Re: [secdir] [nfsv4] Last Call: <draft-ietf-nfsv4-rfc3530bis-25.txt> (Network File System (NFS) Version 4 Protocol) to Proposed Standard
Benjamin Kaduk <kaduk@MIT.EDU> Mon, 01 April 2013 17:01 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9A7311E80CC; Mon, 1 Apr 2013 10:01:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.11
X-Spam-Level:
X-Spam-Status: No, score=-2.11 tagged_above=-999 required=5 tests=[BAYES_05=-1.11, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28l6HrMA6vCq; Mon, 1 Apr 2013 10:01:12 -0700 (PDT)
Received: from dmz-mailsec-scanner-8.mit.edu (DMZ-MAILSEC-SCANNER-8.MIT.EDU [18.7.68.37]) by ietfa.amsl.com (Postfix) with ESMTP id CAE1411E80AE; Mon, 1 Apr 2013 10:01:10 -0700 (PDT)
X-AuditID: 12074425-b7fec6d000007584-37-5159bd558297
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id CD.E9.30084.55DB9515; Mon, 1 Apr 2013 13:01:09 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id r31H19Wr015051; Mon, 1 Apr 2013 13:01:09 -0400
Received: from multics.mit.edu (SYSTEM-LOW-SIPB.MIT.EDU [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id r31H17fJ016511 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 1 Apr 2013 13:01:08 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id r31H17tr006109; Mon, 1 Apr 2013 13:01:07 -0400 (EDT)
Date: Mon, 01 Apr 2013 13:01:06 -0400
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: ietf@ietf.org
In-Reply-To: <20130319142244.19905.39903.idtracker@ietfa.amsl.com>
Message-ID: <alpine.GSO.1.10.1303312327530.9389@multics.mit.edu>
References: <20130319142244.19905.39903.idtracker@ietfa.amsl.com>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrKIsWRmVeSWpSXmKPExsUixCmqrRu6NzLQ4PN9c4tnG+ezWHxY+JDF gcljyZKfTAGMUVw2Kak5mWWpRfp2CVwZG74/YSn4zFNxeN9D5gbGY1xdjBwcEgImEl3rmLoY OYFMMYkL99azdTFycQgJ7GOU6PjxjBEkISSwgVHiR4cwROIgk8SBBWeZIBL1Ej/ubGMGsVkE tCRmnW8Fs9kEVCRmvtnIBrJAREBQ4uBjSxCTWUBYYt9RJ5AxwgJdjBKNa2ayg5RzCjhJ/O+9 BzaSV8BBYuPOLqi9jhL7zh5hA7FFBXQkVu+fwgJRIyhxcuYTMJtZwFLi39pfrBMYBWchSc1C klrAyLSKUTYlt0o3NzEzpzg1Wbc4OTEvL7VI10IvN7NELzWldBMjKDTZXVR3ME44pHSIUYCD UYmH12FOZKAQa2JZcWXuIUZJDiYlUd5Tu4FCfEn5KZUZicUZ8UWlOanFhxglOJiVRHhXZALl eFMSK6tSi/JhUtIcLErivDdSbvoLCaQnlqRmp6YWpBbBZGU4OJQkeOfuAWoULEpNT61Iy8wp QUgzcXCCDOcBGr4DpIa3uCAxtzgzHSJ/ilFRSpy3AyQhAJLIKM2D64WljleM4kCvCPOuAKni AaYduO5XQIOZgAYvuxUOMrgkESEl1cAocGWr1QXzX9zysnwditJpu5Nnxr+axckXn3k+ZKbk N4Xv2y7Zn9oe8frB7TjFi+9NM803MvwW/sSw5piR2pN7yz99ZKj8ILCISVTtQewLrcdCQbe2 v6q78UHsy0efhqJ1Ou8bFY8pP2tinKr4mFPUe0nXlhPa89b9mhFhsDhW5MLMrXc8L7c+UWIp zkg01GIuKk4EACl6mS/4AgAA
X-Mailman-Approved-At: Mon, 01 Apr 2013 11:37:12 -0700
Cc: secdir@ietf.org
Subject: Re: [secdir] [nfsv4] Last Call: <draft-ietf-nfsv4-rfc3530bis-25.txt> (Network File System (NFS) Version 4 Protocol) to Proposed Standard
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2013 17:01:12 -0000
I have not yet completed a full review of this (320-page) document, and I
worry that I may not finish before the deadline, so I am bringing this
concern to your attention now.
Section 3.2.1.1 of this document ("Kerberos V5 as a security triple")
seems to indicate that it is mandatory for a conformant NFSv4
implementation to implement the Kerberos V5 GSS-API mechanism and a few
"security triples" (mechanism,quality of protection,service). All of the
mandatory-to-implement security triples use the DES-MAC-MD5 algorithm.
The draft goes on to indicate that clients should engage in security
negotiation (section 3.3) to determine what security to use for bulk
operation, and that since kerberos-v5 under RPCSEC_GSS is mandatory, the
negotiation will be performed using that security provider. The actual
mechanism resulting from the negotiation may be different (or may be the
same), but this single-DES mechanism seems to be required to be used to
protect the negotiation step.
Given that the kerberos working group has published RFC 6649 (Deprecate
DES, RC4-HMAC-EXP, and Other Weak Cryptographic Algorithms in Kerberos)
and single-DES is known to be critically vulnerable to brute-force
attacks, I have grave concern about the IETF publishing new standards
documents that mandate the implementation of single-DES and do not specify
strong cryptographic algorithms. I feel that to do so would be misleading
implementors into believing that single-DES is sufficient and other
mechanisms need not be implemented, when in reality this is not true.
Sincerely,
Ben Kaduk
MIT Kerberos Consortium
- Re: [secdir] [nfsv4] Last Call: <draft-ietf-nfsv4… Benjamin Kaduk
- Re: [secdir] [nfsv4] Last Call: <draft-ietf-nfsv4… Nico Williams
- Re: [secdir] [nfsv4] Last Call: <draft-ietf-nfsv4… Haynes, Tom
- Re: [secdir] [nfsv4] Last Call: <draft-ietf-nfsv4… Nico Williams
- Re: [secdir] [nfsv4] Last Call: <draft-ietf-nfsv4… Benjamin Kaduk
- Re: [secdir] [nfsv4] Last Call: <draft-ietf-nfsv4… Nico Williams