IETF Logo Mail Archive

Re: [kitten] I-D Action: draft-ietf-kitten-rfc6112bis-01.txt

Shawn M Emery <shawn.emery@oracle.com> Tue, 16 August 2016 04:10 UTC

Return-Path: <shawn.emery@oracle.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 911C0126579 for <kitten@ietfa.amsl.com>; Mon, 15 Aug 2016 21:10:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.467
X-Spam-Level:
X-Spam-Status: No, score=-5.467 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.247, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J3SH94slV-c9 for <kitten@ietfa.amsl.com>; Mon, 15 Aug 2016 21:10:42 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 121EA124281 for <kitten@ietf.org>; Mon, 15 Aug 2016 21:10:42 -0700 (PDT)
Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u7G4AfD6008461 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <kitten@ietf.org>; Tue, 16 Aug 2016 04:10:41 GMT
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserv0021.oracle.com (8.13.8/8.13.8) with ESMTP id u7G4AeIv020742 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <kitten@ietf.org>; Tue, 16 Aug 2016 04:10:40 GMT
Received: from abhmp0002.oracle.com (abhmp0002.oracle.com [141.146.116.8]) by userv0121.oracle.com (8.13.8/8.13.8) with ESMTP id u7G4AcTU012084 for <kitten@ietf.org>; Tue, 16 Aug 2016 04:10:40 GMT
Received: from [10.159.97.80] (/10.159.97.80) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 15 Aug 2016 21:10:38 -0700
From: Shawn M Emery <shawn.emery@oracle.com>
To: kitten@ietf.org
References: <20160726193833.30872.31544.idtracker@ietfa.amsl.com> <57A0C96F.3010606@mit.edu>
Message-ID: <cea4402d-728c-f6e2-6685-b8874cf8ea00@oracle.com>
Date: Mon, 15 Aug 2016 22:12:47 -0600
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Thunderbird/45.1.0
MIME-Version: 1.0
In-Reply-To: <57A0C96F.3010606@mit.edu>
Content-Type: multipart/alternative; boundary="------------CD98438D3BA44AD43B597C40"
X-Source-IP: aserv0021.oracle.com [141.146.126.233]
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/xXXOog3yLb8lMqDeI_PkacdNjOQ>
Subject: Re: [kitten] I-D Action: draft-ietf-kitten-rfc6112bis-01.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Aug 2016 04:10:43 -0000

Thanks for your review.  Comments in-line.

On 08/ 2/16 10:25 AM, Greg Hudson wrote:
> On 07/26/2016 03:38 PM,internet-drafts@ietf.org  wrote:
>> 	Filename        : draft-ietf-kitten-rfc6112bis-01.txt
> This revision appears to be editorial, and would be unlikely to affect
> an implementation.  I do not have any substantive protocol concerns, but
> I do have some minor issues with some of the new wording.
>
> In section 7, "To ensure that an attacker cannot create a channel with a
> given name" was changed to "To ensure that an attacker cannot create a
> channel by observing exchanges."  The original wording may have used
> "name" in a non-intuitive way, but I think the new wording is more
> wrong.  The threat is that a MITM attacker might create two channels
> with the same ticket session key (known to the attacker); the new
> wording suggests that the threat comes from a passive attacker.

Yes, the key word "observing" indicates a passive state.  How about?:

To ensure that an attacker cannot create a channel by obtaining key 
exchanges between the client and KDC, it is desirable that neither the 
KDC nor the client unilaterally determine the ticket session key.

> In this text:
>
>      Such authorization data, if included in the anonymous ticket, would
>      disclose the that the client is a member of the group observed.	
>
> After the changes, there is an extra "the" before "that".

Done.

> In this new block of text:
>
>      This protocol provides a binding between the party which
>      generated the session key and the DH exchange used to generate
>      they reply key.  Hypothetically, if the KDC did not use
>      PA-PKINIT-KX, the client and KDC would perfrom a DH key
>      exchange to determine a shared key, and that key would be used
>      as a reply key.  The KDC would then generate a ticket with a
>      session key encrypting the reply with the DH agreement.  A MITM
>      attacker would just decrypt the session key + ticket using the
>      DH key from the attacker and KDC DH exchange, and re-encrypt it
>      using the key from the attacker and client DH exchange, while
>      keeping a copy of the session key and ticket.  By requiring the
>      session key in a way that can be verified by the client, this
>      protocol binds the ticket to the DH exchange and prevents the
>      MITM attack.
>
> "perfrom" should be "perform".  "session key + ticket" should be
> "session key and ticket".

Done.

> It might be clearer to say "attacker-KDC DH
> exchange" than "attacker and KDC DH exchange", and similarly
> "attacker-client DH exchange".

Agreed.

> "By requiring the session key in a way that..." is not grammatical.
>

How about?:

This protocol binds the ticket to the DH exchange and prevents the MITM 
attack by requiring the session key in a way that can be verified by the 
client.

Thanks again for your review.

Shawn.
--

v2.23.0 | Report a Bug | By Email