Re: [kitten] Kerberos extra round trips I-D revised
Greg Hudson <ghudson@mit.edu> Wed, 12 November 2014 16:35 UTC
Return-Path: <ghudson@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1ECF31A890F for <kitten@ietfa.amsl.com>; Wed, 12 Nov 2014 08:35:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.795
X-Spam-Level:
X-Spam-Status: No, score=-4.795 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.594, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 62Ohr8eXJDnJ for <kitten@ietfa.amsl.com>; Wed, 12 Nov 2014 08:35:31 -0800 (PST)
Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E19A1A894F for <kitten@ietf.org>; Wed, 12 Nov 2014 08:35:27 -0800 (PST)
X-AuditID: 12074425-f79e46d000002583-c7-54638c4e3252
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id 13.38.09603.E4C83645; Wed, 12 Nov 2014 11:35:26 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id sACGZKK3031097; Wed, 12 Nov 2014 11:35:20 -0500
Received: from [18.101.8.234] (vpn-18-101-8-234.mit.edu [18.101.8.234]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id sACGZIjt015941 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 12 Nov 2014 11:35:19 -0500
Message-ID: <54638C46.8060203@mit.edu>
Date: Wed, 12 Nov 2014 11:35:18 -0500
From: Greg Hudson <ghudson@mit.edu>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Nico Williams <nico@cryptonector.com>
References: <20141027071704.GC14215@localhost> <alpine.GSO.1.10.1411071543280.27826@multics.mit.edu> <54624E87.8010007@mit.edu> <20141111185423.GM3412@localhost>
In-Reply-To: <20141111185423.GM3412@localhost>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrBIsWRmVeSWpSXmKPExsUixCmqrOvXkxxicGi3jMXRzatYLE5dO8Lm wOTx8tQ5Ro8lS34yBTBFcdmkpOZklqUW6dslcGU0THzDUnBKoOL34U7mBsaFvF2MnBwSAiYS D36dZISwxSQu3FvPBmILCcxmklh21byLkQvI3sgocefhXzYI5wiTxJoTp1hBqngF1CT+fell AbFZBFQlFj9eDxZnE1CWWL9/K1Ccg0NUIExi6lIeiHJBiZMzn4CViwhoSlyftxRsGbOAscSl HohWYQEbiS2X37FD7FrIKLG69RZYglNAT+L4lV52iAY9iR3Xf7FC2PISzVtnM09gFJyFZMcs JGWzkJQtYGRexSibklulm5uYmVOcmqxbnJyYl5dapGuhl5tZopeaUrqJERTA7C6qOxgnHFI6 xCjAwajEw8uxKilEiDWxrLgy9xCjJAeTkijvpI7kECG+pPyUyozE4oz4otKc1OJDjBIczEoi vP71QDnelMTKqtSifJiUNAeLkjjvph98IUIC6YklqdmpqQWpRTBZGQ4OJQlev26gRsGi1PTU irTMnBKENBMHJ8hwHqDhbSA1vMUFibnFmekQ+VOMilLivLu7gBICIImM0jy4XliCecUoDvSK MG8JSDsPMDnBdb8CGswENPhbeBLI4JJEhJRUAyMv46SkTI03R12CLqq5p/JO0ciZ9V4nOIxv q1zOqjgGA/lQXU3XNtGlmW33EiK3qy25eqR+1fZFu4oqZ6ZJt1s1sjn5F3vbnPb4Ys06/8D5 4iMdZSxnao8qvS9ruet2f940FxajO1efphlv/eGezdakO01UM+/iAfEHF/yvL7qv9+brnP7Z 55RYijMSDbWYi4oTAdAzz8MLAwAA
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/fLj4mHuZriQeX1hG5ksJ1yWhtls
Cc: kitten@ietf.org
Subject: Re: [kitten] Kerberos extra round trips I-D revised
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Nov 2014 16:35:33 -0000
On 11/11/2014 01:54 PM, Nico Williams wrote: > I thought I ripped [service name redirection] out completely in the latest > version. Did I leave stray text about it? My bad. I started reviewing -01 by mistake, then attempted to update my comments for -03, and missed that service name redirection was gone in -03. >> * Does it make any sense to put a fast-reauth ticket in a KRB-ERROR2? >> Wouldn't we want it in an AP-REP instead? (That would render it out of >> scope for this draft.) > > Two reasons: a) the server might still want rcache avoidance, b) I > wanted to avoid having to extend AP-REP (though I'd be happy to extend > it anyways). (b) is lame; (a) is not. This brings up a larger point that I previously missed: in the rcache avoidance flow with an odd number of tokens, there is no AP-REP token in the exchange. So, should rcache avoidance should use a modified KRB-ERROR or a modified AP-REP? I think using a modified AP-REP is more natural, but it does mean adding a second new message type and adding the nonce to both messages. If we do use a modified KRB-ERROR in this flow, then we need to make sure that we get all of the security properties we would get from the AP-REP. The AP-REP provides: * Mutual authentication through use of the authenticator subkey (or ticket session key if none was used). An encrypted KRB-ERROR provides this, but section 4 needs to say that an unencrypted KRB-ERROR with code KDC_ERR_NONE MUST be treated as an error by the initiator. * An acceptor subkey, which prevents whole-session replays even without a replay cache (assuming the legitimate initiator uses it for all important messages). It might be okay to omit the acceptor subkey since the nonce provides the same property, but we would definitely need some rationale. * A mirror of the authenticator timestamps, to prevent AP-REP replays. This does not seem important if an authenticator subkey was used. We could require that the initiator use an authenticator subkey. We also need to consider how this all interacts with draft-vanrein-krb5-kdh.
- [kitten] Kerberos extra round trips I-D revised Nico Williams
- Re: [kitten] Kerberos extra round trips I-D revis… Benjamin Kaduk
- Re: [kitten] Kerberos extra round trips I-D revis… Nico Williams
- Re: [kitten] Kerberos extra round trips I-D revis… Benjamin Kaduk
- Re: [kitten] Kerberos extra round trips I-D revis… Nico Williams
- Re: [kitten] Kerberos extra round trips I-D revis… Greg Hudson
- Re: [kitten] Kerberos extra round trips I-D revis… Greg Hudson
- Re: [kitten] Kerberos extra round trips I-D revis… Nico Williams
- Re: [kitten] Kerberos extra round trips I-D revis… Nico Williams
- Re: [kitten] Kerberos extra round trips I-D revis… Greg Hudson
- Re: [kitten] Kerberos extra round trips I-D revis… Nico Williams
- Re: [kitten] Kerberos extra round trips I-D revis… Nico Williams