Re: Where to specify details of channel bindings
Simon Josefsson <jas@extundo.com> Fri, 02 December 2005 10:07 UTC
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id jB2A7oXd089739; Fri, 2 Dec 2005 02:07:50 -0800 (PST) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id jB2A7oh7089738; Fri, 2 Dec 2005 02:07:50 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from yxa.extundo.com (root@178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.12.11/8.12.9) with ESMTP id jB2A7nkL089729 for <ietf-sasl@imc.org>; Fri, 2 Dec 2005 02:07:49 -0800 (PST) (envelope-from jas@extundo.com)
Received: from latte.josefsson.org (jas@yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3) with ESMTP id jB2A7kaC011870 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <ietf-sasl@imc.org>; Fri, 2 Dec 2005 11:07:46 +0100
From: Simon Josefsson <jas@extundo.com>
To: ietf-sasl@imc.org
Subject: Re: Where to specify details of channel bindings
References: <iluiru9403d.fsf@latte.josefsson.org> <20051202030944.GA21090@binky.Central.Sun.COM>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:21:051202:ietf-sasl@imc.org::7mxDtbL0r7TqkxiT:Ixg0
Date: Fri, 02 Dec 2005 11:07:45 +0100
In-Reply-To: <20051202030944.GA21090@binky.Central.Sun.COM> (Nicolas Williams's message of "Thu, 1 Dec 2005 21:09:45 -0600")
Message-ID: <iluu0dr24ni.fsf@latte.josefsson.org>
User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.0
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on yxa-iv
X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on yxa.extundo.com
X-Virus-Status: Clean
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Nicolas Williams <Nicolas.Williams@sun.com> writes: > On Thu, Dec 01, 2005 at 10:51:02AM +0100, Simon Josefsson wrote: >> I started working on text in GS2 that would give guidance on exactly >> what channel binding data to specify when running under TLS. It >> occurred to me that this isn't specific for GS2. DIGEST-MD5 could use >> similar channel binding data guidance. > > For TLS the answer is quite simple: the concatenation of the client and > server finished messages, in that order. > > See: > > draft-ietf-kitten-gssapi-channel-bindings-01.txt > draft-ietf-nfsv4-channel-bindings-03.txt Oh. Interesting. I note that other conceivable channel bindings for TLS are possible. Extracting the client/server finished messages from a TLS library is not generally possible. Accessing the TLS PRF is not generally possible, but I believe using this approach would be cleaner. It would also make sure we are deriving new material used only for this particular SASL authentication, instead of re-using data meant for other purposes. >> I haven't thought through the following completely, but thought I >> should mention it to see if I have hit upon something useful. >> >> Shouldn't the core document specify that if SASL is used below TLS, >> and the SASL mechanism support channel bindings, the channel binding >> must include the TLS session id? > > s/below/above/? > > Anyways, no, TLS session IDs are not strongly bound to TLS channels. Right. >> It could be argued that the channel binding problem is inherent in >> SASL itself, and not specific to any mechanism. That would argue for >> fixing it in the core document. >> >> Other recommendations, for e.g. IPSEC channel bindings could be added >> too, but as far as I know, SASL over IPSEC isn't sufficiently widely >> used to let us make a informed choice. There is also a larger layer >> violation in getting the IPSEC session id into the SASL library, or >> even worse, every SASL mechanism. > > I agree, I think we could generalize the above drafts a bit, so they are > applicable to SASL. See section 4.2 of draft-ietf-nfsv4-channel- > bindings-03.txt. Ah, I see. > The bigger problem is negotiation of use of channel bindings. > > Particularly when it comes to channels for which channel bindings will > be specified later, as opposed to now, or for which channel bindings are > difficult to obtain with existing implementations' interfaces. > > E.g., client uses channel bindings to channel XYZ, the server is unaware > of the channel or can't get bindings for it, so it does not provide > channel bindings to the mechanism --> context establishment fails. > > What we want from channel bindings is: to know whether the binding > succeeded so the app can choose to eschew session protection at the > higher layer. It's OK if channel binding fails but context > establishment succeeds, AS LONG AS the application knows the binding > failed and so can choose how to proceed. > > But the GSS-API doesn't provide this information -- it's all or nothing. > > So in pure GSS-API contexts we'll be resorting to stacking a pseudo- > mechanism whose primary purpose is to indicate willingness to do channel > binding at mechanism negotiation time. But in SASL/GS2 context we can > do better. Ouch. This is a serious problem. Couldn't SASL/GS2 use the pseudo-mechanism to solve this problem, though? Is the channel bind negotiator pseudo-mechanism too inefficient? I'm thinking that we should avoid duplicating work that is already available. Thanks, Simon
- Re: Where to specify details of channel bindings Simon Josefsson
- Re: Where to specify details of channel bindings Nicolas Williams
- Re: Where to specify details of channel bindings Simon Josefsson
- Re: Where to specify details of channel bindings Nicolas Williams
- Re: Where to specify details of channel bindings Simon Josefsson
- Re: Where to specify details of channel bindings Nicolas Williams
- Re: Where to specify details of channel bindings Simon Josefsson
- Re: Where to specify details of channel bindings Nicolas Williams
- Re: Where to specify details of channel bindings Simon Josefsson
- Re: Where to specify details of channel bindings Simon Josefsson
- Re: Where to specify details of channel bindings Nicolas Williams
- Re: Where to specify details of channel bindings Nicolas Williams
- Re: Where to specify details of channel bindings Chris Newman