Re: [kitten] Question about AES mode in Kerberos
Luke Howard <lukeh@padl.com> Sun, 08 January 2023 10:45 UTC
Return-Path: <lukeh@padl.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D00EC14F719 for <kitten@ietfa.amsl.com>; Sun, 8 Jan 2023 02:45:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=padl.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l4fANsBEYfJx for <kitten@ietfa.amsl.com>; Sun, 8 Jan 2023 02:45:25 -0800 (PST)
Received: from us.padl.com (us.padl.com [216.154.215.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00F0BC14F693 for <kitten@ietf.org>; Sun, 8 Jan 2023 02:45:24 -0800 (PST)
Received: from auth (localhost [127.0.0.1]) by us.padl.com (8.14.7/8.14.7) with ESMTP id 308AjLbs011642 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <kitten@ietf.org>; Sun, 8 Jan 2023 10:45:23 GMT
DKIM-Filter: OpenDKIM Filter v2.11.0 us.padl.com 308AjLbs011642
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=padl.com; s=default; t=1673174723; bh=9KEGUzWyrgFwOc0UXiLcwD5k70+DiPsGDri8yBLidF4=; h=From:Subject:Date:References:In-Reply-To:To:From; b=FcfXmkAtuokKFnl9T/EYzNKtGMzXev6o8WidcotJJeQtmQNA5ThRYVJjjJ2LtgRVZ zpp5lscKcsA8Vw9grdOvpHlqmnWDiUpX03/jmTyX/ZaWIcJx6tspNpnl6qd5NWHMoV u/LKP6ss1hkVyoMK4xr+flMbiLU/IPNI5WB61gEKWsXp6iis1mB05kYQI+tTjumGsw gKud5E7mmTRxYyGAWKBBvBIJxqCcfRV/3xU2eeXE/NBHuxfhXhNy4YHMAOyQJP4o+E 1iWsXwD2/cuMN/DiyrXyTMqsN+d2raIezkVQkW3e9DzCbJtbfspHv36ZcMSCr6PnwB WZu0bJSYcfqTw==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Luke Howard <lukeh@padl.com>
Mime-Version: 1.0 (1.0)
Date: Sun, 08 Jan 2023 21:45:09 +1100
Message-Id: <025F7B96-C1A0-4961-812D-20E7084F4AA0@padl.com>
References: <04C2F638-A514-4FED-9554-9357A4620137@padl.com>
In-Reply-To: <04C2F638-A514-4FED-9554-9357A4620137@padl.com>
To: kitten@ietf.org
X-Mailer: iPhone Mail (20A362)
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/y4n3om_Pscqzz6NQO48YSTHFYn0>
Subject: Re: [kitten] Question about AES mode in Kerberos
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Jan 2023 10:45:29 -0000
> On 8 Jan 2023, at 11:24, Luke Howard Bentata <lukeh@padl.com> wrote: > > PS. NegoEx does RFC3961 checksums, but that’s not directly relevant here as Kerberos is never negotiated by NegoEx. It should also be safe to use draft-howard-gssapi-aead with a fixed zero nonce for NegoEx checksums, because AFAICT checksum keys are not reused (they are per-mechanism and per-direction). Having said that, the fact this is not straightforward to reason about is an argument in favour of your second and third points. Actually come to think of it, this is irrelevant as no checksum types are defined by the draft.
- [kitten] Question about AES mode in Kerberos Olga Kornievskaia
- Re: [kitten] Question about AES mode in Kerberos Jeffrey Altman
- Re: [kitten] Question about AES mode in Kerberos Olga Kornievskaia
- Re: [kitten] Question about AES mode in Kerberos Jeffrey Altman
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Steve Syfuhs (AP)
- Re: [kitten] Question about AES mode in Kerberos Luke Howard
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Paul Miller (NT)
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Olga Kornievskaia
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Luke Howard Bentata
- Re: [kitten] Question about AES mode in Kerberos Luke Howard Bentata
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Luke Howard Bentata
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Luke Howard
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Luke Howard Bentata
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Ken Hornstein
- Re: [kitten] Question about AES mode in Kerberos Olga Kornievskaia
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Luke Howard Bentata
- Re: [kitten] Question about AES mode in Kerberos Luke Howard Bentata
- Re: [kitten] Question about AES mode in Kerberos Greg Hudson
- Re: [kitten] Question about AES mode in Kerberos Luke Howard Bentata
- Re: [kitten] Question about AES mode in Kerberos Luke Howard Bentata
- Re: [kitten] Question about AES mode in Kerberos Luke Howard
- Re: [kitten] Question about AES mode in Kerberos Olga Kornievskaia
- Re: [kitten] Question about AES mode in Kerberos Luke Howard Bentata
- Re: [kitten] Question about AES mode in Kerberos Greg Hudson
- Re: [kitten] Question about AES mode in Kerberos Luke Howard
- Re: [kitten] Question about AES mode in Kerberos Olga Kornievskaia
- Re: [kitten] Question about AES mode in Kerberos Olga Kornievskaia
- Re: [kitten] Question about AES mode in Kerberos Luke Howard Bentata
- Re: [kitten] Question about AES mode in Kerberos Nico Williams
- Re: [kitten] Question about AES mode in Kerberos Nico Williams
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Question about AES mo… Nico Williams
- Re: [kitten] Question about AES mode in Kerberos Nico Williams
- Re: [kitten] Question about AES mode in Kerberos Nico Williams
- Re: [kitten] Question about AES mode in Kerberos Luke Howard
- Re: [kitten] Question about AES mode in Kerberos Luke Howard
- Re: [kitten] Question about AES mode in Kerberos Olga Kornievskaia
- Re: [kitten] Question about AES mode in Kerberos Luke Howard Bentata