Re: [TLS] Design Alternatives for Kerberos + DH
Rick van Rein <rick@openfortress.nl> Mon, 19 October 2015 08:36 UTC
Return-Path: <rick@openfortress.nl>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C788E1A86F1 for <tls@ietfa.amsl.com>; Mon, 19 Oct 2015 01:36:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.201
X-Spam-Level:
X-Spam-Status: No, score=-1.201 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TPHzcO7WzUtD for <tls@ietfa.amsl.com>; Mon, 19 Oct 2015 01:36:33 -0700 (PDT)
Received: from lb3-smtp-cloud3.xs4all.net (lb3-smtp-cloud3.xs4all.net [194.109.24.30]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50C591A7028 for <tls@ietf.org>; Mon, 19 Oct 2015 01:36:32 -0700 (PDT)
Received: from airhead.local ([83.161.146.46]) by smtp-cloud3.xs4all.net with ESMTP id WwcU1r00D10HQrX01wcVR5; Mon, 19 Oct 2015 10:36:30 +0200
Message-ID: <5624AB8B.4050802@openfortress.nl>
Date: Mon, 19 Oct 2015 10:36:27 +0200
From: Rick van Rein <rick@openfortress.nl>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: " \" <tls@ietf.org>"
References: <56212653.6050702@openfortress.nl> <1177744771.34157013.1445030003104.JavaMail.zimbra@redhat.com> <56216D37.1050701@akamai.com> <5621EF30.8040300@openfortress.nl> <5622857D.90304@akamai.com> <5623528B.7000302@openfortress.nl>
In-Reply-To: <5623528B.7000302@openfortress.nl>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Rqzg4clCKyyWnRAB7WmQDGcCXDY>
X-Mailman-Approved-At: Sun, 01 Nov 2015 16:50:02 -0800
Subject: Re: [TLS] Design Alternatives for Kerberos + DH
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Oct 2015 08:36:35 -0000
Hello Benjamin, > No, mutual authentication requires the client to receive a message from > the server. Yes, I know -- the server needs to handle the session key or the subkey to prove posession of its KDC-stored service key. By using it, the client can be convinced or server identity. > This could be implicit I think it automatically is with TLS, since the Finished messages won't succeed until both parties have derived the same master secret, which if it involves the session key or subkey proves the server's identity in an implicit manner. I do believe a long-enough Finished message is required though. For the TLS_ECDHE_KRB_ CipherSuites I've proposed a verify_data_lenth to match the required certainty from the message; if we mix Kerberos client "certificates" info other CipherSuites like TLS_ECDHE_RSA_ then a client SHOULD negotiate a high-enough value and the server MUST support that. It requires TLS 1.2 to do these things. -Rick
- Re: [TLS] Design Alternatives for Kerberos + DH Paul Wouters
- [TLS] Design Alternatives for Kerberos + DH Rick van Rein
- Re: [TLS] Design Alternatives for Kerberos + DH Benjamin Kaduk
- Re: [TLS] Design Alternatives for Kerberos + DH Nikos Mavrogiannopoulos
- Re: [TLS] Design Alternatives for Kerberos + DH Benjamin Kaduk
- Re: [TLS] Design Alternatives for Kerberos + DH Rick van Rein
- Re: [TLS] Design Alternatives for Kerberos + DH Rick van Rein
- Re: [TLS] Design Alternatives for Kerberos + DH Rick van Rein
- Re: [TLS] Design Alternatives for Kerberos + DH Karthikeyan Bhargavan
- Re: [TLS] Design Alternatives for Kerberos + DH Nikos Mavrogiannopoulos
- Re: [TLS] Design Alternatives for Kerberos + DH Benjamin Kaduk
- Re: [TLS] Design Alternatives for Kerberos + DH Rick van Rein
- Re: [TLS] Design Alternatives for Kerberos + DH Rick van Rein