Re: [sasl] SCRAM as GSS-API mechanism
Jeffrey Hutzelman <jhutz@cmu.edu> Thu, 15 July 2010 15:55 UTC
Return-Path: <jhutz@cmu.edu>
X-Original-To: sasl@core3.amsl.com
Delivered-To: sasl@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E3E653A6B58 for <sasl@core3.amsl.com>; Thu, 15 Jul 2010 08:55:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o88K36p5sUWN for <sasl@core3.amsl.com>; Thu, 15 Jul 2010 08:55:20 -0700 (PDT)
Received: from smtp02.srv.cs.cmu.edu (SMTP02.SRV.CS.CMU.EDU [128.2.217.197]) by core3.amsl.com (Postfix) with ESMTP id B9C7A3A68F3 for <sasl@ietf.org>; Thu, 15 Jul 2010 08:55:20 -0700 (PDT)
Received: from [172.16.209.68] (SIRIUS.FAC.CS.CMU.EDU [128.2.216.216]) (authenticated bits=0) by smtp02.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id o6FFtT2g009314 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 15 Jul 2010 11:55:30 -0400 (EDT)
Date: Thu, 15 Jul 2010 11:55:29 -0400
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: Nicolas Williams <Nicolas.Williams@oracle.com>, Simon Josefsson <simon@josefsson.org>
Message-ID: <8FBD184310273F6E32376159@atlantis.pc.cs.cmu.edu>
In-Reply-To: <7928_1279054564_o6DKu3BO016702_20100713210015.GD20713@oracle.com>
References: <87pqyr2k8y.fsf@mocca.josefsson.org> <7928_1279054564_o6DKu3BO016702_20100713210015.GD20713@oracle.com>
X-Mailer: Mulberry/4.0.8 (Linux/x86)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Scanned-By: mimedefang-cmuscs on 128.2.217.197
Cc: sasl@ietf.org
Subject: Re: [sasl] SCRAM as GSS-API mechanism
X-BeenThere: sasl@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SASL Working Group <sasl.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sasl>, <mailto:sasl-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sasl>
List-Post: <mailto:sasl@ietf.org>
List-Help: <mailto:sasl-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sasl>, <mailto:sasl-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jul 2010 15:55:22 -0000
--On Tuesday, July 13, 2010 04:00:15 PM -0500 Nicolas Williams <Nicolas.Williams@oracle.com> wrote: > On Tue, Jul 13, 2010 at 10:35:09PM +0200, Simon Josefsson wrote: >> I cannot find anything in section 8 of SCRAM that discuss how SCRAM, as >> a GSS-API mechanism, handles a non-NULL GSS-API channel binding. Is the >> intention that this should be supported? > > The text could be clearer, but it follows from this: > > SCRAM is actually also a GSS-API mechanism. The messages are the > same, but a) the GS2 header on the client's first message and channel > binding data is excluded when SCRAM is used as a GSS-API mechanism, > and b) the RFC2743 section 3.1 initial context token header is > prefixed to the client's first authentication message (context > token). > > and from knowing GS2 and subtracting GS2's ABNF from SCRAM's, that in > the pure-GSS-API variant of SCRAM gs2-header gets re-defined from this: > > gs2-header = gs2-cbind-flag "," [ authzid ] "," > > to this: > > gs2-header = > ;; empty > > Which means that cbind-input gets re-defined from this: > > cbind-input = gs2-header [ cbind-data ] > > to this: > > cbind-input = [ cbind-data ] > > What we could, and maybe should have done, is to publish the ABNF for > SCRAM-the-pure-GSS-API-mechanism's security context tokens. > >> If it is not supported, we would be in the ironic situation that SCRAM, >> as a GSS-API mechanism, does not support channel bindings, but GS2 >> requires that in order for the GSS-API mechanism to be used under GS2. >> In other words, SCRAM cannot be used as a GSS-API mechanism for GS2. >> >> I believe it could be made to work. What is missing from SCRAM is some >> wording that says that the only supported use of channel bindings is to >> provide a GS2-compliant channel binding, e.g., on this form: > > Just a reference to RFC5554 might do. Clearly, SCRAM cannot and does > not support anything but the application-data field of > GSS-CHANNEL-BINDINGS since we did not provide an encoding of > GSS-CHANNEL-BINDINGS for SCRAM. > >> The initiator-address-type and acceptor-address-type fields of the >> GSS-CHANNEL-BINDINGS structure MUST be set to 0. The initiator- >> address and acceptor-address fields MUST be the empty string. > > Yes, this follows from the fact that SCRAM doesn't provide an encoding > of GSS-CHANNEL-BINDINGS. > >> The application-data field MUST be set to the gs2-header, excluding >> the initial [gs2-nonstd-flag ","] part, concatenated with, when a >> gs2-cb-flag of "p" is used, the application's channel binding data. > > No, absolutely not. See above. The gs2-header MUST NOT be present in > the SCRAM-as-pure-GSS-API case. In fact, when you use SCRAM-as-a-GSS-API-mechanism under GS2, GS2 adds that header back in, producing something that is wire-compatible with SCRAM-as-SASL-mechanism, which was the whole point. -- Jeff
- SCRAM as GSS-API mechanism Simon Josefsson
- [sasl] SCRAM as GSS-API mechanism Simon Josefsson
- Re: [sasl] SCRAM as GSS-API mechanism Nicolas Williams
- Re: [sasl] SCRAM as GSS-API mechanism Nicolas Williams
- Re: [sasl] SCRAM as GSS-API mechanism Jeffrey Hutzelman
- Re: [sasl] SCRAM as GSS-API mechanism Nicolas Williams