[secdir] Secdir review of draft-josefsson-kerberos5-starttls-07
Magnus Nyström <magnusn@gmail.com> Thu, 24 December 2009 01:23 UTC
Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E27743A687F; Wed, 23 Dec 2009 17:23:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FNkeT8MC+ky9; Wed, 23 Dec 2009 17:23:49 -0800 (PST)
Received: from mail-yw0-f185.google.com (mail-yw0-f185.google.com [209.85.211.185]) by core3.amsl.com (Postfix) with ESMTP id EB0923A6873; Wed, 23 Dec 2009 17:23:48 -0800 (PST)
Received: by ywh15 with SMTP id 15so8001230ywh.5 for <multiple recipients>; Wed, 23 Dec 2009 17:23:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=tUTzQzOTqBzBpdZsyW0vyPJplKe4/KMMfmfhhAJrjkw=; b=tOWL6KbfIEzMC51KlqffhkbGvTIBGLjGv269//iP94PSd4vrOwQchFNC5JA1outQ1j QhYt37ioRRsw04a7LmW+im0dDSDWC0DK+wFEmc7uEsxlL9sAfMVrqUHoZ01jtKsAij1D ViKIVL+1w52uoFZNMJOxCkwPL+lOjWHKnNHmw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=Wk8WZNLerV1RxG7uG8lRL9oqJO1N9SieVEVvSL7SZ29SNZMGirSZTvYFJxn0Wbnmx+ 70W4nDVoCqpCNEBXvk/THo3LkGru+7YsedVLNAmJX6nDIXs+khs1F9oLXbOJ6oFPZDvY qtvBJ+IlxjE0daQ8FnEXX5VGaLSma0p97YJ0U=
MIME-Version: 1.0
Received: by 10.101.132.22 with SMTP id j22mr5809700ann.6.1261617809211; Wed, 23 Dec 2009 17:23:29 -0800 (PST)
Date: Wed, 23 Dec 2009 17:23:29 -0800
Message-ID: <2f57b9e60912231723x12e87864g9c0ad1ce095fc2c2@mail.gmail.com>
From: Magnus Nyström <magnusn@gmail.com>
To: iesg@ietf.org, secdir@ietf.org, simon@josefsson.org, larry.zhu@microsoft.com, jhutz@cmu.edu
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: [secdir] Secdir review of draft-josefsson-kerberos5-starttls-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Dec 2009 01:25:26 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document defines a new Kerberos extension to allow Kerberos protocol runs over TLS. I do not have any general issues with this document but a few questions/comments: Section 1: "The TLS protocol has been studied by many parties. In some threat models, the designer prefer to reduce the number of protocols that can hurt the overall system security if they are compromised." This statement seems to me like a strange reason to motivate this work - Kerberos is equally well studied (at least) as TLS and this memo does not reduce the number of protocols in the system (c.f. the recent TLS renegotiation vulnerability) Section 3: In the packet flow, why are the first two Kerberos exchanges ([0x70000000 & STARTTLS-bit] and [0x00000000]) wihtin square brackets? Is it because they're seen as a separate protocol, or some other reason? A clarification would be helpful. Section 5: "Use of TLS, even without server certificate validation, protects against some attacks that Kerberos V5 over UDP/TCP do not. Requiring server certificates to be used at all times would enable attacks in those situations": a) It would be useful to give examples of attacks that unauthenticated TLS protects against that Kerberos V5 does not protect against. b) Last sentence is ambigious - if server certs are required and the client verifies them I do not see what attacks would be enabled. I assume the last sentence intends to say that requiring server certs to be used when clients cannot validate will enable some attacks but I am not sure. Section 5: "When clients have the ability, they need to be able to validate the server certificate" I suggest rephrasing to: "When clients have the ability, they MUST validate the server certificate" (or at least SHOULD). Best, -- Magnus
- [secdir] Secdir review of draft-josefsson-kerbero… Magnus Nyström
- Re: [secdir] Secdir review of draft-josefsson-ker… Simon Josefsson
- Re: [secdir] Secdir review of draft-josefsson-ker… Simon Josefsson