Re: [Ietf-krb-wg] RFC 4537 question
Ken Raeburn <raeburn@MIT.EDU> Tue, 30 December 2008 02:22 UTC
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com
Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 12C963A67B0 for <ietfarch-krb-wg-archive@core3.amsl.com>; Mon, 29 Dec 2008 18:22:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=-1.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L2i0Qj94yKPJ for <ietfarch-krb-wg-archive@core3.amsl.com>; Mon, 29 Dec 2008 18:22:36 -0800 (PST)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 911303A6999 for <krb-wg-archive@lists.ietf.org>; Mon, 29 Dec 2008 18:22:36 -0800 (PST)
Received: from mailhost.anl.gov (localhost [127.0.0.1]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 60B7A2F; Mon, 29 Dec 2008 20:22:26 -0600 (CST)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 8261A2A; Mon, 29 Dec 2008 20:22:20 -0600 (CST)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 41F9A80DDF; Mon, 29 Dec 2008 20:22:20 -0600 (CST)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id E431180D9E for <ietf-krb-wg@lists.anl.gov>; Mon, 29 Dec 2008 20:22:17 -0600 (CST)
Received: by mailhost.anl.gov (Postfix) id D42012A; Mon, 29 Dec 2008 20:22:17 -0600 (CST)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (localhost [127.0.0.1]) by localhost.ctd.anl.gov (Postfix) with ESMTP id B879D18 for <ietf-krb-wg@anl.gov>; Mon, 29 Dec 2008 20:22:17 -0600 (CST)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 99F46D for <ietf-krb-wg@anl.gov>; Mon, 29 Dec 2008 20:22:17 -0600 (CST)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 825917CC079; Mon, 29 Dec 2008 20:22:17 -0600 (CST)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11259-04; Mon, 29 Dec 2008 20:22:17 -0600 (CST)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 550207CC05D for <ietf-krb-wg@anl.gov>; Mon, 29 Dec 2008 20:22:17 -0600 (CST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AskBAA8VWUkSBwdQlGdsb2JhbACTdAEBAQEJCwgJEQWodliFBoVrhTmGRA
X-IronPort-AV: E=Sophos;i="4.36,299,1228111200"; d="scan'208";a="22738529"
Received: from biscayne-one-station.mit.edu ([18.7.7.80]) by mailgateway.anl.gov with ESMTP; 29 Dec 2008 20:22:16 -0600
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id mBU2MDCQ015328; Mon, 29 Dec 2008 21:22:14 -0500 (EST)
Received: from NOME-KING.MIT.EDU (NOME-KING.MIT.EDU [18.18.1.160]) (authenticated bits=0) (User authenticated as raeburn@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id mBU2IVee019632 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 29 Dec 2008 21:18:32 -0500 (EST)
From: Ken Raeburn <raeburn@MIT.EDU>
To: Luke Howard <lukeh@padl.com>
In-Reply-To: <57E3D46C-270A-4227-9AEC-9249E02320BD@padl.com>
References: <52A05C71-A84F-46C5-AE02-65C759E27586@padl.com> <AB1E5627D2489D45BD01B84BD5B900461499B69DC0@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com> <57E3D46C-270A-4227-9AEC-9249E02320BD@padl.com>
Message-Id: <8CCC225A-F023-4528-8D7F-C5DC7E67F5BB@mit.edu>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Mon, 29 Dec 2008 21:18:31 -0500
X-Mailer: Apple Mail (2.930.3)
X-Scanned-By: MIMEDefang 2.42
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Subject: Re: [Ietf-krb-wg] RFC 4537 question
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-krb-wg-bounces@lists.anl.gov
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
On Dec 29, 2008, at 09:46, Luke Howard wrote: > Consider the case where the ticket session key enctype is absent > from EtypeList but the server prefers that enctype over any proposed > by the client. Presumably the server is free to ignore the EtypeList > and use that enctype (even though that may mean using the ticket > session key rather than a server subkey). As far as the client is > concerned this is identical behaviour to a server that doesn't > implement RFC 4537. Yes, the spec is kind of unclear here, and I think this was an area I complained about when it was in draft status, though I didn't see the scope of it then. If the server prefers the session key or client- subkey enctype over all of those in the proposed list, it MUST NOT "negotiate" that type, but it also is not required to pick one of the others unless in prefers that other. So I see three options, none of them all that great: * Pick an enctype from the list anyways, despite it not being preferred; this seems counter-indicated by the "...and the server prefers an enctype from the client's enctype list" bit. * Don't "negotiate", and instead fall back to pre-4537 behavior, namely, using the same enctype or one known a priori to be supported (though the client might then choose not to continue talking to the server). Which essentially negates the "MUST NOT be negotiated" part, and hinges on how you define "negotiate" in this context. * Treat it as an error, and refuse to finish the authentication exchange, which seems kind of silly given that a pre-4537 implementation would succeed in authenticating (though the client might then choose not to continue talking to it). And perhaps some error code should be recommended. Of course, option #1 assumes that at least one of the indicated enctypes is known and supported by the server implementation. We should also get the spec fixed. While it's an important technical point without (IMO) a clear and obvious single solution, in terms of document changes it might be just one or two new sentences. Procedurally, I don't know if it would qualify as an erratum or if we need to republish. So, when might this come up? The only example I can come up with off the top of my head is a telnet client sending an authenticator with an AES session key, but sending a list of DES enctypes (I'm assuming here that server-supplied subkey would be used under that protocol spec) because that's all it supports for telnet encryption. The server might be configured to prefer DES over AES for this one application, but if its telnet implementation has an update to support AES, or it hasn't been updated to know about RFC 4537 (but the Kerberos library has, and enables it by default, with AES preferred over DES by default), then, maybe not. I guess the only approach that would work in this case (in the sense of letting the two parties talk) is #1 -- select an enctype from the list even if you like the session key type better. If none of the enctypes are acceptable at all (e.g., you disabled DES, or the enctypes are not recognized by the server implementation)... well, I think #2 might let the client give a better error message, and gives a more secure indication that the server can't fulfill the request than an unprotected KRB-ERROR (which I assume would be the result of #3), but that doesn't mean that's what the spec says.... Ken _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg
- [Ietf-krb-wg] RFC 4537 question Luke Howard
- Re: [Ietf-krb-wg] RFC 4537 question Larry Zhu
- Re: [Ietf-krb-wg] RFC 4537 question Luke Howard
- Re: [Ietf-krb-wg] RFC 4537 question Ken Raeburn
- Re: [Ietf-krb-wg] RFC 4537 question Larry Zhu
- Re: [Ietf-krb-wg] RFC 4537 question Luke Howard
- Re: [Ietf-krb-wg] RFC 4537 question Jeffrey Hutzelman