IETF Logo Mail Archive

Re: [kitten] New Version Notification for draft-howard-gss-sanon-01.txt

Luke Howard <lukeh@padl.com> Mon, 06 April 2020 00:51 UTC

Return-Path: <lukeh@padl.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3356A3A0A47 for <kitten@ietfa.amsl.com>; Sun, 5 Apr 2020 17:51:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=padl.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id juQLKSKS4lld for <kitten@ietfa.amsl.com>; Sun, 5 Apr 2020 17:51:42 -0700 (PDT)
Received: from us.padl.com (us.padl.com [216.154.215.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09F693A0A1D for <kitten@ietf.org>; Sun, 5 Apr 2020 17:51:41 -0700 (PDT)
Received: by us.padl.com with ESMTP id 0360p3bV025599; Mon, 6 Apr 2020 00:51:08 GMT
DKIM-Filter: OpenDKIM Filter v2.11.0 us.padl.com 0360p3bV025599
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=padl.com; s=default; t=1586134269; bh=6Vg6RLJcRoJXCd2jswuz2nGx6F37ZGzTsAXplDOCy1I=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=wqU70IlY9Fjrsh7dXS6OeHHNIQcwQSy8MoGeJxqFgX2ya73uxGARlGDZ7Ur37sxzs L/p25t1yvIX9/YFSwF2+v1CVjUCIMpK7na7fKB+rc83W+0pX8+PwGATb7ZUNLVNclE MP3oP6Cjw79Ct1NbLdTcUOys6EA9ES2C6B8/EmHfIw8ZYQcDUmiKbt0mXw6kxwStQ5 1DJjapB4qrasO29JBrzJuc85KHtUzJdMHjZ7RmRtwb/VL6nVth0gcrHE64qlNkkB6T JyrBT/Y/OWLzaMXHj986fD1wBw3oWAUMUdAvShuFdEUMtAGo7nAhjsZLu6xXTdynM+ hiMNoPbZMq7Nw==
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Luke Howard <lukeh@padl.com>
In-Reply-To: <20200405234929.GD18021@localhost>
Date: Mon, 06 Apr 2020 10:51:01 +1000
Cc: "kitten@ietf.org" <kitten@ietf.org>, Jeffrey Altman <jaltman@auristor.com>, Greg Hudson <ghudson@mit.edu>
Content-Transfer-Encoding: quoted-printable
Message-Id: <38ED72E1-3361-4242-9923-C3BE61698BE0@padl.com>
References: <158604472122.27168.16112727090339772628@ietfa.amsl.com> <B2497A4F-81B3-42F9-AED1-CFECF1D9F7C0@padl.com> <20200405234929.GD18021@localhost>
To: Nicolas Williams <nico@cryptonector.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/ujekntMg0TK2veenUNFkZ3aKLjI>
Subject: Re: [kitten] New Version Notification for draft-howard-gss-sanon-01.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2020 00:51:44 -0000

Hi Nico,

Thanks for your feedback as usual!

> |  The means of discovering GSS-API peers and their supported mechanisms
> |  is out of this specification's scope.  However, when the Simple and
> |  Protected Negotiation mechanism (SPNEGO) defined in [RFC4178] is
> |  used, the mechanism MUST be negotiated under [I-D.zhu-negoex].  [...]
> 
>   Hmm, well, can this MUST be relaxed to apply only when the initiator
>   supports [I-D.zhu-negoex]?  Alternatively, maybe remove it.  After
>   all, [I-D.zhu-negoex] imposes the requirement, not this document.

If we wish to support interoperability with SSPI for both initiators and acceptors, then to me it makes sense to require NegoEx. We could make the mechanism negotiable under both SPNEGO directly and NegoEx but it seems that we should avoid that if possible in the interests of simplicity. Although SAnon could be deployed as a pluggable mechanism, in reality I imagine it will arrive after shipping NegoEx (both MIT and Heimdal have it).

> |  The selection of SAnon is subject to local policy.  [...]
> 
>   Did you mean, its selection via SPNEGO/NegoEx?  But apps can use
>   GSS_Set_neg_mechs(), so I'd say that selection is not a matter of
>   local policy, except in any case where multiple mechanisms are
>   supported by both the initiator and the acceptor, and no preference
>   can be gleaned from the applications (is that possible?)

We could say may be subject to application and/or local policy but simpler to remove the sentence, which I have done.

>   In any case, I think you might want to say that when using the
>   default credential and a non-anonymous target name, and when
>   GSS_Set_neg_mechs() was not used (or was used and did not list
>   SAnon), then SAnon MUST NOT be negotiated.

Suggest the following text (the third case is new):

   On the first call to GSS_Init_sec_context(), the mechanism checks
   for one of the following:

      The caller set anon_req_flag (GSS_C_ANON_FLAG); or

      The claimant_cred_handle identity is the well known anonymous
      name; or

      The claimant_cred_handle is the default credential and targ_name
      is the well known anonymous name

   If neither of the above are the case, the call MUST fail with
   GSS_S_UNAVAILABLE.

I don’t think it’s necessary to point out that GSS_Set_neg_mechs() can be used to exclude SAnon, because this is not specific to this mechanism.

Using GSS_Set_neg_mechs() to force SAnon when it would otherwise not be used would be an abstraction violation (at lease implementation-wise). Applications can use GSS_C_ANON_FLAG.

> |                                              [...].  If anonymity is
> |  not desired, mechanisms that provide authentication SHOULD be
> |  preferred.  [...]
> 
>   Hmm, I'd say that if "anonymity is not desired" then SAnon MUST NOT
>   be used.

Fixed.

>   Also, phrasing it as "mechanisms that .... SHOULD be preferred"
>   sounds like an update to SPNEGO/NegoEx.  Indeed, the need to
>   understand that SAnon cannot authenticate the acceptor to the
>   initiator imposes on SPNEGO/NegoEx, so an update might be
>   unavoidable.

I suppose I was looking for some text to reflect that in our implementation, SAnon is at the very end of the list of preferred mechanisms (even after runtime loaded ones).

> - Section 4
> 
>   It's important to state that the name as observed by the peer is
>   always GSS_C_NT_ANONYMOUS.

I’ll put this text in the GSS_C_NT_ANONYMOUS description (not sure if it needs its own section?) and also move the text directly under Section 4 re: names as a mechanism selection hint, to a new section.

> - Section 4.1.4
> 
>   The name string displayed should either be a constant OR, better yet,
>   a base64-encoded hash of the peer's DH key!  The latter especially
>   after context establishment.
> 
>    - GSS_Display_name(GSS_Canonicalize_name(
>                         mech=SAnon,
>                         name=GSS_Import_name(GSS_C_NT_ANONYMOUS, "whatever")))
>        -> "whatever"
> 
>    - GSS_Display_name(GSS_Inquire_context_peer_name(context))
>        -> base64_encode(hash(dh_pubkey))

This makes sense for a mechanism that supports non-ephemeral keys but I believe this is out of scope for SAnon. ;)

Cheers,
Luke

v2.23.0 | Report a Bug | By Email