Re: Update of GS2
Simon Josefsson <jas@extundo.com> Fri, 30 June 2006 10:43 UTC
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k5UAh9lS041454; Fri, 30 Jun 2006 03:43:09 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k5UAh9Mg041453; Fri, 30 Jun 2006 03:43:09 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from yxa.extundo.com (178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k5UAh8oq041433 for <ietf-sasl@imc.org>; Fri, 30 Jun 2006 03:43:08 -0700 (MST) (envelope-from jas@extundo.com)
Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge1) with ESMTP id k5UAh4D3021252 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-sasl@imc.org>; Fri, 30 Jun 2006 12:43:04 +0200
From: Simon Josefsson <jas@extundo.com>
To: ietf-sasl@imc.org
Subject: Re: Update of GS2
References: <87fyhoqmkc.fsf@latte.josefsson.org> <20060629165941.GV5688@binky.Central.Sun.COM> <874py3r8r5.fsf@latte.josefsson.org> <20060629213404.GF5688@binky.Central.Sun.COM>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:060630:ietf-sasl@imc.org::EP0babOWA24HgXQr:btdO
Date: Fri, 30 Jun 2006 12:43:04 +0200
In-Reply-To: <20060629213404.GF5688@binky.Central.Sun.COM> (Nicolas Williams's message of "Thu, 29 Jun 2006 16:34:04 -0500")
Message-ID: <87veqiq5zb.fsf@latte.josefsson.org>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL, BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.1
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on yxa-iv
X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com
X-Virus-Status: Clean
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Here is the new version and rfcdiff compared to -01: http://josefsson.org/sasl-gs2/draft-ietf-sasl-gs2.txt http://josefsson.org/sasl-gs2/draft-ietf-sasl-gs2-from--01.diff.html I'm including the new channel binding section below. It doesn't reference draft-ietf-nfsv4-channel-bindings-04.txt because that document doesn't contain the necessary details yet. Is this approach regarding channel binding OK with everyone? There is one more issue, maybe we can resolve it on-list: * Should the document say that integrity/privacy layers MAY/SHOULD/MUST be negotiated? If channel binding negotiation succeeds, it currently says: Implementations MAY set the "client_cbqops" and "server_cbqops" to no security layer to improve performance by using only one security layer. This seems acceptable to me, but we may also require that a security layer must always be negotiated if there is no channel binding. There is a complication when the GSS-API mechanism doesn't provide security layers. Should we say anything about this? The only remaining item, that I am aware of, is to add example connections for channel bindings, but I'll work on that separately. Thanks, Simon 5. Channel Bindings The GS2 mechanism provide its own channel binding mechanism, instead of using the "chan_binding" parameter in the GSS-API context functions. The reason for this is that the GS2 mechanism provide an option to proceed even if the channel bindings does not match. The GSS-API framework specifies that authentication cannot proceed if channel bindings does not match. Client and servers MUST set the "chan_binding" parameter in the calls to GSS_Init_sec_context to GSS_Accept_sec_context, respectively, to NULL. Implementations MAY set the "client_cbqops" and "server_cbqops" to no security layer to improve performance by using only one security layer. For TLS, the channel binding data is specified below. For other security layers, channel binding data will have to specified elsewhere, and this specification will have to be updated with explicit considerations. 5.1. Name Of TLS Channel For Use As Channel Binding The TLS Pseudo-Random Function (PRF) generate, using the constant string "TLS channel binding", and based on the master secret and the random values established during a TLS handshake, a 64 octet string that make up the SASL channel binding data. Using the terminology of TLS [13], the channel binding data is computed as follows: ChannelBinding = PRF(SecurityParameters.master_secret, "TLS channel binding", SecurityParameters.server_random + SecurityParameters.client_random) [0..64]; The derived ChannelBinding is intended to be used as a name of the TLS channel that is cryptographically bound to the channel, for use in authentication mechanisms tunneled over TLS.
- Re: Update of GS2 Nicolas Williams
- Re: Update of GS2 Simon Josefsson
- Re: Update of GS2 Simon Josefsson
- Re: Update of GS2 Nicolas Williams
- Re: Update of GS2 Simon Josefsson
- Re: Update of GS2 Jeffrey Hutzelman
- Re: Update of GS2 Nicolas Williams
- Re: Update of GS2 Kurt D. Zeilenga
- Update of GS2 Simon Josefsson
- Re: Update of GS2 Simon Josefsson