[Ietf-krb-wg] preauth-framework-10 comments
Love Hörnquist Åstrand <lha@kth.se> Wed, 29 April 2009 22:19 UTC
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com
Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2CB9028C28E for <ietfarch-krb-wg-archive@core3.amsl.com>; Wed, 29 Apr 2009 15:19:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PTya74eB6Bah for <ietfarch-krb-wg-archive@core3.amsl.com>; Wed, 29 Apr 2009 15:19:55 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 294933A6F07 for <krb-wg-archive@lists.ietf.org>; Wed, 29 Apr 2009 15:19:55 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 9D59036; Wed, 29 Apr 2009 17:21:17 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 363D521; Wed, 29 Apr 2009 17:21:13 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 00A2480DFD; Wed, 29 Apr 2009 17:21:13 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id C276E80DF1 for <ietf-krb-wg@lists.anl.gov>; Wed, 29 Apr 2009 17:21:11 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id B365BD; Wed, 29 Apr 2009 17:21:11 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.ctd.anl.gov (Postfix) with ESMTP id B019517 for <ietf-krb-wg@anl.gov>; Wed, 29 Apr 2009 17:21:11 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id A9E54D for <ietf-krb-wg@anl.gov>; Wed, 29 Apr 2009 17:21:11 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 710667CC076; Wed, 29 Apr 2009 17:21:11 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 21064-04; Wed, 29 Apr 2009 17:21:11 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 433A17CC075 for <ietf-krb-wg@anl.gov>; Wed, 29 Apr 2009 17:21:11 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ah8BAG9v+EmC7SCvkWdsb2JhbACWawEBAQEJCwoHEQW4U4N1BQ
X-IronPort-AV: E=Sophos;i="4.40,268,1238994000"; d="scan'208";a="26484834"
Received: from smtp-1.sys.kth.se ([130.237.32.175]) by mailgateway.anl.gov with ESMTP; 29 Apr 2009 17:21:10 -0500
Received: from localhost (localhost [127.0.0.1]) by smtp-1.sys.kth.se (Postfix) with ESMTP id 6635B155B00 for <ietf-krb-wg@anl.gov>; Thu, 30 Apr 2009 00:21:09 +0200 (CEST)
X-Virus-Scanned: by amavisd-new at kth.se
Received: from smtp-1.sys.kth.se ([127.0.0.1]) by localhost (smtp-1.sys.kth.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP id HPMUYcGNwurN for <ietf-krb-wg@anl.gov>; Thu, 30 Apr 2009 00:21:04 +0200 (CEST)
Received: from [10.0.0.117] (unknown [63.83.115.122]) by smtp-1.sys.kth.se (Postfix) with ESMTP id 0D91215589C for <ietf-krb-wg@anl.gov>; Thu, 30 Apr 2009 00:21:01 +0200 (CEST)
From: Love Hörnquist Åstrand <lha@kth.se>
Message-Id: <E5C46292-E00A-4B6F-8AB3-4C0D75EA4EAD@kth.se>
Date: Wed, 29 Apr 2009 15:15:18 -0700
Mime-Version: 1.0 (Apple Message framework v1058)
To: Kerberos-wg - <ietf-krb-wg@anl.gov>
X-Mailer: Apple Mail (2.1058)
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Subject: [Ietf-krb-wg] preauth-framework-10 comments
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: ietf-krb-wg-bounces@lists.anl.gov
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
KDC-REQ-BODY should be optional in AS-REQ, "Typically, a client will know that FAST is being used before a request containing PA-FX-FAST is sent.", there is no need to provide backward compatibility with the KDC. Consider a client that want to us RFC4556, but also for privacy reason want to not expose the outer KDC-REQ-BODY, by sending a privacy version of the request (dummy values), RFC4556 will sign the outer non unique message and there will be no real binding between the REQ-BODY and padata. My conclusion is that rfc4556 is incompatible with FAST is outer and inner KDC-REQ-BODY is different. Lets make KDC-REQ-BODY OPTIONAL. So RFC4556 needs to be updated as FAST factor ? Love _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg
- [Ietf-krb-wg] preauth-framework-10 comments Love Hörnquist Åstrand