IETF Logo Mail Archive

Re: [kitten] [EXTERNAL] Re: Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03

Paul Romero <paulr@rcom-software.com> Mon, 20 February 2023 00:04 UTC

Return-Path: <paulr@rcom-software.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD1B0C14CF18 for <kitten@ietfa.amsl.com>; Sun, 19 Feb 2023 16:04:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.896
X-Spam-Level:
X-Spam-Status: No, score=-6.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X90r6uiqBr15 for <kitten@ietfa.amsl.com>; Sun, 19 Feb 2023 16:04:30 -0800 (PST)
Received: from spike.lmi.net (spike.lmi.net [66.117.140.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19808C14CF17 for <kitten@ietf.org>; Sun, 19 Feb 2023 16:04:29 -0800 (PST)
Received: from [192.168.1.157] (99-13-231-12.lightspeed.snjsca.sbcglobal.net [99.13.231.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: paulr@lmi.net) by spike.lmi.net (Postfix) with ESMTPSA id 83EA316006A for <kitten@ietf.org>; Sun, 19 Feb 2023 16:04:29 -0800 (PST)
Content-Type: multipart/alternative; boundary="------------3feMsMZ4BDwlvNwNWiLK0fh8"
Message-ID: <87b6479d-63d7-b31a-d2e2-b7bd6f9a9c65@rcom-software.com>
Date: Sun, 19 Feb 2023 16:04:29 -0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1
To: kitten@ietf.org
References: <MW4PR21MB1970A9D254B943A1763C55FF9CA09@MW4PR21MB1970.namprd21.prod.outlook.com> <de4cbe7b-85b5-7001-3a8c-74787990c6e0@secure-endpoints.com> <eb9fa7a4-a00d-f388-27aa-3624df8ce4f2@secure-endpoints.com> <MW4PR21MB197060FB388E7922FAADEB079CA19@MW4PR21MB1970.namprd21.prod.outlook.com> <6cb6f5ddfc7b9b150b4eef72db5a3f3b9566fd80.camel@redhat.com> <20230219194355.36139173DDE@pb-smtp2.pobox.com> <Y/K2IEhX6c+b05Ye@gmail.com>
Content-Language: en-US
From: Paul Romero <paulr@rcom-software.com>
In-Reply-To: <Y/K2IEhX6c+b05Ye@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/tm4rJI3UlMcVQu8gfhAlq7Nr6k8>
Subject: Re: [kitten] [EXTERNAL] Re: Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Feb 2023 00:04:30 -0000

Hi Nico:

I don't  agree that SCRAM is obsolete and am curious why
you think that is the case. I've used it quite a while and
never experienced a security breach.  The only problem
I have come up against is the configuration of the end to end
secret.

Best Regards,

Paul R.

On 2/19/23 15:52, Nico Williams wrote:
> On Sun, Feb 19, 2023 at 02:43:54PM -0500, Ken Hornstein wrote:
>>> Just throwing it out here, because I sure would love to make it
>>> possible (and easier) to use kerberos-backed out on the Web, without
>>> all the issues that come with multiple-roundtrips, which are what I
>>> find breaks most of these scenarios (the complexity of the protocol
>>> itself and the unfamiliarity of any non-password/bearer based auth
>>> scheme aside).
>> You know, the frustrating thing to me (as a Kerberos fan) is that
>> the multiple roundtrips problem isn't a Kerberos problem but more
>> related to all of the stuff layered on top of Kerberos (GSS, SPNEGO,
>> etc etc).  I see how we got here, but I always was a bit skeptical of
>> the value-add of all of those layers in practice.
> I suspect that Simo is referring to HTTP 401, 200, 401, 200, .. problem.
> That can happen with any HTTP authentication scheme, and I've seen that.
> The solution is to use cookies.
>
> GSS-API adds no round trips.  SPNEGO only adds a round trip if the
> initiator's optimistic choice fails.  Kerberos w/o mutual auth needn't
> add even one round trip to the application layer protocol (though having
> huge tickets doesn't help) provided the application is using the
> sub-session keys (i.e., GSS per-message tokens or KRB-PRIV/SAFE).
>
> The problem with Kerberos is not the round trips.
>
> The biggest problem with Kerberos is that the world has been moving to
> HTTP for everything, and in HTTP land the number of user-agent
> implementations is enormous, and most don't support Negotiate.
> Credential orchestration needs to be self-service in all deployments,
> regardless of whether we're talking about Kerberos or PKI.
>
>    (For this problem I've build an experimental Negotiate-as-a-service.)
>
> Another problem with Kerberos is credential orchestration -especially
> server credentials ("keytabs")- and the need for KDC synchronization.
> Just as there's a Let's Encrypt for the web that makes TLS server
> credential provisioning much simpler, Kerberos and anything else that
> requires server credentials also needs that.  Without this feature it's
> all just hard to use and scale.
>
> The lack of a standard "kadmin" protocol for fetching keys (and rotating
> them) is a serious interoperability problem that causes integration and
> provisioning pain.  (Maybe we should propose Heimdal's httpkadmind
> protocol?)
>
> There's also KDC synchronization that can be annoying.
>
>    (For this problem in Heimdal we've build a virtual service principal
>     namespace feature that derives service keys from the namespace's
>     keys, the principals' names, and each key rotation epoch.)
>
> It's not like it's all great with other authentication protocols.
>
>   - JWT lacks a fetch-a-rock protocol (like the TGS protocol).  Such a
>     protocol would have to be dead simple.
>
>   - OIDC requires both, clients _and_ servers to talk to OIDC issuers.
>
>   - OIDC and SAML transport authentication material in URI q-params.
>
>   - Client certificate support coverage is terrible and hard to use from
>     apps (especially where there's reverse proxy involved), plus the few
>     apps that support client certs don't have any support for using SANs!
>
>   - DIGEST is obsolete.
>
>   - SCRAM was obsolete the day it was born.
>
>   - PAKEs are not a general purpose solution.
>
> There are good reasons why Kerberos is still around; the shortcomings of
> other systems are among them.  But there's been zero work in 30 years on
> making Kerberos easy to deploy, orchestrate, and operate.  The number of
> people who are intimate with the protocol and who have the energy and
> funding to tackle these issues is dwindling.  That's not a recipe for
> success.
>
> Nico

-- 


Paul Romero
-----------
RCOM Communications Software
EMAIL:paulr@rcom-software.com
PHONE: (510)482-2769

v2.23.0 | Report a Bug | By Email