[Ietf-krb-wg] Interop issues related to TGS subkeys
ghudson@MIT.EDU Tue, 19 May 2009 23:44 UTC
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com
Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ABB543A6B88 for <ietfarch-krb-wg-archive@core3.amsl.com>; Tue, 19 May 2009 16:44:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jEcQkUmyHyCG for <ietfarch-krb-wg-archive@core3.amsl.com>; Tue, 19 May 2009 16:44:01 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 687553A67D1 for <krb-wg-archive@lists.ietf.org>; Tue, 19 May 2009 16:44:01 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 3936E35; Tue, 19 May 2009 18:45:38 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 7C1BE80; Tue, 19 May 2009 18:45:33 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 73DDC80E02; Tue, 19 May 2009 18:45:33 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 28F5D80E01 for <ietf-krb-wg@lists.anl.gov>; Tue, 19 May 2009 18:45:31 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 088C47CC056; Tue, 19 May 2009 18:45:31 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05666-08-2; Tue, 19 May 2009 18:45:30 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id BB2497CC059 for <ietf-krb-wg@lists.anl.gov>; Tue, 19 May 2009 18:45:30 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ag4CAN7hEkoSBwdQkWdsb2JhbACNegGIXXwBAQEBCQsKBxEFpxeHUYhOgkOBPwU
X-IronPort-AV: E=Sophos;i="4.41,218,1241413200"; d="scan'208";a="27181878"
Received: from biscayne-one-station.mit.edu ([18.7.7.80]) by mailgateway.anl.gov with ESMTP; 19 May 2009 18:45:13 -0500
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id n4JNjAFb015497 for <ietf-krb-wg@lists.anl.gov>; Tue, 19 May 2009 19:45:10 -0400 (EDT)
Received: from localhost (EQUAL-RITES.MIT.EDU [18.18.1.59]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id n4JNj9AT013187 for <ietf-krb-wg@lists.anl.gov>; Tue, 19 May 2009 19:45:10 -0400 (EDT)
Date: Tue, 19 May 2009 19:45:09 -0400
From: ghudson@MIT.EDU
Message-Id: <200905192345.n4JNj9AT013187@outgoing.mit.edu>
To: ietf-krb-wg@lists.anl.gov
X-Scanned-By: MIMEDefang 2.42
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Subject: [Ietf-krb-wg] Interop issues related to TGS subkeys
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-krb-wg-bounces@lists.anl.gov
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
During the testing process of MIT krb5's new release, we discovered some interoperability issues surrounding the use of subkeys with TGS requests. This note is primarily to save other implementors time, although the second problem points out an omission in RFC 4120. This list may not be exhaustive; there is a third potential problem area which Sam and I plan to investigate over the next week or so, but we don't yet know of a specific interoperability issue yet. I'll report back if we turn anything up. 1. tgs-req subkeys + RC4 keys = key usage issue RFC 4757 specifies: 9. TGS-REP encrypted part (includes application session key), encrypted with the TGS authenticator subkey (T=8) However, this appears to be a typo; the actual key usage value used by AD 2003 or AD 2008 is 9. Clients are only harmed by this issue if they use subkeys in tgs-reqs. My suggested workaround: KDCs should encrypt replies to TGS requests containing subkeys with key usage 9 to match the AD behavior; clients using subkeys in tgs-reqs should attempt to decrypt responses with key usage 9, but on failure should try again with key usage 8 in case they are talking to a Heimdal or pre-1.7 MIT KDC. 2. tgs-req subkeys + keyed checkum types = checksum key ambiguity RFC 4120 is silent about what key should be used to construct and verify ap-req checksums, including the checksums in a tgs-req. MIT and Heimdal both use the TGS session key whether or not there is a subkey in the tgs-req, but AD 2003 only accepts a checksum keyed with the subkey if one is present. (That's experimentally true for RC4 keys. One can't safely use keyed checksum types with DES keys for other reasons, so we haven't tested it.) Experimentally, AD 2008 will accept a checksum keyed with the TGS session key (with either AES or RC4 keytypes), so it is safe to use keyed checksum types in combination with subkeys when the key type is AES. I recommend against clients using keyed checksum types with RC4 keys if the client is also using tgs-req subkeys. (For completeness, I will note that RFC 4757 specifies: 6. TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed with the TGS session key (T=6) However, that RFC is informational and exists to document RC4 in Kerberos, not Kerberos itself.) _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg
- [Ietf-krb-wg] Interop issues related to TGS subke… ghudson
- Re: [Ietf-krb-wg] Interop issues related to TGS s… Jeffrey Hutzelman
- Re: [Ietf-krb-wg] Interop issues related to TGS s… ghudson
- Re: [Ietf-krb-wg] Interop issues related to TGS s… ghudson
- [Ietf-krb-wg] Interop issues related to TGS subke… Larry Zhu