Re: [kitten] I-D Action: draft-ietf-kitten-rfc6112bis-01.txt

Greg Hudson <> Wed, 17 August 2016 15:58 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 92CC212D7AF for <>; Wed, 17 Aug 2016 08:58:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.448
X-Spam-Status: No, score=-5.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.247, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id SndI8VTSuqOq for <>; Wed, 17 Aug 2016 08:58:23 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9053912DE0D for <>; Wed, 17 Aug 2016 08:58:20 -0700 (PDT)
X-AuditID: 12074423-eafff70000005fe1-bd-57b4899b241a
Received: from ( []) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id AF.42.24545.B9984B75; Wed, 17 Aug 2016 11:58:19 -0400 (EDT)
Received: from ( []) by (8.13.8/8.9.2) with ESMTP id u7HFwIPf032062; Wed, 17 Aug 2016 11:58:19 -0400
Received: from [] ( []) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by (8.13.8/8.12.4) with ESMTP id u7HFwGK0026364 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 17 Aug 2016 11:58:18 -0400
To: Shawn M Emery <>,
References: <> <> <>
From: Greg Hudson <>
Message-ID: <>
Date: Wed, 17 Aug 2016 11:58:15 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrAIsWRmVeSWpSXmKPExsUixG6nrju7c0u4wYrNkhZHN69iseh7fYjd gcljyZKfTB4fn95iCWCK4rJJSc3JLEst0rdL4MpY3ClRsIqnouXXZ+YGxmecXYycHBICJhKN pyYxdjFycQgJtDFJXD67mAXC2cgosavjOStIlZDAESaJY3szQGxhAVeJT9f72UFsEQFriZl7 zkI1TGCUuHe6F6yBTUBZYv3+rSwgNq+AmsSHZY8YQWwWAVWJRe+ngsVFBSIkZm3/wQRRIyhx cuYTsDingJ1E4883YHOYBfQkdlz/BWXLS2x/O4d5AiP/LCQts5CUzUJStoCReRWjbEpulW5u YmZOcWqybnFyYl5eapGumV5uZoleakrpJkZwQLoo72B82ed9iFGAg1GJh/eG1eZwIdbEsuLK 3EOMkhxMSqK8d6q3hAvxJeWnVGYkFmfEF5XmpBYfYpTgYFYS4W1rAcrxpiRWVqUW5cOkpDlY lMR5t39rDxcSSE8sSc1OTS1ILYLJynBwKEnw5nQANQoWpaanVqRl5pQgpJk4OEGG8wAN3wBS w1tckJhbnJkOkT/FqCglzqsJkhAASWSU5sH1ghNGKseuV4ziQK8I8z4GqeIBJhu47ldAg5mA BvPygw0uSURISTUwGn6/lZl8I2Xex6TZZ41+bQuZcH6S3J/F+x0con7mBn94t+XLnXKjP+4m 9zRDUqzbGP9k1BQaPZ/W1r/mt0vSnScrJ8YISjJYx2slHGrom+25Qcr46zefrSVPxIym2l+9 UHd3CpvA7PNHnlelZLCfOsHQz/fNyOr3/gkGax59WHh6u0LkoSuJdUosxRmJhlrMRcWJAHO/ uNHzAgAA
Archived-At: <>
Subject: Re: [kitten] I-D Action: draft-ietf-kitten-rfc6112bis-01.txt
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 17 Aug 2016 15:58:24 -0000

On 08/16/2016 12:12 AM, Shawn M Emery wrote:
>> In section 7, "To ensure that an attacker cannot create a channel with a
>> given name" was changed to "To ensure that an attacker cannot create a
>> channel by observing exchanges."  The original wording may have used
>> "name" in a non-intuitive way, but I think the new wording is more
>> wrong.  The threat is that a MITM attacker might create two channels
>> with the same ticket session key (known to the attacker); the new
>> wording suggests that the threat comes from a passive attacker.
> Yes, the key word "observing" indicates a passive state.  How about?:
> To ensure that an attacker cannot create a channel by obtaining key
> exchanges between the client and KDC, it is desirable that neither the
> KDC nor the client unilaterally determine the ticket session key.

That still suggests a passive attacker to me.  I suggest:

"To ensure that an active attacker cannot create separate channels to
the client and KDC with the same known key, it is desirable that neither
the KDC nor the client unilaterally determine the ticket session key."

>> "By requiring the session key in a way that..." is not grammatical.
> How about?:
> This protocol binds the ticket to the DH exchange and prevents the MITM
> attack by requiring the session key in a way that can be verified by the
> client.

I believe that change just reverses the two main clauses of the sentence
without eliminating the grammar error.  You could say "requiring the
session key to be created in a way...".