Bill told us so: stackable mechs, SPNEGO and substitutions

[Sam Hartman <hartmans-ietf at mit.edu>]

During the security review of SPNEGO, Bill brought up a concern.  The
windows compatibility is only secure if you cannot mechanically
transform the mechanism token of one mechanism into the token of
another mechanism.


I'm concerned that for many stackable mechanisms it would be
relatively easy to push or pop something onto the stack and manipulate
the tokens without cryptographic knowledge.


Also, at least some of the mechanisms we have been discussing in the
EAP context would be mechanisms that do not provide integrity unless
properly stacked with a mechanism that spins integrity out of raw PRF.

In short, there are a lot of security concerns surrounding stacking
and negotiation.


_______________________________________________
Kitten mailing list
Kitten at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten