Re: [kitten] AD Review: draft-ietf-kitten-rfc5653bis-04
Eric Rescorla <ekr@rtfm.com> Tue, 25 July 2017 05:04 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF5AA126BF3 for <kitten@ietfa.amsl.com>; Mon, 24 Jul 2017 22:04:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9nilkgkf3N0b for <kitten@ietfa.amsl.com>; Mon, 24 Jul 2017 22:04:50 -0700 (PDT)
Received: from mail-yw0-x230.google.com (mail-yw0-x230.google.com [IPv6:2607:f8b0:4002:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92628126B7E for <kitten@ietf.org>; Mon, 24 Jul 2017 22:04:50 -0700 (PDT)
Received: by mail-yw0-x230.google.com with SMTP id l82so4056093ywc.2 for <kitten@ietf.org>; Mon, 24 Jul 2017 22:04:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rZxfidnbI0jXrVBFfzevqLbiua9uSnBR4cecLxZIqHQ=; b=d7+4lQbbOqIn6mkm3XVw1iH4FCNE5cvbabO8hGC73RGGF4Rpn8PkuSiZxZ7ltpf++w RnSYo5AM6SMjNz0YdQxBczu36q5Bsr1b+lC9sGlerPIE/ofzAfCFoiw98W+VVYwVG4Sp MarK6MS+v4BAu4KRZVS+h4UoxvIGhqnn6BkHNEyWRhk2VcCGRfwgxAxNbuEgF+9sqXvl y/dAhV7HBdx1kfLTp3nVlFJ9mhIFd+uYo/qo040YyPkw2lJxzNTIw1Oy8KNlVIUveRqD rX2O/8IxYTBwpAQiwYxJau6rU+Sb5FfWr/nl4nwS7UcZOKPuDdPhUHUnnCfuQXh4L8dM ISJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rZxfidnbI0jXrVBFfzevqLbiua9uSnBR4cecLxZIqHQ=; b=d80SEItXb+5Nh5IOrFLgFsGgwzP5GKXa7zsQXBWV2URh7on+84vmrX5lPCVWsFxR5R 7Cm6MRgSqnOrX7d6jMclbi971NY6u8Bn3Q733T9bt6AdjKI+uVr1TgJYjtrPTKMQokSe V0+HLcxbO+FyOhoHuXv4gF7xxlhn1F/O+JroMSeYj9tm91u8qruwG5R0wpN1eFhyao04 kWFPdfXCYSvRh/2RT+EGZKcRndElV861ukmEnFIdA6jpOTT3wf9YdjofOasZuDhhe3Md gQyHhaPMBjk54udaYWjYb7BBlDwh3jFPg/O6VO9AmHQzxIjE+mnGO44PP99INjlFwvmp rv6A==
X-Gm-Message-State: AIVw110FoSkMdi4T9he6BfM8Y9C1UPwpq+2yKPdCfEKs0ixypEk9+KZ2 oifqY78RoUUFWGIIzrYxdkEAuKv4LKu/
X-Received: by 10.129.70.132 with SMTP id t126mr14973411ywa.270.1500959089837; Mon, 24 Jul 2017 22:04:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.36.12 with HTTP; Mon, 24 Jul 2017 22:04:09 -0700 (PDT)
In-Reply-To: <20170718002217.GL75962@kduck.kaduk.org>
References: <CABcZeBPG-xqYj+FrPfJofvpLP-UD2PA52NrgxR_Y4nzwY4S8Uw@mail.gmail.com> <DC114106-3DAA-4CFC-B83D-EA277036AEAE@oracle.com> <CABcZeBP6+dtxoR9eib2Ymhv7fBORMnw4M+NSKN-7WG3AowVG0Q@mail.gmail.com> <20170718002217.GL75962@kduck.kaduk.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 24 Jul 2017 22:04:09 -0700
Message-ID: <CABcZeBNWQBjx5Bx-XmVfxxtsiZnUayT18EUkSxDh56i_A=vaYw@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Weijun Wang <weijun.wang@oracle.com>, kitten <kitten@ietf.org>
Content-Type: multipart/alternative; boundary="001a11484e9e5f87e105551d4500"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/g0mNc189tjnjc9LTHyKjWUQKPCw>
Subject: Re: [kitten] AD Review: draft-ietf-kitten-rfc5653bis-04
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jul 2017 05:04:53 -0000
On Mon, Jul 17, 2017 at 5:22 PM, Benjamin Kaduk <kaduk@mit.edu> wrote: > On Fri, Jul 14, 2017 at 08:57:32AM -0700, Eric Rescorla wrote: > > On Wed, Jul 12, 2017 at 8:41 PM, Weijun Wang <weijun.wang@oracle.com> > wrote: > > > > > Hi Ekr > > > > > > Please read my answers below to your original questions. > > > > > > > On Jun 18, 2017, at 2:23 AM, Eric Rescorla <ekr@rtfm.com> wrote: > > > > > > > > This document seems generally sound. There are some things about this > > > > API that confused/surprised me and seem perhaps unwise, but given > that > > > > this is a bis, I will mostly confine my review to mostly calling them > > > > out and asking you to make sure I understand and that the document is > > > > clear. > > > > > > > > OVERALL > > > > 1. What is a fatal error? > > > > The document describes exceptions as indicating "fatal errors". > > > > What does this mean for the state of the context. For instance, > > > > if I receive an exception from initSecContext(), does that mean > > > > that it is no longer possible to initiate it? Your example code > > > > seems to treat them as fatal for the context. What happens > > > > if I try to use a context after such an event? > > > > > > I’ll add a paragraph in "5.12. Error Reporting” explaining whether the > > > context is useable after an exception is thrown, for context > establishment > > > and per-message calls, respectively. Something like > > > > > > +If an exception is thrown during context establishment, the context > > > +negotiation has failed and the GSSContext object must be abandoned. > > > +If it is thrown in a per-message call, the context can remain useful. > > > > > > > > > > > > > > > 2. How do I enforce properties for received messages? > > > > I see that I can request services for context initialization > > > > (requestConf), and that I can check whether a given message > > > > was encrypted (getPrivacy) but it's not clear to me if this > > > > causes the API to enforce these rules for tokens that I > > > > receive. Is that possible or do I just need to check? > > > > > > You would have to check. Even if an established security context > already > > > has its getConfState() being true, one can still wrap a message with > > > privacy state set to false and the peer will unwrap it with success. > If the > > > peer insists only encrypted messages are allowed, she should always > check. > > > > > > This is already documented in 6.4.10. > > > > > > > > > > > 3. Are the request* flags() hard limits? E.g., if I do > > > > requestMutualAuth() do I get it or fail? > > > > > > The method does not fail itself (i.e. does not throws an exception) and > > > you need to check the result with those getXyzState() methods after the > > > context is established. > > > > > > I can add a paragraph in S 5.9, something like: > > > > > > +If any retrieved attribute does not match the desired value > > > +but it is necessary for the application protocol, the application > should > > > +destroy the security context and not use it for application traffic. > > > +Otherwise, at this point, the context can be used by the application > to > > > +apply cryptographic services to its data. > > > > > > > Sorry, I mean does the handshake fail? Or do you just hace to check. > > You have to check. The GSS-API has always been a request-and-check > type of API. > OK. I think that should be explicitly stated. > > > > > > 4. It's a little unusual to have a structure where you keep > > > > calling initSecContext or acceptContext() repeatedly. In > > > > most APIs you would do like "setRole(Server)" or > > > > "setRoleClient(), and then "Handshake(). > > > > > > Sorry but this is how GSS-API works now. > > > > > > > > > > > DETAIL > > > > S 6.1.16. > > > > Can addProviderAtFront() be used to add new providers which > > > > the API would not normally use at all? > > > > > > No, 6.1.16 already had > > > > > > Only when the indicated provider does not support > > > the needed mechanism should the GSSManager move on to a different > > > provider. > > > > > > I think this implies that a new provider added might be used at all. > > > > > > > That doesn't seem very clear to me. My point is you might have defaults > and > > then add new omnes. > > I think you could use this to slot in your custom provider that was not > part of the system Java implementation, yes. > But I don't interact with the Java GSS stuff very much. > OK. This also needs to be explicit. > > > S 5.3. > > > > gss_release_cred() is just eager, right? In any case the data will > > > > be cleaned up on GC? In any case you should make this clear. > > > > > > gss_release_cred() is eager, and there is no other guarantee the data > can > > > be automatically cleaned up. Even if GC cleaned up the GSSCredential > > > object, there might be unreleased handles underneath. > > > > > > S 6.3 already has > > > > > > When the credential is no longer needed, the application should call > > > the dispose (equivalent to gss_release_cred) method to release any > > > resources held by the credential object and to destroy any > > > cryptographically sensitive information. > > > > > > Do you think it’s necessary to append something like “An implementation > > > should not rely on garbage control or a finalize() method to dispose a > > > credential”? > > > > > > > Yes. > > > > > > > > > > > > > S 6.1.15. > > > > I wouldn't say you are "creating a previously exported context". You > > > > are either importing it or creating a new context from a previously > > > > exported one. > > > > > > Accepted. > > > > > > > > > > > S 6.2.1. > > > > > > > > // export and re-import the name > > > > byte[] exportName = mechName.export(); > > > > > > > > // create a new name object from the exported buffer > > > > GSSName newName = mgr.createName(exportName, > > > > GSSName.NT_EXPORT_NAME); > > > > > > > > This comment structure is confusing, because the first is just > > > > the export. I would change that. > > > > > > Accepted. > > > > > > > > > > > > > > > S 6.2.6. > > > > It's a bit unclear to me under what circumstances you can compare GSS > > > > names. I see you can do .equals() and export/memcmp, but can you > > > > compare strings? Perhaps after you canonicalize them? > > > > > > As Ben and I explained this is quite complicated. Can we not touch it > in > > > this bis? > > > > > > The fact that it's complicated seems like more reason to explain it. > > In some sense, you can always compare GSS names (in that the compare-name > function will not throw an exception), but the results may not always > match the expected behavior. (It's too bad that RFC 6680 didn't take the > time to summarize the state of affairs when adding naming extensions.) > I don't think we should try to provide a comprehensive review of the > state of affairs in this document, nor any normative statements (that would > only apply to implementations of the Java bindings whereas the issues > apply to all GSS-API implementations). But perhaps something like the > following would be reasonable: > > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% > > A full treatment of the behavior of GSS name comparison is outside the > scope of this work. However, applications should note that to avoid > surpising behavior, it is best to ensure that the names being compared > are either both mechanism names for the same mechanism, or both internal > names that are not mechanism names. This holds whether the .equals() > method is used directly, or the .export() method is used to generate byte > strings that are then compared byte-by-byte. > > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% > Yes, this seems fine. -Ekr
- [kitten] AD Review: draft-ietf-kitten-rfc5653bis-… Eric Rescorla
- Re: [kitten] AD Review: draft-ietf-kitten-rfc5653… Benjamin Kaduk
- Re: [kitten] AD Review: draft-ietf-kitten-rfc5653… Weijun Wang
- Re: [kitten] AD Review: draft-ietf-kitten-rfc5653… Weijun Wang
- Re: [kitten] AD Review: draft-ietf-kitten-rfc5653… Eric Rescorla
- Re: [kitten] AD Review: draft-ietf-kitten-rfc5653… Weijun Wang
- Re: [kitten] AD Review: draft-ietf-kitten-rfc5653… Eric Rescorla
- Re: [kitten] AD Review: draft-ietf-kitten-rfc5653… Weijun Wang
- Re: [kitten] AD Review: draft-ietf-kitten-rfc5653… Benjamin Kaduk
- Re: [kitten] AD Review: draft-ietf-kitten-rfc5653… Eric Rescorla
- Re: [kitten] AD Review: draft-ietf-kitten-rfc5653… Benjamin Kaduk
- Re: [kitten] AD Review: draft-ietf-kitten-rfc5653… Wang Weijun
- Re: [kitten] AD Review: draft-ietf-kitten-rfc5653… Weijun Wang
- Re: [kitten] AD Review: draft-ietf-kitten-rfc5653… Benjamin Kaduk
- Re: [kitten] AD Review: draft-ietf-kitten-rfc5653… Weijun Wang
- Re: [kitten] AD Review: draft-ietf-kitten-rfc5653… Weijun Wang
- Re: [kitten] AD Review: draft-ietf-kitten-rfc5653… Weijun Wang