULD provide a > configuration option to disable encrypted timestamp on a per-realm basis”, > rather than having encrypted timestamp disabled by default, and saying that > they MAY provide an option to enable it on a per-realm basis. Keep in mind > that I’m not an expert here, so please just tell me if it’s obvious that that > can’t work, or some such. That feels ambitious for a SHOULD. In an optimistic future it might eventually make sense to disable encrypted timestamp by default, but I don't think a client implementation could reasonably do so in the short or medium term.
- [kitten] Secdir last call review of draft-ietf-ki… Barry Leiba via Datatracker
- Re: [kitten] Secdir last call review of draft-iet… Greg Hudson