IETF Logo Mail Archive

RE: [TLS] encrypting GSS data: draft-santesson-tls-gssapi-03.txt

Larry Zhu <lzhu@windows.microsoft.com> Fri, 20 July 2007 07:42 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IBn7r-0000kA-6J; Fri, 20 Jul 2007 03:42:11 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IBn7p-0000h4-UA for tls@lists.ietf.org; Fri, 20 Jul 2007 03:42:09 -0400
Received: from smtp.microsoft.com ([131.107.115.214]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IBn7p-00080k-D2 for tls@lists.ietf.org; Fri, 20 Jul 2007 03:42:09 -0400
Received: from TK5-EXHUB-C102.redmond.corp.microsoft.com (157.54.70.72) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.0.700.0; Fri, 20 Jul 2007 00:42:08 -0700
Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com (157.54.69.169) by TK5-EXHUB-C102.redmond.corp.microsoft.com (157.54.70.72) with Microsoft SMTP Server id 8.0.726.0; Fri, 20 Jul 2007 00:42:08 -0700
Received: from WIN-MSG-20.wingroup.windeploy.ntdev.microsoft.com ([157.54.62.25]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 20 Jul 2007 00:42:08 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] encrypting GSS data: draft-santesson-tls-gssapi-03.txt
Date: Fri, 20 Jul 2007 00:41:55 -0700
Message-ID: <CAAAEFE273EAD341A4B02AAA9CA6F73306C73CED@WIN-MSG-20.wingroup.windeploy.ntdev.microsoft.com>
In-Reply-To: <20070720045644.GD26276@Sun.COM>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] encrypting GSS data: draft-santesson-tls-gssapi-03.txt
Thread-Index: AcfKimS4jIOPInC8TUCndToeZ+VLkwAFthhw
References: <CAAAEFE273EAD341A4B02AAA9CA6F73306C73CB9@WIN-MSG-20.wingroup.windeploy.ntdev.microsoft.com> <20070720045644.GD26276@Sun.COM>
From: Larry Zhu <lzhu@windows.microsoft.com>
To: Nicolas Williams <Nicolas.Williams@sun.com>
X-OriginalArrivalTime: 20 Jul 2007 07:42:08.0116 (UTC) FILETIME=[798CBB40:01C7CAA1]
X-Spam-Score: -108.0 (---------------------------------------------------)
X-Scan-Signature: d0bdc596f8dd1c226c458f0b4df27a88
Cc: tls@lists.ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Nicolas.Williams wrote:

> Hmm, why not just do a TLS exchange with anon suites then nest another
> TLS exchange with GSS and channel binding to the first exchange?

we do not want to force Kerberos to pay for the perf penalty and extra
round trips.


-----Original Message-----
From: Nicolas Williams [mailto:Nicolas.Williams@sun.com] 
Sent: Thursday, July 19, 2007 9:57 PM
To: Larry Zhu
Cc: tls@lists.ietf.org
Subject: Re: [TLS] encrypting GSS data:
draft-santesson-tls-gssapi-03.txt

On Thu, Jul 19, 2007 at 08:43:04PM -0700, Larry Zhu wrote:
> A new section is inserted in -03: the TCPWrap pseudo mechanism is
> defined to describe how to TLS protect GSS-data.
> 
>
http://www.secure-endpoints.com/tls-gss/draft-santesson-tls-gssapi-03.tx
> t
> 
> 6.  Protecting GSS-API Authentication Data
> 
>    GSS-API [RFC2743] provides security services to callers in a
generic
>    fashion, supportable with a range of underlying mechanisms and
>    technologies and hence allowing source-level portability of
>    applications to different environments.  For example, Kerberos is a
>    GSS-API mechanism defined in [RFC4121].  It is possible to design a
>    GSS-API mechanism that can be used with FKA-TLS in order to, for
>    example, provide client authentication, and is so weak that its
GSS-
>    API token MUST NOT be in clear text over the open network.  A good
>    example is a GSS-API mechanism that implements basic
authentication.

I don't think we want to have such a mechanism, ever (LIPKEY isn't it --
it relies on another mechanism to provide protection; also we'd not want
to use LIPKEY-like things in TLS, ever).

I think a DIGEST-MD5-type mechanism would be a much better example.  And
privacy protection for mechanisms that send client identities in the
clear.

>    Although such mechanisms are unlikely to be standardized and will
be
>    encouraged in no circumstance, they exist for practical reasons.

Unlikely indeed :)

>    In order to provide a standard way for protecting weak GSS-API data
>    for use over FKA-TLS, TLSWrap is defined in this section as a
pseudo
>    GSS-API mechanism that wraps around the real GSS-API authentication
>    context establishment tokens.  This pseudo GSS-API mechanism does
not
>    provide per-message security.

Hmm, why not just do a TLS exchange with anon suites then nest another
TLS exchange with GSS and channel binding to the first exchange?

Sounds much simpler to me.  (Queue Martin's comment that GSS mechs don't
necessarily support channel binding, our answer to which would be that
all Internet standards track GSS mechs will :) :)

Nico
-- 


_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.29.0 | Report a Bug | By Email | System Status