IETF Logo Mail Archive

Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv3: request for review

Benjamin Kaduk <kaduk@MIT.EDU> Sun, 03 August 2014 05:50 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C76D41A0171; Sat, 2 Aug 2014 22:50:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ArNdUxtMLgEd; Sat, 2 Aug 2014 22:50:50 -0700 (PDT)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AB7A1A0172; Sat, 2 Aug 2014 22:50:50 -0700 (PDT)
X-AuditID: 1209190f-f79f86d0000061c8-72-53ddcdb9c211
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id 09.CA.25032.9BDCDD35; Sun, 3 Aug 2014 01:50:49 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id s735oluQ006974; Sun, 3 Aug 2014 01:50:48 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s735ojhT025594 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 3 Aug 2014 01:50:46 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id s735oj8W026587; Sun, 3 Aug 2014 01:50:45 -0400 (EDT)
Date: Sun, 03 Aug 2014 01:50:44 -0400
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Nico Williams <nico@cryptonector.com>
In-Reply-To: <20140801221535.GA3579@localhost>
Message-ID: <alpine.GSO.1.10.1408030147130.21571@multics.mit.edu>
References: <DC941FEB-725A-49E1-8C38-FF765454827C@netapp.com> <alpine.GSO.1.10.1407301239260.21571@multics.mit.edu> <20140801055401.GA7409@localhost> <8FD0C272-6FD3-44FE-BD3D-BAB220E0FF13@netapp.com> <20140801221535.GA3579@localhost>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="-559023410-2132172227-1407045045=:21571"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprIKsWRmVeSWpSXmKPExsUixCmqrbvz7N1gg12vJC2Obl7FYjH7/SNW i1PXjrBZTF9k5cDi8fLUOUaPJUt+MnnM+PSFLYA5issmJTUnsyy1SN8ugSvj67VupoKDshXP 9hk3MP4Q72Lk5JAQMJH4+bSLFcIWk7hwbz1bFyMXh5DAbCaJ0zvvMEI4GxgluvbMZIVwDjJJ LP/aA+RwADn1Eje/1IN0swhoSdx+dJoZxGYTUJGY+WYjG4gtIqApcX3eUjCbWaBMontaO9g2 YQE3ieZXv8DqOQX0JDpffAGL8wo4Srz695IJYtdLRonbF/aAFYkK6Eis3j+FBaJIUOLkzCcs EEMDJVruPWafwCg4C0lqFpLULKBTmQXMJBa22UGEtSXu32xjW8DIsopRNiW3Sjc3MTOnODVZ tzg5MS8vtUjXRC83s0QvNaV0EyM45CX5dzB+O6h0iFGAg1GJh1dh791gIdbEsuLK3EOMkhxM SqK8P3cBhfiS8lMqMxKLM+KLSnNSiw8xSnAwK4nwfskGyvGmJFZWpRblw6SkOViUxHnfWlsF CwmkJ5akZqemFqQWwWRlODiUJHjZgLEtJFiUmp5akZaZU4KQZuLgBBnOAzR81xmQ4cUFibnF mekQ+VOMilLivFdOAyUEQBIZpXlwvbCU9IpRHOgVYV5GkBU8wHQG1/0KaDAT0OAaw9sgg0sS EVJSDYwdtTYxbWXrdvllTDPgvhC/Z27x2036S7WfZacF8XYq5SYIq+04FmXoe11o0mSlD2KR hretlx/cZMa3Q/Fx9amfSd5LGvadyzorYBy8exHP94YK45vSO89UxuWejP+5/facBum1ZxUn vnWQEXXilQt/yWBi3cN92a34y4a5DWWmjRwbeXvz25RYijMSDbWYi4oTARHG7uwkAwAA
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/qMpKHEa1ixLKUoOMxiEhCTn3hpM
Cc: "kitten@ietf.org" <kitten@ietf.org>, "Adamson, Andy" <William.Adamson@netapp.com>, NFSv4 <nfsv4@ietf.org>
Subject: Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv3: request for review
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Aug 2014 05:50:55 -0000

On Fri, 1 Aug 2014, Nico Williams wrote:

> On Fri, Aug 01, 2014 at 08:28:25PM +0000, Adamson, Andy wrote:
>> On Aug 1, 2014, at 1:54 AM, Nico Williams <nico@cryptonector.com> wrote:
>>> On Thu, Jul 31, 2014 at 06:38:09PM -0400, Benjamin Kaduk wrote:
>>>> Hmm, this seems to have gotten rather long.
>>
>> Well, it’s two pages shorter than draft-williams-rpcsecgssv3-02.txt (!)
>
> :)

I meant "my email is getting long", not "the draft is getting long", just 
so we're clear.

>>>> Multi-principal authentication
>>>>
>>>> This draft proposes a multi-principal authentication scheme,
>>>> restricted to just the case of a privileged client process on a
>>>
>>> No, not only the case of a privileged client process.
>>
>> Sure, but for the Multi-principal piece we do say the following which 
>> says that the use-case is privileged client process….
>
> It was always my intention that traditional (read: multi-user
> shared-cache) NFS client implementations would just always use
> "multi-principal" contexts when doing any RPCs on a user's behalf.
>
> That is, addressing the "user can impersonate the server to the client"
> problem was always my first and foremost goal with this protocol, though
> I didn't always say so explicitly (since at the time the attack was not
> well-known, I didn't want to publicize it).
>
> The conveyance of privilege (or under-privilege) is secondary, but
> extremely useful.
>
> (Was "multi-principal" my name for this?  No, I called them compound
> authentication.  I prefer "compound".)
>
> Local privilege or lack thereof is irrelevant to when compound
> authentication is to be used.  The only relevant detail for that is: is
> the client trusting the server's response in any way that could
> compromise it or other users on the same client if the user on behalf of
> which the RPC is being done could impersonate the server.  That's a
> mouthful, sorry (shorter version: shared-cache).

When I said "privileged", I mean "the thing maintaining the cache, which 
has its own credentials that are distinct from any other processes 
benefitting from the cache.

>>>> However, I don't think this is strong enough; I think this scheme
>>>> requires the "privacy" level of protection.  Otherwise, an attacker
>>>> could replay the nonce+MIC and obtain an RPCSEC_GSS context that
>>>> will authenticate as the user from the "inner" context, without
>>>> actually proving that it possesses the user's credentials.  In
>>>
>>> The client's credentials are required to make progress.
>>
>> So you do need to be a ‘privileged client process’ - in order to use
>> the client’s machine credentials.
>
> No.  The client (the kernel, whatever) does it on behalf of the user.

I think we're actually in agreement on what's going on here, just using 
different words to describe it.

>>>  That stops
>>> replay attacks.  We need only bind things sufficiently to the new
>>> RPCSEC_GSS security context handle and the client credentials.
>>
>> An evil user that can get root on a client machine wouldn’t need to
>> [...]
>
> Stop right there!  We *always* assume local security when dealing with
> security protocols :)  There's no need to state this assumption.  It's

Indeed, this is not the point I was trying to make.  More under separate 
cover.

-Ben

v2.29.0 | Report a Bug | By Email | System Status