Re: Security review of draft-ietf-kitten-gssapi-channel-bindings-06
Nicolas Williams <Nicolas.Williams@sun.com> Wed, 01 April 2009 21:51 UTC
Return-Path: <Nicolas.Williams@sun.com>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 431E728C1DE for <kitten@core3.amsl.com>; Wed, 1 Apr 2009 14:51:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.752
X-Spam-Level:
X-Spam-Status: No, score=-5.752 tagged_above=-999 required=5 tests=[AWL=0.294, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OgTmfrclu6Ht for <kitten@core3.amsl.com>; Wed, 1 Apr 2009 14:51:29 -0700 (PDT)
Received: from sca-ea-mail-3.sun.com (sca-ea-mail-3.Sun.COM [192.18.43.21]) by core3.amsl.com (Postfix) with ESMTP id D92E028C1D8 for <kitten@ietf.org>; Wed, 1 Apr 2009 14:51:28 -0700 (PDT)
Received: from dm-central-02.central.sun.com ([129.147.62.5]) by sca-ea-mail-3.sun.com (8.13.6+Sun/8.12.9) with ESMTP id n31LqTHf017730 for <kitten@ietf.org>; Wed, 1 Apr 2009 21:52:29 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id n31LqSkS028425 for <kitten@ietf.org>; Wed, 1 Apr 2009 15:52:28 -0600 (MDT)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n31LZfdX015565; Wed, 1 Apr 2009 16:35:41 -0500 (CDT)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n31LZaVl015564; Wed, 1 Apr 2009 16:35:36 -0500 (CDT)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Wed, 01 Apr 2009 16:35:36 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: canetti <canetti@post.tau.ac.il>
Subject: Re: Security review of draft-ietf-kitten-gssapi-channel-bindings-06
Message-ID: <20090401213536.GT9992@Sun.COM>
References: <49D331C6.7000407@post.tau.ac.il>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <49D331C6.7000407@post.tau.ac.il>
User-Agent: Mutt/1.5.7i
Cc: kitten@ietf.org, secdir@mit.edu, Ran Canetti <canetti@csail.mit.edu>
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2009 21:51:30 -0000
On Wed, Apr 01, 2009 at 12:20:06PM +0300, canetti wrote:
> *I have reviewed this document as part of the security directorate's
> *ongoing effort to review all IETF documents being processed by the
> *IESG. These comments were written primarily for the benefit of the
> *security area directors. Document editors and WG chairs should treat
> *these comments just like any other last call comments.
Thanks!
I know that Jeff has already answered this...
> This is a very short document. It describes a more generic way of
> formatting the API for channel bindings. The move to a more generic
> format is welcome. One potential objection here, however, is to the
> requirement that compliant implementations MUST interpret the API as
> having the new format. This may have backwards compatibility issues,
> and for no apparent good reason. It might be better to specify the
> format so that an implementation will be able to take also older API
> formats. (Since this is not an interoperability or security-sensitive
> issue, there seems to be no reason for the IETF to MANDATE one way
> over another.)
Let's pick a programming language, say, Python, and suppose that the
Python bindings of the GSS-API followed RFC2743 with regards to channel
binding.
An implementation of those bindings AND of the Kerberos V
GSS-API mechanism (RFCs 1964 and 4121) would have to decide how to map
the RFC2743 "OCTET STRING" channel binding input to the mechanism's
channel binding (which is defined in terms of RFC2744's
gss_channel_bindings_struct C struct rather than "OCTET STRING"). Two
implementations of such bindings would fail to interop when using
channel bindings if the implementors decided this matter differently.
Worse, suppose that you had a Python bindings implementation that mapped
the RFC2743 OCTET STRING channel binding input to then initiator_address
field of the RFC2744 gss_channel_bindings_struct C struct. Then you
could not interop with C implementations of the same application
protocol when using channel binding[*].
IMO the only reasonable decision for the implementors would be to map
the RFC2743 OCTET STRING channel binding input to the RFC2744
application_data field of gss_channel_bindings_struct. And indeed, this
may require changing some of the putative implementations of the
putative Python bindings of the GSS-API. I don't see any alternatives.
[*] Only RFC2744 application_data makes sense for channel binding
nowadays. Use of network addresses for channel binding was long ago
abandoned -- think of NATs :( -- and anyways, channel binding
to cryptographically secure channels makes much sense, while channel
binding to network addresses does not make much sense at all.
Nico
--
- Security review of draft-ietf-kitten-gssapi-chann… canetti
- Re: [secdir] Security review of draft-ietf-kitten… Jeffrey Hutzelman
- Re: Security review of draft-ietf-kitten-gssapi-c… Nicolas Williams
- Re: Security review of draft-ietf-kitten-gssapi-c… canetti