IETF Logo Mail Archive

Re: [TLS] Design Alternatives for Kerberos + DH

Rick van Rein <rick@openfortress.nl> Mon, 19 October 2015 08:36 UTC

Return-Path: <rick@openfortress.nl>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C788E1A86F1 for <tls@ietfa.amsl.com>; Mon, 19 Oct 2015 01:36:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.201
X-Spam-Level:
X-Spam-Status: No, score=-1.201 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TPHzcO7WzUtD for <tls@ietfa.amsl.com>; Mon, 19 Oct 2015 01:36:33 -0700 (PDT)
Received: from lb3-smtp-cloud3.xs4all.net (lb3-smtp-cloud3.xs4all.net [194.109.24.30]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50C591A7028 for <tls@ietf.org>; Mon, 19 Oct 2015 01:36:32 -0700 (PDT)
Received: from airhead.local ([83.161.146.46]) by smtp-cloud3.xs4all.net with ESMTP id WwcU1r00D10HQrX01wcVR5; Mon, 19 Oct 2015 10:36:30 +0200
Message-ID: <5624AB8B.4050802@openfortress.nl>
Date: Mon, 19 Oct 2015 10:36:27 +0200
From: Rick van Rein <rick@openfortress.nl>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: " \" <tls@ietf.org>"
References: <56212653.6050702@openfortress.nl> <1177744771.34157013.1445030003104.JavaMail.zimbra@redhat.com> <56216D37.1050701@akamai.com> <5621EF30.8040300@openfortress.nl> <5622857D.90304@akamai.com> <5623528B.7000302@openfortress.nl>
In-Reply-To: <5623528B.7000302@openfortress.nl>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Rqzg4clCKyyWnRAB7WmQDGcCXDY>
X-Mailman-Approved-At: Sun, 01 Nov 2015 16:50:02 -0800
Subject: Re: [TLS] Design Alternatives for Kerberos + DH
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Oct 2015 08:36:35 -0000

Hello Benjamin,

> No, mutual authentication requires the client to receive a message from
> the server.

Yes, I know -- the server needs to handle the session key or the subkey
to prove posession of its KDC-stored service key.  By using it, the client
can be convinced or server identity.

> This could be implicit

I think it automatically is with TLS, since the Finished messages won't
succeed until both parties have derived the same master secret, which
if it involves the session key or subkey proves the server's identity in an
implicit manner.

I do believe a long-enough Finished message is required though.  For
the TLS_ECDHE_KRB_ CipherSuites I've proposed a verify_data_lenth
to match the required certainty from the message; if we mix Kerberos
client "certificates" info other CipherSuites like TLS_ECDHE_RSA_ then
a client SHOULD negotiate a high-enough value and the server MUST
support that.  It requires TLS 1.2 to do these things.

-Rick

v2.23.0 | Report a Bug | By Email