Re: [nfsv4] Last call start for "RPCSEC_GSS Version 2"
Nicolas Williams <Nicolas.Williams@sun.com> Sat, 14 June 2008 00:25 UTC
Return-Path: <nfsv4-bounces@ietf.org>
X-Original-To: nfsv4-archive@megatron.ietf.org
Delivered-To: ietfarch-nfsv4-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 96AD73A6941; Fri, 13 Jun 2008 17:25:59 -0700 (PDT)
X-Original-To: nfsv4@core3.amsl.com
Delivered-To: nfsv4@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 62B503A6941 for <nfsv4@core3.amsl.com>; Fri, 13 Jun 2008 17:25:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.988
X-Spam-Level:
X-Spam-Status: No, score=-2.988 tagged_above=-999 required=5 tests=[AWL=0.058, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FKyvsw6HlXUL for <nfsv4@core3.amsl.com>; Fri, 13 Jun 2008 17:25:57 -0700 (PDT)
Received: from brmea-mail-4.sun.com (brmea-mail-4.Sun.COM [192.18.98.36]) by core3.amsl.com (Postfix) with ESMTP id 128673A6774 for <nfsv4@ietf.org>; Fri, 13 Jun 2008 17:25:56 -0700 (PDT)
Received: from dm-central-02.central.sun.com ([129.147.62.5]) by brmea-mail-4.sun.com (8.13.6+Sun/8.12.9) with ESMTP id m5E0QT2A014970 for <nfsv4@ietf.org>; Sat, 14 Jun 2008 00:26:29 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id m5E0QSP3023074 for <nfsv4@ietf.org>; Fri, 13 Jun 2008 18:26:28 -0600 (MDT)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1) with ESMTP id m5E0QRie020744; Fri, 13 Jun 2008 19:26:27 -0500 (CDT)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1/Submit) id m5E0QRdw020743; Fri, 13 Jun 2008 19:26:27 -0500 (CDT)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Fri, 13 Jun 2008 19:26:27 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Mike Eisler <mre-ietf@eisler.com>
Message-ID: <20080614002626.GP2735@Sun.COM>
Mail-Followup-To: Mike Eisler <mre-ietf@eisler.com>, nfsv4@ietf.org
References: <559831BE-8E35-43E4-911C-EE570E511C38@Sun.COM> <20080613190050.GT2735@Sun.COM> <38432.198.95.226.230.1213389346.squirrel@webmail.eisler.com>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <38432.198.95.226.230.1213389346.squirrel@webmail.eisler.com>
User-Agent: Mutt/1.5.7i
Cc: nfsv4@ietf.org
Subject: Re: [nfsv4] Last call start for "RPCSEC_GSS Version 2"
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: nfsv4-bounces@ietf.org
Errors-To: nfsv4-bounces@ietf.org
On Fri, Jun 13, 2008 at 01:35:46PM -0700, Mike Eisler wrote: > > On Fri, June 13, 2008 12:00 pm, Nicolas Williams wrote: > > On Mon, Jun 02, 2008 at 11:30:43PM -0500, Spencer Shepler wrote: > >> http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-rpcsec-gss-v2-03.txt > > > > There's a rather minor, but easy to fix attack on RPCSEC_GSSv2 as > > described in -03. > > > > I started wondering what kind of games an attacker could play with the > > RPCSEC_GSS version number. I think an MITM could modify RPCs from a v1 > > client, talking to a v2 server, to set the RPCSEC_GSS version to 2, and > > in the process obtain a few MICs that it might, by sheer luck, cause the > > server to accept in the channel binding portion of the protocol. > > I'm not seeing it. The MIC in the verifier of both v1 and v2 > of RPCSEC_GSS is compute from the RPC header "up to and including > the credential" The version number in the context token exchange messages is not protected. So: - a v1 client - an MITM - a v1 and v2 server - the MITM intercepts the client's v1 context token messages and changes the version number to 2 before forwarding to the server, and changes the version number back to 1 in the replies from the server - neither the client nor the server notice - eventually the context is established and the client sends its first RPC protected by the established handle - this RPC is bound to fail since the verifier MIC'ed data includes the credential, which includes the RPCSEC_GSS version number - but the MITM is an optimist, and so the MITM formats an RPCSEC_GSS_BIND_CHANNEL RPC using the verifier from the client's RPC, and then forwards this to the server in the hopes that there's a collision - most likely the MITM's RPC fails, so the MITM send back garbage to the client and hopes the client will try again - lather, rinse, repeat until collision happens, at which point the MITM closes the connection to the client and then proceeds to impersonate the client to the server, since at this point the handle is bound to the MITM's channel with the server. The client sees lots of failures, perhaps, from its p.o.v., due to network problems. The server sees lots of failures too. But finnally a success. > Since the credential contains the RPCSEC_GSS version number (field > rgc_version below) the RPCSEC_GSS target will reject the MITM's > modified RPCs. The version number in the context token exchange is the one that must be protected. Nico -- _______________________________________________ nfsv4 mailing list nfsv4@ietf.org https://www.ietf.org/mailman/listinfo/nfsv4
- [nfsv4] Last call start for "RPCSEC_GSS Version 2" Spencer Shepler
- Re: [nfsv4] Last call start for "RPCSEC_GSS Versi… Mike Eisler
- Re: [nfsv4] Last call start for "RPCSEC_GSS Versi… Nicolas Williams
- Re: [nfsv4] Last call start for "RPCSEC_GSS Versi… Nicolas Williams
- Re: [nfsv4] Last call start for "RPCSEC_GSS Versi… Nicolas Williams
- Re: [nfsv4] Last call start for "RPCSEC_GSS Versi… Mike Eisler
- Re: [nfsv4] Last call start for "RPCSEC_GSS Versi… Mike Eisler
- Re: [nfsv4] Last call start for "RPCSEC_GSS Versi… Nicolas Williams
- Re: [nfsv4] Last call start for "RPCSEC_GSS Versi… Mike Eisler
- Re: [nfsv4] Last call start for "RPCSEC_GSS Versi… Nicolas Williams
- Re: [nfsv4] Last call start for "RPCSEC_GSS Versi… Mike Eisler
- Re: [nfsv4] Last call start for "RPCSEC_GSS Versi… Spencer Shepler