Re: [kitten] shepherd review of draft-ietf-kitten-krb-auth-indicator-02
Benjamin Kaduk <kaduk@MIT.EDU> Fri, 30 September 2016 04:02 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68E2312B02C; Thu, 29 Sep 2016 21:02:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.537
X-Spam-Level:
X-Spam-Status: No, score=-6.537 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.316, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vAkdghe7QqQK; Thu, 29 Sep 2016 21:02:08 -0700 (PDT)
Received: from dmz-mailsec-scanner-5.mit.edu (dmz-mailsec-scanner-5.mit.edu [18.7.68.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B208912B023; Thu, 29 Sep 2016 21:02:06 -0700 (PDT)
X-AuditID: 12074422-ec3ff700000074b8-f3-57ede3bd561e
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 57.E5.29880.DB3EDE75; Fri, 30 Sep 2016 00:02:05 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id u8U424dL021519; Fri, 30 Sep 2016 00:02:04 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id u8U41wFO027020 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 30 Sep 2016 00:02:01 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id u8U41wWE014624; Fri, 30 Sep 2016 00:01:58 -0400 (EDT)
Date: Fri, 30 Sep 2016 00:01:58 -0400
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Nathaniel McCallum <npmccallum@redhat.com>
In-Reply-To: <1475081412.9001.8.camel@redhat.com>
Message-ID: <alpine.GSO.1.10.1609292358310.5272@multics.mit.edu>
References: <alpine.GSO.1.10.1609251734290.5272@multics.mit.edu> <c0921ba3-7b3e-4716-736b-b73518dafe93@mit.edu> <1475081412.9001.8.camel@redhat.com>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrMIsWRmVeSWpSXmKPExsUixG6norv38dtwg6v/LSwO39jFbnF08yoW i7lfZ7E6MHssWfKTyeP9vqtsAUxRXDYpqTmZZalF+nYJXBl/bk1iLvjPVnHn9mz2BsbbrF2M nBwSAiYSrRP/s4HYQgJtTBJf1wl2MXIB2RsZJQ5s2sgO4Rxikjj7cQMrhNPAKHFuxx6wdhYB bYltJzqYQWw2ARWJmW82go0SEdCTWLZvAiOIzSzgJLFsayc7iC0sECTRtukIWC+ngKHEziNT WUBsXgEHifd7TjFCLJjKKLFn83ImkISogI7E6v1ToIoEJU7OfMICMVRLYvn0bSwTGAVmIUnN QpJawMi0ilE2JbdKNzcxM6c4NVm3ODkxLy+1SNdULzezRC81pXQTIzg8XZR2ME7853WIUYCD UYmHN0P1bbgQa2JZcWXuIUZJDiYlUV7Zo0AhvqT8lMqMxOKM+KLSnNTiQ4wSHMxKIryWD4Fy vCmJlVWpRfkwKWkOFiVx3q4ZB8KFBNITS1KzU1MLUotgsjIcHEoSvFWPgBoFi1LTUyvSMnNK ENJMHJwgw3mAhq8FqeEtLkjMLc5Mh8ifYtTlWPDj9lomIZa8/LxUKXHeoyBFAiBFGaV5cHPA aWU3k+orRnGgt4R5d4BU8QBTEtykV0BLmICW5B99A7KkJBEhJdXA6Dn9wMPI1XxvNfr19y7u dF7r6KE2xWdnJNOsb4bb0x7NDTcUYJEx0UvmUvN7eqA0pjnuuhLLkx+Fwgefe85ecvX27Pd3 7lpseTLD7NJR9kTXeZbpLIzXBbhy4jhmb/t0Lu/PdMnMkN+7wvVsv+02LG3eIq173XiV3Vvu 0JZtW7fw3K5UNXlqqcRSnJFoqMVcVJwIAGkRI24GAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/nTe1J731hmhIsAJDJHrxC6bEm7E>
Cc: kitten@ietf.org, draft-ietf-kitten-krb-auth-indicator@ietf.org
Subject: Re: [kitten] shepherd review of draft-ietf-kitten-krb-auth-indicator-02
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2016 04:02:09 -0000
On Wed, 28 Sep 2016, Nathaniel McCallum wrote: > I submitted a new draft with these changes. I only omitted the change > to the security considerations section. We can discuss that further if > need be. I stated my reasons for keeping the existing wording in > another email. Thanks for the updates. I do not insist on changes to the security considerations text, but will not be surprised if a GenART/Opsdir/secdir reviewer re-raises the question. I do have one question, though: the new version says that the CAMMAC requirement "exists to provide integrity protection from man-in-the-middle attacks", which is a bit odd, since AuthorizationData appear within the EncTicketPart (and the auth-indicator is not expected to appear "bare" in KDC-REQ or Authenticators, since it is supposed to be KDC-issued). So, unfortunately, that sentence still leaves me confused. -Ben
- [kitten] shepherd review of draft-ietf-kitten-krb… Benjamin Kaduk
- Re: [kitten] shepherd review of draft-ietf-kitten… Greg Hudson
- Re: [kitten] shepherd review of draft-ietf-kitten… Benjamin Kaduk
- Re: [kitten] shepherd review of draft-ietf-kitten… Nathaniel McCallum
- Re: [kitten] shepherd review of draft-ietf-kitten… Nathaniel McCallum
- Re: [kitten] shepherd review of draft-ietf-kitten… Benjamin Kaduk
- [kitten] intended status and Updates: 4120 for dr… Benjamin Kaduk
- Re: [kitten] intended status and Updates: 4120 fo… Greg Hudson