IETF Logo Mail Archive

Re: [kitten] Kerberos preauth negotiation techniques

Simo Sorce <simo@redhat.com> Wed, 18 February 2015 14:35 UTC

Return-Path: <simo@redhat.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FB841A87DE for <kitten@ietfa.amsl.com>; Wed, 18 Feb 2015 06:35:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gsxsPY-LeH0A for <kitten@ietfa.amsl.com>; Wed, 18 Feb 2015 06:35:34 -0800 (PST)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E73D1A8833 for <kitten@ietf.org>; Wed, 18 Feb 2015 06:35:34 -0800 (PST)
Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t1IEZXne029535 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 18 Feb 2015 09:35:33 -0500
Received: from [10.3.113.54] (ovpn-113-54.phx2.redhat.com [10.3.113.54]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t1IEZWRB011269; Wed, 18 Feb 2015 09:35:33 -0500
Message-ID: <1424270132.6980.14.camel@willson.usersys.redhat.com>
From: Simo Sorce <simo@redhat.com>
To: Nathaniel McCallum <npmccallum@redhat.com>
Date: Wed, 18 Feb 2015 09:35:32 -0500
In-Reply-To: <1424269360.2547.6.camel@redhat.com>
References: <x7da90k47ox.fsf@equal-rites.mit.edu> <1424189675.2645.23.camel@redhat.com> <20150217173713.GI5246@localhost> <1424195899.2645.36.camel@redhat.com> <20150217195815.GJ5246@localhost> <1424209200.2645.54.camel@redhat.com> <1424268216.6980.1.camel@willson.usersys.redhat.com> <1424269360.2547.6.camel@redhat.com>
Organization: Red Hat, Inc.
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/geE01SK6bJsbQjvyV0LFBjEV2iI>
Cc: kitten@ietf.org
Subject: Re: [kitten] Kerberos preauth negotiation techniques
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Feb 2015 14:35:36 -0000

On Wed, 2015-02-18 at 09:22 -0500, Nathaniel McCallum wrote:
> On Wed, 2015-02-18 at 09:03 -0500, Simo Sorce wrote:
> > On Tue, 2015-02-17 at 16:40 -0500, Nathaniel McCallum wrote:
> > > On Tue, 2015-02-17 at 13:58 -0600, Nico Williams wrote:
> > > > On Tue, Feb 17, 2015 at 12:58:19PM -0500, Nathaniel McCallum 
> > > > wrote:
> > > > > On Tue, 2015-02-17 at 11:37 -0600, Nico Williams wrote:
> > > > > > On Tue, Feb 17, 2015 at 11:14:35AM -0500, Nathaniel McCallum
> > > > > > wrote:
> > > > > > > I see 1 and 3 as the only good options. Having to register
> > > > > > > group parameters instead of using OIDs is a deal-breaker 
> > > > > > > in my book.
> > > > > > 
> > > > > > I also prefer not to have to add registration of groups.  
> > > > > > I'm not sure that I want to have any support for negotiable 
> > > > > > group parameters though, if that's what you meant.  I'd 
> > > > > > rather have well-known curves (groups) suitable for discrete 
> > > > > > codepoint
> > > > > > assignments regardless of whether we have/need a registry.
> > > > > 
> > > > > That was not what I meant. I meant parameters of the exchange. 
> > > > > Current parameters are:
> > > > > * PAKE method (currently: SPAKE and JPAKE; needs registration)
> > > > > * Group (currently: only standardized elliptic curve groups)
> > > > > * Hash (currently: MD5, SHA1, SHA2-*)
> > > > 
> > > > [I covered that elsewhere.]  Assuming these are all orthogonal 
> > > > (they should be), then pseudo-enctypes work, but need a 
> > > > registry.  OIDs are much better (though larger) because we can 
> > > > then outsource the registry to CFRG and friends.
> > > 
> > > In the current code, the actual key is generated by a hash of: 1. 
> > > the shared EC point: K
> > > 2. the client principal
> > I wonder ^^^ if this is problematic when canonicalization is 
> > requested ?
> > 
> > Simo.
> 
> I'm not sure. I hash whatever is in krb5_kdc_req.client.

Ok, as long as client and server are using the same name it is fine, but
it should probably be spelled out clearly that this is not the canonical
principal name but whatever name the client used.

> > > 3. the server principal
> > > 4. all padata sent or received
> 
> I forgot to mention:
> 5. The long term key used in the PAKE

Thanks, I thought something was amiss here :)

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

v2.23.0 | Report a Bug | By Email