IETF Logo Mail Archive

[kitten] RFC5801bis: relaxing GS2 requirements

Simon Josefsson <simon@josefsson.org> Mon, 03 March 2014 13:04 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E661A1A0011 for <kitten@ietfa.amsl.com>; Mon, 3 Mar 2014 05:04:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uNxfQoG_v-7q for <kitten@ietfa.amsl.com>; Mon, 3 Mar 2014 05:04:47 -0800 (PST)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) by ietfa.amsl.com (Postfix) with ESMTP id 6425F1A0005 for <kitten@ietf.org>; Mon, 3 Mar 2014 05:04:47 -0800 (PST)
Received: from latte.josefsson.org (46.182.205.36.c.fiberdirekt.net [46.182.205.36]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id s23D4f6Z001711 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for <kitten@ietf.org>; Mon, 3 Mar 2014 14:04:42 +0100
X-Hashcash: 1:22:140303:kitten@ietf.org::ojDXM/QttDtmw/rW:FtyV
From: Simon Josefsson <simon@josefsson.org>
To: kitten@ietf.org
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
Date: Mon, 03 Mar 2014 14:04:36 +0100
Message-ID: <87ob1n5t7f.fsf@latte.josefsson.org>
User-Agent: Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: clamav-milter 0.97.8 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/kXB9g7xZJs9N7_BQ7byXFToYc0Y
Subject: [kitten] RFC5801bis: relaxing GS2 requirements
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Mar 2014 13:04:50 -0000

All,

I've prepared a new version of RFC 5801 to get the GS2bis ball rolling.

http://tools.ietf.org/html/draft-josefsson-kitten-gs2bis-00

So what's the reason for doing that?

The problem is that RFC 6595 (SAML), RFC 6616 (OpenID) and the OAuth
SASL mechanism does not really meet the GS2 requirements: in particular,
they don't offer channel bindings or mutual authentication.  Or more
generically stated, the problem was that we hoped that all future
authentication mechanisms would provide channel binding and mutual
authentication, and as a result GS2 was too narrowly defined.

This problem came up when RFC 6595 and RFC 6616 was prepared, and as a
resolution those documents contained text on how to resolve the issue --
see the paragraph that starts with "The mutual..." in
<http://tools.ietf.org/html/rfc6595#section-4>.  But the problem is
really with GS2, so the fix should go into GS2.

To review the differences between RFC 5801 and GS2bis, I've published a
HTML side-by-side diff:

http://josefsson.org/sasl-gs2/draft-josefsson-kitten-gs2bis-from-rfc5801.diff.html

As you can see, I've only added one section describing the problem and
some new MUST wording.  Clearly, this is not sufficient, and other
sections must be modified, in particular the security considerations.
Before doing that, I think it would be good to get the WG to think about
this issue and see that the overall idea is acceptable.  I can't say
that I like the text, but I think it is a compromise that will result in
better hormonization of GSS-API and SASL, and I have struggled to come
up with anything better.

For simpler commenting on the actual new material, I'm including the new
section below.

Feedback, suggestions, co-authors, etc, all very appreciated.

Thanks,
/Simon

6.  When the mechanism does not support channel binding and/or mutual
    authentication

   Some authentication mechanisms does not offer mutual authentication
   or is unable to provide channel bindings.  This is unfortunate, and
   usually suggests that the authentication mechanism offers limited
   authentication functionality.  However there are situations when the
   lack of this functionality can be mitigated with other protection
   mechanisms, leading to acceptable overall security.  Being able to
   define and use an authentication mechanism as a GSS-API mechanism and
   then use that GSS-API mechanism in the SASL environment using GS2 has
   advantages; for example, being able to re-use existing generic GS2
   implementations.  Further, being able to express all mechanisms that
   can be expressed as a GSS-API mechanisms as a SASL mechanism (and
   vice versa) provides design elegance and framework replacability.
   Therefor, this document relaxes the requirement that the GSS-API
   mechanism support channel bindings and/or mutual authentication.
   Implementing and deploying applications that supports those mechanism
   require some consideration, and this section discuss the relevant
   areas.

   For the discussion it helps to understand what happens with the GS2
   bridge when a GSS-API mechanism does not offer channel bindings or
   mutual authentication.  When channel bindings is not supported by the
   underlying mechanism, GS2 cannot protect its data (essentially: the
   channel binding flag and the SASL authorization identity).  This
   means that the security of the channel binding mode breaks down and
   that the other side cannot trust the SASL authorization identity.
   When mutual authentication is not happening, the client cannot know
   that it sends its data to the intended server.

   It is acceptable to use these mechanisms with GS2 in some situations.
   For example, if the client uses TLS against a server, and the client
   verify the server's certificate properly so that server
   authentication has occured, then authenticating the client to the
   server using a "weak" GSS-API mechanism will technically work.  The
   security properties will not be as good as they would have been if
   the underlying mechanism supported channel binding or mutual
   authentication, however they become as good as possible.

   This document relaxes the requirements on GSS-API mechanism so that
   all GSS-API mechanism can be expressed in GS2.  For these mechanisms,
   the "gs2-cb-flag" value MUST always be "n", and the PLUS-variant of
   the GS2 mechanism name MUST NOT be advertised or negotiated.

   The SAML SASL bridge [RFC6595] and the SAML OpenID bridge [RFC6616]
   are two examples of documents that describe such bridges.  These
   documents did not meet the requirements of the original GS2 bridge,
   but with the update in this document they are conformant.  Note that
   both documents had discussions describing this aspect and sufficient
   requirements for safe implementation and deployment.

v2.23.0 | Report a Bug | By Email