IETF Logo Mail Archive

Re: [kitten] [Curdle] I-D Action: draft-ietf-curdle-des-des-des-die-die-die-03.txt

Benjamin Kaduk <kaduk@mit.edu> Wed, 12 July 2017 23:00 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A21CB129482; Wed, 12 Jul 2017 16:00:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.222
X-Spam-Level:
X-Spam-Status: No, score=-4.222 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bqu8c8ue2DMw; Wed, 12 Jul 2017 16:00:14 -0700 (PDT)
Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6901B12F258; Wed, 12 Jul 2017 16:00:13 -0700 (PDT)
X-AuditID: 12074424-35bff70000001405-92-5966a9fb13e1
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id 74.57.05125.CF9A6695; Wed, 12 Jul 2017 19:00:12 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id v6CN0A75026325; Wed, 12 Jul 2017 19:00:11 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v6CN06JS009804 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 12 Jul 2017 19:00:08 -0400
Date: Wed, 12 Jul 2017 18:00:06 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Daniel Migault <daniel.migault@ericsson.com>
Cc: Martin Rex <mrex@sap.com>, kitten@ietf.org, curdle <curdle@ietf.org>
Message-ID: <20170712230006.GD80947@kduck.kaduk.org>
References: <20170621174558.GK39245@kduck.kaduk.org> <20170623120341.C93721A6BE@ld9781.wdf.sap.corp> <20170626021135.GF17840@kduck.kaduk.org> <CADZyTk=tdD=PWqayf=QUtYFcAnavMEY3L6JkcostRKiGxGe5HA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CADZyTk=tdD=PWqayf=QUtYFcAnavMEY3L6JkcostRKiGxGe5HA@mail.gmail.com>
User-Agent: Mutt/1.7.1 (2016-10-04)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrGIsWRmVeSWpSXmKPExsUixCmqrftnZVqkwckjwhZbF85itpgyfQ+b xdHNq1gsen/vYHZg8fj19Sqbx5IlP5k8pnzeyhjAHMVlk5Kak1mWWqRvl8CV8WzHTdaCl+oV yzr/MDcw/pTrYuTgkBAwkfg0TbeLkYtDSGAxk8TFpS8YIZyNjBJrd79jg3CuMknMfLGYBaSD RUBV4u9J/i5GTg42ARWJhu7LzCC2iICBxMsJO9lAbGYBD4mFm76wgpQLC8RKtC/UAgnzAu16 PPEVO0hYSOAGo8R6Q4iwoMTJmU9YIDq1JG78e8kEUsIsIC2x/B8HSJhTIFDi2qXDjCC2qICy xN/D91gmMArMQtI9C0n3LITuBYzMqxhlU3KrdHMTM3OKU5N1i5MT8/JSi3TN9XIzS/RSU0o3 MYKCl91FZQdjd4/3IUYBDkYlHl4OzbRIIdbEsuLK3EOMkhxMSqK8KsFAIb6k/JTKjMTijPii 0pzU4kOMEhzMSiK8di1AOd6UxMqq1KJ8mJQ0B4uSOK+4RmOEkEB6YklqdmpqQWoRTFaGg0NJ gtdjBVCjYFFqempFWmZOCUKaiYMTZDgP0PD8JSDDiwsSc4sz0yHypxgVpcR5n4E0C4AkMkrz 4HpByUUie3/NK0ZxoFeEeactB6riASYmuO5XQIOZgAavyU4BGVySiJCSamDczxS+ozt7qsPM /qVWFn/UFURfLosPWRMYceljE+/bvM8XZMwePN788Evobv0guUOPZzl7BC+VeSrwpNfonP91 pfe79/NXpDdG633Wy3hTkrZR5lKf2XEBt9fHJeLlRDbZ1/hv37B5guPsfy7rW56EPhSpF9rj 3TS7fEXIJM21rEEv+K/7sNxQYinOSDTUYi4qTgQAI4YMwwkDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/nBku_ptAr9NNgmAiNf7I7l1wUOQ>
Subject: Re: [kitten] [Curdle] I-D Action: draft-ietf-curdle-des-des-des-die-die-die-03.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jul 2017 23:00:17 -0000

On Thu, Jul 06, 2017 at 12:01:49PM -0400, Daniel Migault wrote:
> Hi,
> 
> Thank you for the discussion. It seems that overall the current draft has a
> reached consensus. Are we ready to move the draft forward or do we need any
> additional discussions ? If you think more discussion is needed please let
> us know as soon as possible. Unless concerns are raised, I am planning to
> set  the shepherd write up early next week.

(Intentionally retaining quoted text below.)

I think we're ready to move the draft forward (as-is).

Having reviewed the extra comments, as well as the current text,
I don't think that there is a need to add something along the lines
of what Martin had proposed.  If I was going to add anything, it would
be along the lines of:

  Administrators are additionally expected to be capable of designing rollout       
  plans that minimize disruption, provisioning keys with the new enctypes before    
  enabling new enctypes in configuration.                                           

(at the end of section 5.4).  But it's not clear that this is really adding
value.

-Ben


> On Sun, Jun 25, 2017 at 10:11 PM, Benjamin Kaduk <kaduk@mit.edu> wrote:
> 
> > Hi Martin,
> >
> > On Fri, Jun 23, 2017 at 02:03:41PM +0200, Martin Rex wrote:
> > > Benjamin Kaduk wrote:
> > > >
> > > > It sounds like you are asking for the addition of some text along
> > > > the lines of:
> > > >
> > > >   Software support is only a bare minimum requirement for deprecating
> > > >   RC4 enctypes; there may be additional logistical considerations
> > > >   involved such as provisioning AES keys for all principals and
> > > >   updating software configuration to enable AES and disable deprecated
> > > >   encryption types.
> > > >
> > > > Is that something you are asking for?
> > >
> > > Yes, thank your.  This sounds good to me.  I consider it even more
> > > helpful than the reference to particular versions of particular
> > > OpenSource Kerberos implementations, because this is a characteristic
> > > that is sort-of implied by how kerberos-enctypes keys are created
> > > (derived by string2key) and probably affect all implementations of
> > > Kerberos, yet it is non-obvious to consumers of the technology.
> >
> > Thank you for clarifying your comment into a request.
> >
> > >
> > > There is a substantial difference between cipher suites in TLS, where
> > > key length, strength and algorithm for the symmetric crypto is mostly
> > > irrelevant to the (PKI) credentials, and where using new TLS cipher
> > suites
> > > and deprecating old TLS cipher suites does not have a rekeying
> > requirement.
> >
> > To some extent this is inherent in Kerberos's use of symmetric crypto for
> > authentication, as opposed to TLS which uses asymmetric crypto for
> > authentication and switches to symmetric crypto for efficiency for
> > bulk data transfer.
> >
> >
> > (Jeffrey Altman wrote:)
> > % In my opinion, such text is inappropriate for an RFC.  The deprecation
> > % of the encryption type is a protocol action.  The RFC is not guidance
> > % for system administrators.  Such guidance should come from the protocol
> > % implementations.
> > %
> > % As such I believe the addition of text similar to the above is
> > % unnecessary for publication.
> >
> > >
> > > I do believe that it is very appropriate to provide such kind of a
> > > guidance in an RFC, so that it this recommendation for deprecation
> > > becomes more comprehensible and the trade-offs clearer to mere consumers
> > > of the Kerberos technology, readers that aren't Kerberos protocol experts
> > > and senior Kerberos implementers.
> >
> > In general I tend to hew more to Jeffrey's track that protocol
> > specifications
> > should limit themseles to protocol-level work.  I could see some grounds
> > for an exception here, though, in that the deployment difficulties are
> > inherent to any Kerberos deployment that follows best practice of not
> > storing
> > user passwords (only derived keys).
> >
> > Given Jeffrey's reasoning, I do not think my above "proposed text"
> > (to get clarification from Martin) should be used as-is; if we do want
> > to provide the clarification that Martin wants, I would want to rephrase
> > things somewhat.  But, it still seems unclear where the WG consensus lies
> > on the question of including any guidance at all, here.  Can others
> > please weigh in?
> >
> >
> > > When making admins sufficiently aware of predictable interop-problems,
> > > we may actually see more administrative deprecation of weak Kerberos
> > > enctypes than leaving them in the dark, and it helps reducing the amount
> > > of stumped users, helpdesks and admins.
> >
> > Admins are more likely to read software-provided documentation than
> > protocol specs; this argument seems speculative to me.
> >
> > -Ben
> >
> > _______________________________________________
> > Curdle mailing list
> > Curdle@ietf.org
> > https://www.ietf.org/mailman/listinfo/curdle
> >

v2.23.0 | Report a Bug | By Email