[TLS] Kerberos + ECDHE in TLS (v02)

Rick van Rein <rick@openfortress.nl> Fri, 11 March 2016 13:48 UTC

Return-Path: <rick@openfortress.nl>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A3E712D6CB for <tls@ietfa.amsl.com>; Fri, 11 Mar 2016 05:48:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.621
X-Spam-Level:
X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GDlFHH1hX_R0 for <tls@ietfa.amsl.com>; Fri, 11 Mar 2016 05:48:00 -0800 (PST)
Received: from lb1-smtp-cloud2.xs4all.net (lb1-smtp-cloud2.xs4all.net [194.109.24.21]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF49612D6C7 for <tls@ietf.org>; Fri, 11 Mar 2016 05:47:55 -0800 (PST)
Received: from airhead.local ([83.161.146.46]) by smtp-cloud2.xs4all.net with ESMTP id Udnq1s00m10HQrX01dnrfZ; Fri, 11 Mar 2016 14:47:52 +0100
Message-ID: <56E2CC85.1000209@openfortress.nl>
Date: Fri, 11 Mar 2016 14:47:49 +0100
From: Rick van Rein <rick@openfortress.nl>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: "tls@ietf.org" <tls@ietf.org>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/tk6tA-2dy27fsASSuYOE3tXKJ4s>
Subject: [TLS] Kerberos + ECDHE in TLS (v02)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2016 13:48:06 -0000

Hello,

I revised my TLS-KDH draft to include comments from this group.  Thanks!

The changes can be summarised as:

* Integration with "normal" X.509 certificates; client may use krb5
certificate
* Kerberos Ticket as X.509 pubkeyinfo; Authenticator as signature mechanism
* Define TLS-standardised hashes as ChecksumTypes for use in an
Authenticator
* Moved TicketRequestFlags to a TLS Extension; negotiation with min/max
flags
* Taken out protocol-bound DH; this saves about 75% of the complexity
* Pre-master secret now incorporates Kerberos session key and DH shared
secret
* Added descriptions of how to support backend servers in Ticket AuthData

I am aware that embedding Kerberos in an X.509 certificate is uncommon;
but it simplifies the rest incredibly, and suddenly everything "clicks"
smoothly into the rest of TLS.  I therefore think this form of
"tunneling" certifying information is worth considering.

Is this something that could be discussed at IETF 95?


Cheers,
 -Rick


> A new version of I-D, draft-vanrein-tls-kdh-02.txt
> has been successfully submitted by Rick van Rein and posted to the
> IETF repository.
>
> Name:		draft-vanrein-tls-kdh
> Revision:	02
> Title:		TLS-KDH: Kerberos + Diffie-Hellman in TLS
> Document date:	2016-03-11
> Group:		Individual Submission
> Pages:		23
> URL:            https://www.ietf.org/internet-drafts/draft-vanrein-tls-kdh-02.txt
> Status:         https://datatracker.ietf.org/doc/draft-vanrein-tls-kdh/
> Htmlized:       https://tools.ietf.org/html/draft-vanrein-tls-kdh-02
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-vanrein-tls-kdh-02
>
> Abstract:
>    This specification defines a TLS message flow with Kerberos-based
>    (mutual) authentication, binding in Elliptic-Curve Diffie-Hellman to
>    achieve Forward Secrecy for the session.