Re: [secdir] secdir review of draft-yount-krb-cred-clear-text-01.txt
Russell J Yount <rjy@cmu.edu> Thu, 18 August 2011 21:23 UTC
Return-Path: <rjy@cmu.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05FD21F0C3C; Thu, 18 Aug 2011 14:23:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.599
X-Spam-Level:
X-Spam-Status: No, score=-4.599 tagged_above=-999 required=5 tests=[AWL=-2.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4FA4hrWjo5+V; Thu, 18 Aug 2011 14:23:21 -0700 (PDT)
Received: from relay-exchange.andrew.cmu.edu (RELAY-EXCH-01.ANDREW.CMU.EDU [128.2.105.45]) by ietfa.amsl.com (Postfix) with ESMTP id 71DA421F8880; Thu, 18 Aug 2011 14:23:21 -0700 (PDT)
Received: from PGH-MSGHT-01.andrew.ad.cmu.edu (PGH-MSGHT-01.ANDREW.AD.CMU.EDU [128.2.105.39]) by relay-exchange.andrew.cmu.edu (8.14.4/8.14.4) with ESMTP id p7ILOF1g019612 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 18 Aug 2011 17:24:15 -0400
Received: from PGH-MSGMB-03.andrew.ad.cmu.edu ([169.254.1.157]) by PGH-MSGHT-01.andrew.ad.cmu.edu ([128.2.105.39]) with mapi id 14.01.0270.001; Thu, 18 Aug 2011 17:24:14 -0400
From: Russell J Yount <rjy@cmu.edu>
To: Sam Hartman <hartmans-ietf@mit.edu>, Warren Kumari <warren@kumari.net>
Thread-Topic: [secdir] secdir review of draft-yount-krb-cred-clear-text-01.txt
Thread-Index: AQHMVkFveH+4P1fDk0yirhqEYHgVfJUjKAX6gAAEBcA=
Date: Thu, 18 Aug 2011 21:24:14 +0000
Message-ID: <26BE721B42199440805DB836552EA796053F1A@PGH-MSGMB-03.andrew.ad.cmu.edu>
References: <EBDDC31C-A2D0-4FF5-8EE8-D7061EA23805@kumari.net> <tslhb5e31v8.fsf@mit.edu>
In-Reply-To: <tslhb5e31v8.fsf@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [128.2.42.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 5.6.0.2009776, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2011.8.18.211516
X-SMTP-Spam-Clean: 8% ( MULTIPLE_RCPTS 0.1, BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_1000_1099 0, BODY_SIZE_2000_LESS 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, FROM_EDU_TLD 0, WEBMAIL_SOURCE 0, WEBMAIL_XOIP 0, WEBMAIL_X_IP_HDR 0, __ANY_URI 0, __BOUNCE_CHALLENGE_SUBJ 0, __BOUNCE_NDR_SUBJ_EXEMPT 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __HAS_XOIP 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __MULTIPLE_RCPTS_CC_X2 0, __PHISH_SPEAR_STRUCTURE_1 0, __SANE_MSGID 0, __TO_MALFORMED_2 0, __URI_NO_PATH 0, __URI_NO_WWW 0, __URI_NS )
X-SMTP-Spam-Score: 8%
X-Scanned-By: MIMEDefang 2.60 on 128.2.105.45
X-Mailman-Approved-At: Fri, 19 Aug 2011 03:19:27 -0700
Cc: "draft-yount-krb-cred-clear-text.all@tools.ietf.org" <draft-yount-krb-cred-clear-text.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-yount-krb-cred-clear-text-01.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2011 21:25:50 -0000
Sam, I was thinking an intermediate node resending a number KRB-CRED messages could substitute previously received KRB-CRED messages. Eg. Node receives Joe's credentials and forwards Joe's credential. Node receives Jill's credentials and forwards Joe's credential. Whatever action Jill credentials where be used to perform now would be performed as Joe. Warren may have other thoughts on this. -Russ -----Original Message----- From: Sam Hartman [mailto:hartmans-ietf@mit.edu] Sent: Thursday, August 18, 2011 4:24 PM To: Warren Kumari Cc: secdir@ietf.org; iesg@ietf.org; draft-yount-krb-cred-clear-text.all@tools.ietf.org Subject: Re: [secdir] secdir review of draft-yount-krb-cred-clear-text-01.txt Hi. I have one question about the. changes in the last rev. Why exactly do we need end-to-end security? Why would some protocol that provided sufficient hop-by-hop security, for example an AAA transport with confidentiality and draft-ietf-abfab-aaa-saml transporting a krb-cred message?
- [secdir] secdir review of draft-yount-krb-cred-cl… Warren Kumari
- Re: [secdir] secdir review of draft-yount-krb-cre… Sam Hartman
- Re: [secdir] secdir review of draft-yount-krb-cre… Sam Hartman
- Re: [secdir] secdir review of draft-yount-krb-cre… Russell J Yount