IETF Logo Mail Archive

[kitten] intended status and Updates: 4120 for draft-ietf-kitten-krb-auth-indicator-02

Benjamin Kaduk <kaduk@mit.edu> Thu, 17 November 2016 07:13 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63B3C129582; Wed, 16 Nov 2016 23:13:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.718
X-Spam-Level:
X-Spam-Status: No, score=-5.718 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xgeZEa4qBz22; Wed, 16 Nov 2016 23:13:55 -0800 (PST)
Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D51C8129575; Wed, 16 Nov 2016 23:13:51 -0800 (PST)
X-AuditID: 12074424-22fff70000006e17-55-582d58acaf15
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id CF.93.28183.CA85D285; Thu, 17 Nov 2016 02:13:50 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id uAH7Dm6S004233; Thu, 17 Nov 2016 02:13:48 -0500
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id uAH7DiT0002378 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 17 Nov 2016 02:13:47 -0500
Date: Thu, 17 Nov 2016 01:13:44 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Nathaniel McCallum <npmccallum@redhat.com>
Message-ID: <20161117071344.GO86797@kduck.kaduk.org>
References: <alpine.GSO.1.10.1609251734290.5272@multics.mit.edu> <c0921ba3-7b3e-4716-736b-b73518dafe93@mit.edu> <1475081412.9001.8.camel@redhat.com> <alpine.GSO.1.10.1609292358310.5272@multics.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <alpine.GSO.1.10.1609292358310.5272@multics.mit.edu>
User-Agent: Mutt/1.6.1 (2016-04-27)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrAIsWRmVeSWpSXmKPExsUixCmqrbsuQjfCYNdCTovDN3axWxzdvIrF Yu7XWawOzB5Llvxk8ni/7ypbAFMUl01Kak5mWWqRvl0CV8aydzcYCxp4K86t28DWwHiaq4uR k0NCwERiytKnbF2MXBxCAm1MEguP32SCcDYyStybc5AZwrnKJPFjyWkmkBYWAVWJt53XWUBs NgEViYbuy8wgtoiAnsSyfRMYQWxmASeJ5xuvsoLYwgIREv+mLwar5wVad/haB1iNkMB5RonF 990g4oISJ2c+YYHo1ZK48e8l0C4OIFtaYvk/DpAwp4CjxOmjM9lAbFEBZYmGGQ+YJzAKzELS PQtJ9yyE7gWMzKsYZVNyq3RzEzNzilOTdYuTE/PyUot0zfVyM0v0UlNKNzGCApbdRWUHY3eP 9yFGAQ5GJR5eiSKdCCHWxLLiytxDjJIcTEqivGHmuhFCfEn5KZUZicUZ8UWlOanFhxglOJiV RHhFgoByvCmJlVWpRfkwKWkOFiVxXgb3r+FCAumJJanZqakFqUUwWRkODiUJXmNgZAoJFqWm p1akZeaUIKSZODhBhvMADTcFqeEtLkjMLc5Mh8ifYlSUEue9FAKUEABJZJTmwfWCEopE9v6a V4ziQK8I82aHA1XxAJMRXPcroMFMQIP3COiADC5JREhJNTCKdM7YvqIvauanqp39Ld6+8v89 LZf+61y1saRUfe7shJfzNi8ruMfrfSFN0Dgi9C7ns17jX1lvp/e6v7PTDFGTYD6Yo9yVfm9F 5sOjbKce6OXnBedIrzE6aCjImdW00+ez3XqP1z6SbbmOVjUr+uR+vU307Zzjqv/J+x5351PV +gazsgPvnymxFGckGmoxFxUnAgDMu3+9AwMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/wcfxjKS9nn97SLX1Hzl5JWTWHOc>
Cc: kitten@ietf.org, draft-ietf-kitten-krb-auth-indicator@ietf.org
Subject: [kitten] intended status and Updates: 4120 for draft-ietf-kitten-krb-auth-indicator-02
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2016 07:13:56 -0000

Sorry for the long silence on this one; certain checklist steps
essentially require contiguous blocks of time that are sometimes hard
to come by.

One of the checklist items is to look at the intended status and any
documents updated by the draft; in a look through the archives it seems
that we never explicitly mentioned that this draft is labelled as
targetting Standards-Track and is marked as Updating RFC 4120.

I think that Standards-Track is fine, and there is not full agreement
in the IETF as to what exactly the "Updates" tag means (long thread at
https://www.ietf.org/mail-archive/web/wgchairs/current/msg14618.html).
The argument for keeping the "Updates" tag would be that it is adding
a new AD type that we want implementations of 4120 to also implement
(CAMMAC has a stronger argument for "Updates" since it replaces
KDC-ISSUED).

My default action is to leave the document as-is, with target status
of Standards-Track and Updates: 4120, but in lieu of having this
be part of a formal WGLC, I will explicitly call it out on the WG
list in case there are objections.


On Fri, Sep 30, 2016 at 12:01:58AM -0400, Benjamin Kaduk wrote:
> 
> I do have one question, though: the new version says that the CAMMAC
> requirement "exists to provide integrity protection from man-in-the-middle
> attacks", which is a bit odd, since AuthorizationData appear within the
> EncTicketPart (and the auth-indicator is not expected to appear "bare" in
> KDC-REQ or Authenticators, since it is supposed to be KDC-issued).  So,
> unfortunately, that sentence still leaves me confused.

I think this comment remains unaddressed.

-Ben

v2.23.0 | Report a Bug | By Email