Re: [sasl] SCRAM as GSS-API mechanism
Nicolas Williams <Nicolas.Williams@oracle.com> Tue, 13 July 2010 20:55 UTC
Return-Path: <Nicolas.Williams@oracle.com>
X-Original-To: sasl@core3.amsl.com
Delivered-To: sasl@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E5A173A6A4C for <sasl@core3.amsl.com>; Tue, 13 Jul 2010 13:55:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hr1uFbhZmxCb for <sasl@core3.amsl.com>; Tue, 13 Jul 2010 13:55:52 -0700 (PDT)
Received: from rcsinet10.oracle.com (rcsinet10.oracle.com [148.87.113.121]) by core3.amsl.com (Postfix) with ESMTP id 0D6243A69FC for <sasl@ietf.org>; Tue, 13 Jul 2010 13:55:51 -0700 (PDT)
Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.2) with ESMTP id o6DKtwb3017964 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 13 Jul 2010 20:56:00 GMT
Received: from acsmt354.oracle.com (acsmt354.oracle.com [141.146.40.154]) by acsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o6DD5Jcd008492; Tue, 13 Jul 2010 20:55:58 GMT
Received: from abhmt015.oracle.com by acsmt354.oracle.com with ESMTP id 402539911279054548; Tue, 13 Jul 2010 13:55:48 -0700
Received: from oracle.com (/129.153.128.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 13 Jul 2010 13:55:48 -0700
Date: Tue, 13 Jul 2010 16:00:15 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: Simon Josefsson <simon@josefsson.org>
Message-ID: <20100713210015.GD20713@oracle.com>
References: <87pqyr2k8y.fsf@mocca.josefsson.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <87pqyr2k8y.fsf@mocca.josefsson.org>
User-Agent: Mutt/1.5.20 (2010-03-02)
X-Source-IP: acsmt354.oracle.com [141.146.40.154]
X-Auth-Type: Internal IP
X-CT-RefId: str=0001.0A090205.4C3CD2DE.0224:SCFMA4539814,ss=1,fgs=0
Cc: sasl@ietf.org
Subject: Re: [sasl] SCRAM as GSS-API mechanism
X-BeenThere: sasl@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SASL Working Group <sasl.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sasl>, <mailto:sasl-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sasl>
List-Post: <mailto:sasl@ietf.org>
List-Help: <mailto:sasl-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sasl>, <mailto:sasl-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jul 2010 20:55:53 -0000
On Tue, Jul 13, 2010 at 10:35:09PM +0200, Simon Josefsson wrote: > I cannot find anything in section 8 of SCRAM that discuss how SCRAM, as > a GSS-API mechanism, handles a non-NULL GSS-API channel binding. Is the > intention that this should be supported? The text could be clearer, but it follows from this: SCRAM is actually also a GSS-API mechanism. The messages are the same, but a) the GS2 header on the client's first message and channel binding data is excluded when SCRAM is used as a GSS-API mechanism, and b) the RFC2743 section 3.1 initial context token header is prefixed to the client's first authentication message (context token). and from knowing GS2 and subtracting GS2's ABNF from SCRAM's, that in the pure-GSS-API variant of SCRAM gs2-header gets re-defined from this: gs2-header = gs2-cbind-flag "," [ authzid ] "," to this: gs2-header = ;; empty Which means that cbind-input gets re-defined from this: cbind-input = gs2-header [ cbind-data ] to this: cbind-input = [ cbind-data ] What we could, and maybe should have done, is to publish the ABNF for SCRAM-the-pure-GSS-API-mechanism's security context tokens. > If it is not supported, we would be in the ironic situation that SCRAM, > as a GSS-API mechanism, does not support channel bindings, but GS2 > requires that in order for the GSS-API mechanism to be used under GS2. > In other words, SCRAM cannot be used as a GSS-API mechanism for GS2. > > I believe it could be made to work. What is missing from SCRAM is some > wording that says that the only supported use of channel bindings is to > provide a GS2-compliant channel binding, e.g., on this form: Just a reference to RFC5554 might do. Clearly, SCRAM cannot and does not support anything but the application-data field of GSS-CHANNEL-BINDINGS since we did not provide an encoding of GSS-CHANNEL-BINDINGS for SCRAM. > The initiator-address-type and acceptor-address-type fields of the > GSS-CHANNEL-BINDINGS structure MUST be set to 0. The initiator- > address and acceptor-address fields MUST be the empty string. Yes, this follows from the fact that SCRAM doesn't provide an encoding of GSS-CHANNEL-BINDINGS. > The application-data field MUST be set to the gs2-header, excluding > the initial [gs2-nonstd-flag ","] part, concatenated with, when a > gs2-cb-flag of "p" is used, the application's channel binding data. No, absolutely not. See above. The gs2-header MUST NOT be present in the SCRAM-as-pure-GSS-API case. IMO a simple erratum for RFC5802 adding a reference to RFC5554 and a paragraph stating that SCRAM supports only the use of the application-data field of GSS-CHANNEL-BINDINGS will do. Nico --
- SCRAM as GSS-API mechanism Simon Josefsson
- [sasl] SCRAM as GSS-API mechanism Simon Josefsson
- Re: [sasl] SCRAM as GSS-API mechanism Nicolas Williams
- Re: [sasl] SCRAM as GSS-API mechanism Nicolas Williams
- Re: [sasl] SCRAM as GSS-API mechanism Jeffrey Hutzelman
- Re: [sasl] SCRAM as GSS-API mechanism Nicolas Williams