IETF Logo Mail Archive

Re: [TLS] the use cases for GSS-based TLS and the plea for integrating Kerberos with TLS: draft-santesson-tls-gssapi

Love Hörnquist Åstrand <lha@it.su.se> Wed, 18 July 2007 16:52 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IBCky-0008Dh-Ss; Wed, 18 Jul 2007 12:52:08 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IBCky-0008Db-B5 for tls@ietf.org; Wed, 18 Jul 2007 12:52:08 -0400
Received: from smtp1.su.se ([130.237.162.112]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IBCkw-0007je-N1 for tls@ietf.org; Wed, 18 Jul 2007 12:52:08 -0400
Received: from localhost (localhost [127.0.0.1]) by smtp1.su.se (Postfix) with ESMTP id A186E741B3; Wed, 18 Jul 2007 18:52:05 +0200 (CEST)
Received: from smtp1.su.se ([127.0.0.1]) by localhost (smtp1.su.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 29268-01-6; Wed, 18 Jul 2007 18:52:04 +0200 (CEST)
Received: from [192.168.1.101] (c80-217-233-219.bredband.comhem.se [80.217.233.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp1.su.se (Postfix) with ESMTP id CB855740DC; Wed, 18 Jul 2007 18:52:04 +0200 (CEST)
In-Reply-To: <CAAAEFE273EAD341A4B02AAA9CA6F73306B357BB@WIN-MSG-20.wingroup.windeploy.ntdev.microsoft.com>
References: <CAAAEFE273EAD341A4B02AAA9CA6F73306BB955A@WIN-MSG-20.wingroup.windeploy.ntdev.microsoft.com> <361B6F7E-C99C-469B-9234-A0C4F4D2CD55@it.su.se> <CAAAEFE273EAD341A4B02AAA9CA6F73306B357BB@WIN-MSG-20.wingroup.windeploy.ntdev.microsoft.com>
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Type: text/plain; charset="ISO-8859-1"; delsp="yes"; format="flowed"
Message-Id: <A4F17398-6273-4276-A1FD-169E00E3F314@it.su.se>
Content-Transfer-Encoding: quoted-printable
From: Love Hörnquist Åstrand <lha@it.su.se>
Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for integrating Kerberos with TLS: draft-santesson-tls-gssapi
Date: Wed, 18 Jul 2007 18:51:54 +0200
To: Larry Zhu <lzhu@windows.microsoft.com>
X-Mailer: Apple Mail (2.752.3)
X-Virus-Scanned: by amavisd-new at smtp.su.se
X-Spam-Status: No, hits=-1.954 tagged_above=-99 required=7 tests=[AWL=0.358, BAYES_00=-2.312]
X-Spam-Level:
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b132cb3ed2d4be2017585bf6859e1ede
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

18 jul 2007 kl. 18.41 skrev Larry Zhu:

> Love Hörnquist Åstrand wrote:
> > - I would prefer having both the ability to run gssapi in clear and
> >   inside a DH protected tls connection.
>
> In fact you have this ability in draft -02/-03.
>
>  the protocol defined in this draft is generic and extensible, such  
> that you can build the DH protection logic into the GSS-mechanism  
> to encrypt GSS-API data for the real mechanism such as digest.
>
> even better, you do not need to do that for every real GSS-API  
> mechanism, instead, you can define a stackable protection GSS- 
> mechanism like SPNEGO, and use that to protect for the real GSS-API  
> mechanisms.
>
> do you agree?

No.

If the gss mech is weak and needs dh/rsa, may it should a requirement  
to have use server certificates. I'm tired of sprinkling DH everywhere.

Love



>
> --larry
>
> From: Love Hörnquist Åstrand [mailto:lha@it.su.se]
> Sent: Wed 7/18/2007 9:18 AM
> To: Larry Zhu
> Cc: tls@ietf.org
> Subject: Re: [TLS] the use cases for GSS-based TLS and the plea for  
> integrating Kerberos with TLS: draft-santesson-tls-gssapi
>
> Comment on the draft draft-santesson-tls-gssapi-03.txt
>
> - An important goal to meet is enabling use of authentication
>    infrastructure of the GSS mech for server and client
>    authenticiation. When using gss server authentication, thers shold
>    be no need to have a certificate on the server.
>
> - Feedback of key-data from the GSS-MECH back into the tls
>    statemachine. GSS-API is more then a glorified OTP/password system,
>    it provides key material that should be used, this solves problems
>    like replay attacks w/o the need for a replay cache, etc.
>
> - I would prefer having both the ability to run gssapi in clear and
>    inside a DH protected tls connection. But it should run inside TLS
>    and not the application layer. I.e., not http negotiate yet again.
>    Saying that all gss mechs are cryptographicly weak is wrong, saying
>    they are strong are also wrong. Should provide both, or just define
>    cryptographicly weak gss-mechs as out of scope for this
>    solution. Defining a solution that only uses the weak mech's
>    functionally seems, well, weird and quite unfriendly.
>
> - If its required to have DN for authorisation, well have the gss-mech
>    define that then. I really don't like how everytime naming get up,
>    its assumed that TLS naming today accully works, how many apps
>    actually does correct authorisation with tls certificate based
>    naming today, and why should they work with gss-style names ?
>
> This proposed solutions fixes 1, 2, 3, and 4. But thats becase I
> think weak gss mechs should be thrown out the window.
>
> Saying SPKM doesn't support gss-psudeo random is just silly,
> SPKM doesn't support anything, its not implementable and
> I want better security then des/rc2.
>
> Love
>
>
> 17 jul 2007 kl. 05.27 skrev Larry Zhu:
>
> > As we know -02 was published and it integrates Kerberos-alike GSS
> > mechanisms with TLS by importing the GSS key as PSK. It does so to
> > minimize the impact to the TLS state machine.
> >
> >
> > http://www.ietf.org/internet-drafts/draft-santesson-tls- 
> gssapi-02.txt
> >
> >
> > EKR requested us to nail down the use cases for this protocol and
> > explain the rational for the integration.
> >
> > In response, the ID revision -03 contains the use cases and why we
> > want
> > to integrate Kerberos with TLS, particularly in the introduction
> > section.
> >
> > http://www.secure-endpoints.com/tls-gss/draft-santesson-tls-
> > gssapi-03.tx
> > t
> >
> > The flowing document based on email posted by Larry Zhu describes
> > additional background information for the protocol design.
> >
> > http://www.secure-endpoints.com/tls-gss/fka-tls.txt
> >
> > thanks,
> >
> > --larry
> >
> >
> >
> > _______________________________________________
> > TLS mailing list
> > TLS@lists.ietf.org
> > https://www1.ietf.org/mailman/listinfo/tls
>
>
>


_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.29.0 | Report a Bug | By Email | System Status