Re: Where to specify details of channel bindings
Nicolas Williams <Nicolas.Williams@sun.com> Fri, 02 December 2005 03:09 UTC
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id jB239pdr046060; Thu, 1 Dec 2005 19:09:51 -0800 (PST) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id jB239pT1046059; Thu, 1 Dec 2005 19:09:51 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from nwkea-mail-2.sun.com (nwkea-mail-2.sun.com [192.18.42.14]) by above.proper.com (8.12.11/8.12.9) with ESMTP id jB239nvS046053 for <ietf-sasl@imc.org>; Thu, 1 Dec 2005 19:09:49 -0800 (PST) (envelope-from nw141292@binky.Central.Sun.COM)
Received: from centralmail1brm.Central.Sun.COM ([129.147.62.1]) by nwkea-mail-2.sun.com (8.12.10/8.12.9) with ESMTP id jB239n4u026609 for <ietf-sasl@imc.org>; Thu, 1 Dec 2005 19:09:49 -0800 (PST)
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by centralmail1brm.Central.Sun.COM (8.12.10+Sun/8.12.10/ENSMAIL,v2.2) with ESMTP id jB239m5K015198 for <ietf-sasl@imc.org>; Thu, 1 Dec 2005 20:09:49 -0700 (MST)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.13.3+Sun/8.13.3) with ESMTP id jB239mmr025025; Thu, 1 Dec 2005 21:09:48 -0600 (CST)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.13.3+Sun/8.13.3/Submit) id jB239jcK025024; Thu, 1 Dec 2005 21:09:45 -0600 (CST)
Date: Thu, 01 Dec 2005 21:09:45 -0600
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Simon Josefsson <jas@extundo.com>
Cc: ietf-sasl@imc.org
Subject: Re: Where to specify details of channel bindings
Message-ID: <20051202030944.GA21090@binky.Central.Sun.COM>
Mail-Followup-To: Simon Josefsson <jas@extundo.com>, ietf-sasl@imc.org
References: <iluiru9403d.fsf@latte.josefsson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <iluiru9403d.fsf@latte.josefsson.org>
User-Agent: Mutt/1.5.7i
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
On Thu, Dec 01, 2005 at 10:51:02AM +0100, Simon Josefsson wrote: > I started working on text in GS2 that would give guidance on exactly > what channel binding data to specify when running under TLS. It > occurred to me that this isn't specific for GS2. DIGEST-MD5 could use > similar channel binding data guidance. For TLS the answer is quite simple: the concatenation of the client and server finished messages, in that order. See: draft-ietf-kitten-gssapi-channel-bindings-01.txt draft-ietf-nfsv4-channel-bindings-03.txt (Note: the text on IPsec channel bindings is way out of date.) > I haven't thought through the following completely, but thought I > should mention it to see if I have hit upon something useful. > > Shouldn't the core document specify that if SASL is used below TLS, > and the SASL mechanism support channel bindings, the channel binding > must include the TLS session id? s/below/above/? Anyways, no, TLS session IDs are not strongly bound to TLS channels. > It could be argued that the channel binding problem is inherent in > SASL itself, and not specific to any mechanism. That would argue for > fixing it in the core document. > > Other recommendations, for e.g. IPSEC channel bindings could be added > too, but as far as I know, SASL over IPSEC isn't sufficiently widely > used to let us make a informed choice. There is also a larger layer > violation in getting the IPSEC session id into the SASL library, or > even worse, every SASL mechanism. I agree, I think we could generalize the above drafts a bit, so they are applicable to SASL. See section 4.2 of draft-ietf-nfsv4-channel- bindings-03.txt. The bigger problem is negotiation of use of channel bindings. Particularly when it comes to channels for which channel bindings will be specified later, as opposed to now, or for which channel bindings are difficult to obtain with existing implementations' interfaces. E.g., client uses channel bindings to channel XYZ, the server is unaware of the channel or can't get bindings for it, so it does not provide channel bindings to the mechanism --> context establishment fails. What we want from channel bindings is: to know whether the binding succeeded so the app can choose to eschew session protection at the higher layer. It's OK if channel binding fails but context establishment succeeds, AS LONG AS the application knows the binding failed and so can choose how to proceed. But the GSS-API doesn't provide this information -- it's all or nothing. So in pure GSS-API contexts we'll be resorting to stacking a pseudo- mechanism whose primary purpose is to indicate willingness to do channel binding at mechanism negotiation time. But in SASL/GS2 context we can do better. Nico --
- Re: Where to specify details of channel bindings Simon Josefsson
- Re: Where to specify details of channel bindings Nicolas Williams
- Re: Where to specify details of channel bindings Simon Josefsson
- Re: Where to specify details of channel bindings Nicolas Williams
- Re: Where to specify details of channel bindings Simon Josefsson
- Re: Where to specify details of channel bindings Nicolas Williams
- Re: Where to specify details of channel bindings Simon Josefsson
- Re: Where to specify details of channel bindings Nicolas Williams
- Re: Where to specify details of channel bindings Simon Josefsson
- Re: Where to specify details of channel bindings Simon Josefsson
- Re: Where to specify details of channel bindings Nicolas Williams
- Re: Where to specify details of channel bindings Nicolas Williams
- Re: Where to specify details of channel bindings Chris Newman