IETF Logo Mail Archive

GS2 meeting material

Simon Josefsson <jas@extundo.com> Mon, 10 July 2006 09:53 UTC

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k6A9rvYo066187; Mon, 10 Jul 2006 02:53:57 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k6A9rvwk066186; Mon, 10 Jul 2006 02:53:57 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from yxa.extundo.com (178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k6A9rt1h066168 for <ietf-sasl@imc.org>; Mon, 10 Jul 2006 02:53:56 -0700 (MST) (envelope-from jas@extundo.com)
Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge1) with ESMTP id k6A9rjgP016980 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-sasl@imc.org>; Mon, 10 Jul 2006 11:53:46 +0200
X-Hashcash: 1:22:060710:ietf-sasl@imc.org::K1ps8tSQlzh6u2S4:E9D8
From: Simon Josefsson <jas@extundo.com>
To: ietf-sasl@imc.org
Subject: GS2 meeting material
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
Date: Mon, 10 Jul 2006 11:53:45 +0200
Message-ID: <87wtalyedy.fsf@latte.josefsson.org>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL, BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.1
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on yxa-iv
X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com
X-Virus-Status: Clean
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>

Hi All,

Here are slides to guide discussions regarding GS2:

http://josefsson.org/sasl-gs2/ietf66-sasl-gs2.odp
http://josefsson.org/sasl-gs2/ietf66-sasl-gs2.pdf

The open issue is channel bindings.  I'm including the proposed new
section 5 that attempts to resolve this below.  Ideally, I'd like to
reference draft-ietf-nfsv4-channel-bindings-04.txt instead to define
channel bindings in GS2.  However, d-i-n-c-b is not ready and propose
to use the client/server finished messages -- this is discussed in my
presentation, and this seem to be the main open issue.

As always, more background is available from:

http://josefsson.org/sasl-gs2/

I hope to be available in the Jabber room during the meeting.

Thanks,
Simon

5.  Channel Bindings

   The GS2 mechanism provide its own channel binding mechanism, instead
   of using the "chan_binding" parameter in the GSS-API context
   functions.  The reason for this is that the GS2 mechanism provide an
   option to proceed even if the channel bindings does not match.  The
   GSS-API framework specifies that authentication cannot proceed if
   channel bindings does not match.

   Client and servers MUST set the "chan_binding" parameter in the calls
   to GSS_Init_sec_context to GSS_Accept_sec_context, respectively, to
   NULL.

   Implementations SHOULD set the "client_cbqops" and "server_cbqops" to
   no security layer and instead depend on the session security afforded
   by the bound-in channel.

   Use of no SASL security layers in combination with channel binding
   should provide better performance than using SASL security layers
   over secure channels, and better security characteristics than using
   no SASL security layers over secure channels without channel binding.
   For more discussions of channel bindings, see [16].

   For TLS, the channel binding data is specified below.  For other
   security layers, channel binding data will have to specified
   elsewhere, and this specification will have to be updated with
   explicit considerations.

5.1.  Name Of TLS Channel For Use As Channel Binding

   The TLS Pseudo-Random Function (PRF) generate, using the constant
   string "TLS channel binding", and based on the master secret and the
   random values established during a TLS handshake, a 64 octet string
   that make up the SASL channel binding data.

   Using the terminology of TLS [13], the channel binding data is
   computed as follows:

          ChannelBinding =
             PRF(SecurityParameters.master_secret,
                "TLS channel binding",
                SecurityParameters.server_random +
                SecurityParameters.client_random) [0..64];

   The derived ChannelBinding is intended to be used as a name of the
   TLS channel that is cryptographically bound to the channel, for use
   in authentication mechanisms tunneled over TLS.

v2.23.0 | Report a Bug | By Email