IETF Logo Mail Archive

PRF comments

Ken Raeburn <raeburn@MIT.EDU> Thu, 23 June 2005 20:54 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DlYik-0006pI-VF; Thu, 23 Jun 2005 16:54:46 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DlYiZ-0006l5-5R for kitten@megatron.ietf.org; Thu, 23 Jun 2005 16:54:36 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA00714 for <kitten@ietf.org>; Thu, 23 Jun 2005 16:54:30 -0400 (EDT)
Received: from biscayne-one-station.mit.edu ([18.7.7.80]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DlYtZ-0003sV-EO for kitten@ietf.org; Thu, 23 Jun 2005 17:05:58 -0400
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.12.4/8.9.2) with ESMTP id j5NKef2b001665; Thu, 23 Jun 2005 16:40:42 -0400 (EDT)
Received: from all-in-one.mit.edu (ALL-IN-ONE.MIT.EDU [18.18.1.71]) (authenticated bits=56) (User authenticated as raeburn@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.1/8.12.4) with ESMTP id j5NKeZFp012482 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 23 Jun 2005 16:40:35 -0400 (EDT)
Received: (from raeburn@localhost) by all-in-one.mit.edu (8.12.9) id j5NKeYxl017324; Thu, 23 Jun 2005 16:40:34 -0400
To: kitten@ietf.org
From: Ken Raeburn <raeburn@MIT.EDU>
Date: Thu, 23 Jun 2005 16:40:34 -0400
Message-ID: <tx14qboq01p.fsf@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 1.041
X-Spam-Level: * (1.041)
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 10d3e4e3c32e363f129e380e644649be
Cc:
Subject: PRF comments
X-BeenThere: kitten@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/kitten>
List-Post: <mailto:kitten@lists.ietf.org>
List-Help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
Sender: kitten-bounces@lists.ietf.org
Errors-To: kitten-bounces@lists.ietf.org

Going over the -04 drafts today, I was struck by a few things:

draft-ietf-kitten-gssapi-prf-04.txt:

   Mechanisms MUST be able to consume all the provided prf_in input data
   that is 2^14 or fewer octets.

   If a mechanism cannot consume as much input data as provided by the
   caller, then GSS_Pseudo_random() MUST return GSS_S_FAILURE.

We should probably add explicitly: "Mechanism PRF specifications may
not truncate the supplied input data."

   If the implementation cannot produce the desired output due to lack
   of resources then it MUST output what it can and still return
   GSS_S_COMPLETE.

This makes "mechanism spec said to output only X bytes"
indistinguishable from "out of resources".  If the output is being
used as protocol keying material or something comparable, then the
exchange may eventually fail because one side generated less data than
the other.

I'd suggest either this should fail, or return some magic error code
that means "truncated output" and we provide some way to resume where
it left off.  (Probably the former, though that may mean that
small-memory systems simply cannot satisfy some requests.)

In fact, it's probably worth explicitly stating that the mechanism
definitions must indicate what the only correct output length is, for
a given input.

   Additional major status codes for the C-bindings:

   o  GSS_S_CALL_INACCESSIBLE_READ

   o  GSS_S_CALL_INACCESSIBLE_WRITE

   See [RFC2744].

These status codes are very poorly described in RFC 2744, and are not
explicitly noted as status returns for any functions in RFC 2744, so I
don't think they need to be called out specially here.  And why would
they be "additional" major status codes?

I'm not sure when they could come up, anyways, unless you're checking
memory mappings for validity of the supplied pointers.  It looks like
the MIT code never returns them.

   For Java GSS_Pseudo_random() maps to a GSSContext method, 'prf':

I'm not familiar with Java interface definitions.  Is it considered
okay to simply add a new method to a standardized interface?

Add a comma after "Java".

   Callers of GSS_Pseudo_random() should avoid accidentally calling it
   with the same inputs.

"... for different purposes [or uses]."  There are certainly cases
where you'd want different calls to use the same inputs, and not by
accident.

   presence of short cycles, etc), you limit the amount of the PRF
   output used to the necessary minimum.

I think "minimum necessary" sounds better.  "Necessary minimum" sounds
to me like it is necessary that a minimum exists, whereas we want the
minimum amount of output that is necessary.  (I.e., "minimum" and
"necessary" modify "amount"; "necessary" doesn't modify "minimum".)


draft-ietf-kitten-krb5-gssapi-prf-04.txt:

Section 2, move [RFC3961] up to the first paragraph where the PRF
function is first mentioned.  Should the [RFC1964] reference be
updated to CFX?

   The computational cost of computing this PRF+ may vary depending on
   the Kerberos V encryption types being used, but generally the
   computation of this PRF+ gets more expensive as the input and output
   [...]

With some rewording ("a mechanism that uses a PRF+ construction...",
or just "for many PRF constructions..."), this would be appropriate
for draft-ietf-kitten-gssapi-prf instead.

Ken

_______________________________________________
Kitten mailing list
Kitten@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten

v2.23.0 | Report a Bug | By Email