GS2 meeting material
Simon Josefsson <jas@extundo.com> Mon, 10 July 2006 09:53 UTC
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k6A9rvYo066187; Mon, 10 Jul 2006 02:53:57 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k6A9rvwk066186; Mon, 10 Jul 2006 02:53:57 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from yxa.extundo.com (178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k6A9rt1h066168 for <ietf-sasl@imc.org>; Mon, 10 Jul 2006 02:53:56 -0700 (MST) (envelope-from jas@extundo.com)
Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge1) with ESMTP id k6A9rjgP016980 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-sasl@imc.org>; Mon, 10 Jul 2006 11:53:46 +0200
X-Hashcash: 1:22:060710:ietf-sasl@imc.org::K1ps8tSQlzh6u2S4:E9D8
From: Simon Josefsson <jas@extundo.com>
To: ietf-sasl@imc.org
Subject: GS2 meeting material
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
Date: Mon, 10 Jul 2006 11:53:45 +0200
Message-ID: <87wtalyedy.fsf@latte.josefsson.org>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL, BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.1
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on yxa-iv
X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com
X-Virus-Status: Clean
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Hi All, Here are slides to guide discussions regarding GS2: http://josefsson.org/sasl-gs2/ietf66-sasl-gs2.odp http://josefsson.org/sasl-gs2/ietf66-sasl-gs2.pdf The open issue is channel bindings. I'm including the proposed new section 5 that attempts to resolve this below. Ideally, I'd like to reference draft-ietf-nfsv4-channel-bindings-04.txt instead to define channel bindings in GS2. However, d-i-n-c-b is not ready and propose to use the client/server finished messages -- this is discussed in my presentation, and this seem to be the main open issue. As always, more background is available from: http://josefsson.org/sasl-gs2/ I hope to be available in the Jabber room during the meeting. Thanks, Simon 5. Channel Bindings The GS2 mechanism provide its own channel binding mechanism, instead of using the "chan_binding" parameter in the GSS-API context functions. The reason for this is that the GS2 mechanism provide an option to proceed even if the channel bindings does not match. The GSS-API framework specifies that authentication cannot proceed if channel bindings does not match. Client and servers MUST set the "chan_binding" parameter in the calls to GSS_Init_sec_context to GSS_Accept_sec_context, respectively, to NULL. Implementations SHOULD set the "client_cbqops" and "server_cbqops" to no security layer and instead depend on the session security afforded by the bound-in channel. Use of no SASL security layers in combination with channel binding should provide better performance than using SASL security layers over secure channels, and better security characteristics than using no SASL security layers over secure channels without channel binding. For more discussions of channel bindings, see [16]. For TLS, the channel binding data is specified below. For other security layers, channel binding data will have to specified elsewhere, and this specification will have to be updated with explicit considerations. 5.1. Name Of TLS Channel For Use As Channel Binding The TLS Pseudo-Random Function (PRF) generate, using the constant string "TLS channel binding", and based on the master secret and the random values established during a TLS handshake, a 64 octet string that make up the SASL channel binding data. Using the terminology of TLS [13], the channel binding data is computed as follows: ChannelBinding = PRF(SecurityParameters.master_secret, "TLS channel binding", SecurityParameters.server_random + SecurityParameters.client_random) [0..64]; The derived ChannelBinding is intended to be used as a name of the TLS channel that is cryptographically bound to the channel, for use in authentication mechanisms tunneled over TLS.
- GS2 meeting material Simon Josefsson