Re: Comments on draft-ietf-kitten-krb5-gssapi-prf-03.txt
Martin Rex <martin.rex@sap.com> Mon, 23 May 2005 22:44 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DaLeY-0001Y8-0N; Mon, 23 May 2005 18:44:06 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DaLeW-0001Y2-SI for kitten@megatron.ietf.org; Mon, 23 May 2005 18:44:04 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA07718 for <kitten@ietf.org>; Mon, 23 May 2005 18:44:02 -0400 (EDT)
Received: from smtpde02.sap-ag.de ([155.56.68.170]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DaLwZ-0007B1-NF for kitten@ietf.org; Mon, 23 May 2005 19:02:45 -0400
Received: from sap-ag.de (smtpde02) by smtpde02.sap-ag.de (out) with ESMTP id AAA22709; Tue, 24 May 2005 00:43:38 +0200 (MESZ)
From: Martin Rex <martin.rex@sap.com>
Message-Id: <200505232243.AAA00980@uw1048.wdf.sap.corp>
To: Nicolas.Williams@sun.com
Date: Tue, 24 May 2005 00:43:37 +0200
In-Reply-To: <20050523222438.GC27936@binky.Central.Sun.COM> from "Nicolas Williams" at May 23, 5 05:24:38 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
X-SAP: out
X-SAP: out
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f
Content-Transfer-Encoding: 8bit
Cc: kitten@ietf.org, raeburn@MIT.EDU
Subject: Re: Comments on draft-ietf-kitten-krb5-gssapi-prf-03.txt
X-BeenThere: kitten@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: martin.rex@sap.com
List-Id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/kitten>
List-Post: <mailto:kitten@lists.ietf.org>
List-Help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
Sender: kitten-bounces@lists.ietf.org
Errors-To: kitten-bounces@lists.ietf.org
As with a similar discussion on krb-ietf list how a KDC cert should be verified in PKINIT, we should not ignore the fact that the affected spec (here) is going to be normative for both, the gssapi mechanism implementor and the application gssapi caller, and those two will have an entirely different background and needs. So I would suggest to actually quantify (a) what the mechanism implementor must provide as a minimum to be at all useful (b) what the application caller can rely on to be safely available. I think that a number in the range of 1000-2000 should be good. I would indicate to the gssapi implementor that a secure PRF is necessary, and it would indicate to the application caller that this function is not designed to produce a Stream-cipher like pseudo random pad which it can (ab)use to XOR large piles of application data. We should add a reference to the document draft-eastlake-randomness2-10.txt that is sitting on the Editor's queue: Date: Mon, 07 Feb 2005 17:31:14 -0500 Subject: Protocol Action: 'Randomness Requirements for Security' to BCP Sender: ietf-announce-bounces@ietf.org The IESG has approved the following document: - 'Randomness Requirements for Security ' <draft-eastlake-randomness2-10.txt> as a BCP This document contains lots of useful information about cryptographic randomness. -Martin _______________________________________________ Kitten mailing list Kitten@lists.ietf.org https://www1.ietf.org/mailman/listinfo/kitten
- Comments on draft-ietf-kitten-krb5-gssapi-prf-03.… Jeffrey Altman
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Jeffrey Hutzelman
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Jeffrey Altman
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Jeffrey Hutzelman
- RE: Comments on draft-ietf-kitten-krb5-gssapi-prf… Blumenthal, Uri
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- RE: Comments on draft-ietf-kitten-krb5-gssapi-prf… Blumenthal, Uri
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Ken Raeburn
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Ken Raeburn
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- RE: Comments on draft-ietf-kitten-krb5-gssapi-prf… Blumenthal, Uri
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- RE: Comments on draft-ietf-kitten-krb5-gssapi-prf… Salowey, Joe
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Jeffrey Hutzelman
- RE: Comments on draft-ietf-kitten-krb5-gssapi-prf… Blumenthal, Uri
- RE: Comments on draft-ietf-kitten-krb5-gssapi-prf… Jeffrey Hutzelman
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Martin Rex
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Sam Hartman
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Martin Rex
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Nicolas Williams
- Consensus call was Re: Comments on draft-ietf-kit… Jeffrey Altman
- Re: Comments on draft-ietf-kitten-krb5-gssapi-prf… Sam Hartman
- Re: Consensus call was Re: Comments on draft-ietf… Sam Hartman
- Re: Consensus call was Re: Comments on draft-ietf… Nicolas Williams
- Re: Consensus call was Re: Comments on draft-ietf… Sam Hartman
- Re: Consensus call was Re: Comments on draft-ietf… Nicolas Williams
- Re: Consensus call was Re: Comments on draft-ietf… Nicolas Williams
- Re: Consensus call was Re: Comments on draft-ietf… Jeffrey Altman
- Updated I-Ds submitted, pls begin WGLC (Re: Conse… Nicolas Williams