IETF Logo Mail Archive

Re: Update of GS2

Simon Josefsson <jas@extundo.com> Fri, 30 June 2006 10:43 UTC

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k5UAh9lS041454; Fri, 30 Jun 2006 03:43:09 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k5UAh9Mg041453; Fri, 30 Jun 2006 03:43:09 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from yxa.extundo.com (178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k5UAh8oq041433 for <ietf-sasl@imc.org>; Fri, 30 Jun 2006 03:43:08 -0700 (MST) (envelope-from jas@extundo.com)
Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge1) with ESMTP id k5UAh4D3021252 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-sasl@imc.org>; Fri, 30 Jun 2006 12:43:04 +0200
From: Simon Josefsson <jas@extundo.com>
To: ietf-sasl@imc.org
Subject: Re: Update of GS2
References: <87fyhoqmkc.fsf@latte.josefsson.org> <20060629165941.GV5688@binky.Central.Sun.COM> <874py3r8r5.fsf@latte.josefsson.org> <20060629213404.GF5688@binky.Central.Sun.COM>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:060630:ietf-sasl@imc.org::EP0babOWA24HgXQr:btdO
Date: Fri, 30 Jun 2006 12:43:04 +0200
In-Reply-To: <20060629213404.GF5688@binky.Central.Sun.COM> (Nicolas Williams's message of "Thu, 29 Jun 2006 16:34:04 -0500")
Message-ID: <87veqiq5zb.fsf@latte.josefsson.org>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL, BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.1
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on yxa-iv
X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com
X-Virus-Status: Clean
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>

Here is the new version and rfcdiff compared to -01:

http://josefsson.org/sasl-gs2/draft-ietf-sasl-gs2.txt
http://josefsson.org/sasl-gs2/draft-ietf-sasl-gs2-from--01.diff.html

I'm including the new channel binding section below.  It doesn't
reference draft-ietf-nfsv4-channel-bindings-04.txt because that
document doesn't contain the necessary details yet.

Is this approach regarding channel binding OK with everyone?

There is one more issue, maybe we can resolve it on-list:

* Should the document say that integrity/privacy layers
  MAY/SHOULD/MUST be negotiated?  If channel binding negotiation
  succeeds, it currently says:

   Implementations MAY set the "client_cbqops" and "server_cbqops" to no
   security layer to improve performance by using only one security
   layer.

  This seems acceptable to me, but we may also require that a security
  layer must always be negotiated if there is no channel binding.

  There is a complication when the GSS-API mechanism doesn't provide
  security layers.  Should we say anything about this?

The only remaining item, that I am aware of, is to add example
connections for channel bindings, but I'll work on that separately.

Thanks,
Simon

5.  Channel Bindings

   The GS2 mechanism provide its own channel binding mechanism, instead
   of using the "chan_binding" parameter in the GSS-API context
   functions.  The reason for this is that the GS2 mechanism provide an
   option to proceed even if the channel bindings does not match.  The
   GSS-API framework specifies that authentication cannot proceed if
   channel bindings does not match.

   Client and servers MUST set the "chan_binding" parameter in the calls
   to GSS_Init_sec_context to GSS_Accept_sec_context, respectively, to
   NULL.

   Implementations MAY set the "client_cbqops" and "server_cbqops" to no
   security layer to improve performance by using only one security
   layer.

   For TLS, the channel binding data is specified below.  For other
   security layers, channel binding data will have to specified
   elsewhere, and this specification will have to be updated with
   explicit considerations.

5.1.  Name Of TLS Channel For Use As Channel Binding

   The TLS Pseudo-Random Function (PRF) generate, using the constant
   string "TLS channel binding", and based on the master secret and the
   random values established during a TLS handshake, a 64 octet string
   that make up the SASL channel binding data.

   Using the terminology of TLS [13], the channel binding data is
   computed as follows:

          ChannelBinding =
             PRF(SecurityParameters.master_secret,
                "TLS channel binding",
                SecurityParameters.server_random +
                SecurityParameters.client_random) [0..64];

   The derived ChannelBinding is intended to be used as a name of the
   TLS channel that is cryptographically bound to the channel, for use
   in authentication mechanisms tunneled over TLS.

v2.23.0 | Report a Bug | By Email