Re: [kitten] New Version Notification for draft-howard-gss-sanon-01.txt
Nico Williams <nico@cryptonector.com> Mon, 06 April 2020 01:10 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 576BA3A0ABB for <kitten@ietfa.amsl.com>; Sun, 5 Apr 2020 18:10:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XtY47Dd6sKSV for <kitten@ietfa.amsl.com>; Sun, 5 Apr 2020 18:10:35 -0700 (PDT)
Received: from cadetblue.birch.relay.mailchannels.net (cadetblue.birch.relay.mailchannels.net [23.83.209.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEACC3A0A74 for <kitten@ietf.org>; Sun, 5 Apr 2020 18:10:34 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 56FAC21100; Mon, 6 Apr 2020 01:10:34 +0000 (UTC)
Received: from pdx1-sub0-mail-a32.g.dreamhost.com (100-96-23-11.trex.outbound.svc.cluster.local [100.96.23.11]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id D4D2620C72; Mon, 6 Apr 2020 01:10:33 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a32.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.6); Mon, 06 Apr 2020 01:10:34 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Industry-Lonely: 590ebf0006de6f63_1586135434156_3278481640
X-MC-Loop-Signature: 1586135434156:425629812
X-MC-Ingress-Time: 1586135434156
Received: from pdx1-sub0-mail-a32.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a32.g.dreamhost.com (Postfix) with ESMTP id 915087FF11; Sun, 5 Apr 2020 18:10:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to:content-transfer-encoding; s= cryptonector.com; bh=gJVPmCOGKXOEwtgIA+oEnLxHIqs=; b=VahNqkh9UWI D9XpWeMabEPiWz9dHrTBh1yFyfzcVUTqt/u5avBAr2jT21yN8fDVOAiojM2eF55x CLv28jFWhp9Oy8B8BZ51MyAsA3X8DGRDxp9ww2rKRk+XDm5x2nu/2KxCgVkxxLT/ 4JJU2N0hLHgz7+Ecc34NS/Nz4yrUdehc=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a32.g.dreamhost.com (Postfix) with ESMTPSA id 838457FF02; Sun, 5 Apr 2020 18:10:30 -0700 (PDT)
Date: Sun, 05 Apr 2020 20:10:27 -0500
X-DH-BACKEND: pdx1-sub0-mail-a32
From: Nico Williams <nico@cryptonector.com>
To: Luke Howard <lukeh@padl.com>
Cc: "kitten@ietf.org" <kitten@ietf.org>, Jeffrey Altman <jaltman@auristor.com>, Greg Hudson <ghudson@mit.edu>
Message-ID: <20200406011026.GG18021@localhost>
References: <158604472122.27168.16112727090339772628@ietfa.amsl.com> <B2497A4F-81B3-42F9-AED1-CFECF1D9F7C0@padl.com> <20200405234929.GD18021@localhost> <38ED72E1-3361-4242-9923-C3BE61698BE0@padl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <38ED72E1-3361-4242-9923-C3BE61698BE0@padl.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduhedruddvgdeggecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfhggtggugfgjfgesthekredttderjeenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhm
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/ua8Dris-vC0tHbFvdBb6kbAvYD0>
Subject: Re: [kitten] New Version Notification for draft-howard-gss-sanon-01.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2020 01:10:47 -0000
On Mon, Apr 06, 2020 at 10:51:01AM +1000, Luke Howard wrote: > > | The means of discovering GSS-API peers and their supported mechanisms > > | is out of this specification's scope. However, when the Simple and > > | Protected Negotiation mechanism (SPNEGO) defined in [RFC4178] is > > | used, the mechanism MUST be negotiated under [I-D.zhu-negoex]. [...] > > > > Hmm, well, can this MUST be relaxed to apply only when the initiator > > supports [I-D.zhu-negoex]? Alternatively, maybe remove it. After > > all, [I-D.zhu-negoex] imposes the requirement, not this document. > > If we wish to support interoperability with SSPI for both initiators > and acceptors, then to me it makes sense to require NegoEx. We could > make the mechanism negotiable under both SPNEGO directly and NegoEx > but it seems that we should avoid that if possible in the interests of > simplicity. Although SAnon could be deployed as a pluggable mechanism, > in reality I imagine it will arrive after shipping NegoEx (both MIT > and Heimdal have it). All I'm saying is that where a GSS implementation doesn't support NegoEx there should not be a requirement that NegoEx be used. Relaxing the requirement this way will make it possible for SAnon to progress without having to also progress NegoEx. > > | The selection of SAnon is subject to local policy. [...] > > > > Did you mean, its selection via SPNEGO/NegoEx? But apps can use > > GSS_Set_neg_mechs(), so I'd say that selection is not a matter of > > local policy, except in any case where multiple mechanisms are > > supported by both the initiator and the acceptor, and no preference > > can be gleaned from the applications (is that possible?) > > We could say may be subject to application and/or local policy but > simpler to remove the sentence, which I have done. +1 > > In any case, I think you might want to say that when using the > > default credential and a non-anonymous target name, and when > > GSS_Set_neg_mechs() was not used (or was used and did not list > > SAnon), then SAnon MUST NOT be negotiated. > > Suggest the following text (the third case is new): > > On the first call to GSS_Init_sec_context(), the mechanism checks > for one of the following: > > The caller set anon_req_flag (GSS_C_ANON_FLAG); or > > The claimant_cred_handle identity is the well known anonymous > name; or > > The claimant_cred_handle is the default credential and targ_name > is the well known anonymous name I'd change the last item to: The claimant_cred_handle is the default credential and targ_name is an anonymous name. There's no need to say "well known anonymous name". > If neither of the above are the case, the call MUST fail with > GSS_S_UNAVAILABLE. That's three conditions, s/neither/none/ :) > I don’t think it’s necessary to point out that GSS_Set_neg_mechs() can > be used to exclude SAnon, because this is not specific to this > mechanism. Well, if GSS_Set_neg_mechs() is used to exclude SAnon then SAnon's init_sec_context() can't be invoked, so, indeed, there's no need to point that out. > Using GSS_Set_neg_mechs() to force SAnon when it would otherwise not > be used would be an abstraction violation (at lease > implementation-wise). Applications can use GSS_C_ANON_FLAG. Fair point. > > Also, phrasing it as "mechanisms that .... SHOULD be preferred" > > sounds like an update to SPNEGO/NegoEx. Indeed, the need to > > understand that SAnon cannot authenticate the acceptor to the > > initiator imposes on SPNEGO/NegoEx, so an update might be > > unavoidable. (Actually, the mech attrs mean that SPNEGO/NegoEx can know that SAnon doesn't authenticate the target.) > I suppose I was looking for some text to reflect that in our > implementation, SAnon is at the very end of the list of preferred > mechanisms (even after runtime loaded ones). Sure, so make that clear and downcase that SHOULD? > > - Section 4 > > > > It's important to state that the name as observed by the peer is > > always GSS_C_NT_ANONYMOUS. > > I’ll put this text in the GSS_C_NT_ANONYMOUS description (not sure if > it needs its own section?) and also move the text directly under > Section 4 re: names as a mechanism selection hint, to a new section. Sure. > > - Section 4.1.4 > > > > The name string displayed should either be a constant OR, better yet, > > a base64-encoded hash of the peer's DH key! The latter especially > > after context establishment. > > > > - GSS_Display_name(GSS_Canonicalize_name( > > mech=SAnon, > > name=GSS_Import_name(GSS_C_NT_ANONYMOUS, "whatever"))) > > -> "whatever" > > > > - GSS_Display_name(GSS_Inquire_context_peer_name(context)) > > -> base64_encode(hash(dh_pubkey)) > > This makes sense for a mechanism that supports non-ephemeral keys but > I believe this is out of scope for SAnon. ;) I've a feeling that even for SAnon these could be useful. Nico --
- [kitten] Fwd: New Version Notification for draft-… Luke Howard
- Re: [kitten] Fwd: New Version Notification for dr… Nico Williams
- Re: [kitten] Fwd: New Version Notification for dr… Nico Williams
- Re: [kitten] New Version Notification for draft-h… Luke Howard
- Re: [kitten] New Version Notification for draft-h… Nico Williams
- Re: [kitten] New Version Notification for draft-h… Luke Howard
- Re: [kitten] New Version Notification for draft-h… Luke Howard
- Re: [kitten] New Version Notification for draft-h… Nico Williams
- Re: [kitten] New Version Notification for draft-h… Nico Williams
- Re: [kitten] New Version Notification for draft-h… Nico Williams
- Re: [kitten] New Version Notification for draft-h… Luke Howard
- Re: [kitten] New Version Notification for draft-h… Luke Howard
- Re: [kitten] New Version Notification for draft-h… Nico Williams
- Re: [kitten] New Version Notification for draft-h… Luke Howard
- Re: [kitten] New Version Notification for draft-h… Nico Williams
- Re: [kitten] New Version Notification for draft-h… Jeffrey E Altman