[kitten] CAMMAC review comments
Greg Hudson <ghudson@MIT.EDU> Wed, 23 July 2014 17:33 UTC
Return-Path: <ghudson@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D51FF1B2A1E for <kitten@ietfa.amsl.com>; Wed, 23 Jul 2014 10:33:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BqERFVR0m6EE for <kitten@ietfa.amsl.com>; Wed, 23 Jul 2014 10:33:27 -0700 (PDT)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 047041B2BB8 for <kitten@ietf.org>; Wed, 23 Jul 2014 10:32:44 -0700 (PDT)
X-AuditID: 1209190d-f79c06d000002f07-51-53cff1bb90cf
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id 55.27.12039.BB1FFC35; Wed, 23 Jul 2014 13:32:43 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id s6NHWgXl030763 for <kitten@ietf.org>; Wed, 23 Jul 2014 13:32:43 -0400
Received: from localhost (equal-rites.mit.edu [18.18.1.59]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s6NHWgp3006282 for <kitten@ietf.org>; Wed, 23 Jul 2014 13:32:42 -0400
From: Greg Hudson <ghudson@MIT.EDU>
To: kitten@ietf.org
Date: Wed, 23 Jul 2014 13:28:36 -0400
Message-ID: <x7degxc0yt7.fsf@equal-rites.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrGIsWRmVeSWpSXmKPExsUixG6nrrv74/lgg42n9SyObl7F4sDosWTJ T6YAxigum5TUnMyy1CJ9uwSujBefTrEWvBGu+PFsMlsD4yn+LkZODgkBE4mHe5YzQdhiEhfu rWfrYuTiEBKYzSSxcOVWFpCEkMBxRonG36UQiQ4miaalM5hBEmwCyhIHz34DKxIREJbYvfUd WFxYQF5i78RnYDaLgKrEqnf/wGp4BQwlmk6dZoKwBSVOznwCFmcW0JK48e8l0wRGnllIUrOQ pBYwMq1ilE3JrdLNTczMKU5N1i1OTszLSy3SNdLLzSzRS00p3cQICg5OSd4djO8OKh1iFOBg VOLh7dh7PliINbGsuDL3EKMkB5OSKO/v90AhvqT8lMqMxOKM+KLSnNTiQ4wSHMxKIrxr7wHl eFMSK6tSi/JhUtIcLErivG+trYKFBNITS1KzU1MLUotgsjIcHEoSvMIfgBoFi1LTUyvSMnNK ENJMHJwgw3mAhoPV8BYXJOYWZ6ZD5E8xKkqJ87qBXCQAksgozYPrhUXvK0ZxoFeEeV+AVPEA Ix+u+xXQYCagwa8SwAaXJCKkpBoYF397FuCiUtqwQjPFiytVP1SI6/RyD3GfpUu/9jw6qGHy /U0gl2DSDot1B66vb392XDhjzdt55+RS1FOfVbd97pXtuFKhtVa5Y+064bsHe3u7DXK7uS0O qL7fw/vGfNmyfaXzuAxONhin2ba4KU9/PEf+jc5+rykXv8ZXKBZmf4wqYHWYufi0EktxRqKh FnNRcSIAbcgfpLkCAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/eKvvhr43393Pm_01oSdjGVQ7Ulg
Subject: [kitten] CAMMAC review comments
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jul 2014 17:33:30 -0000
Shawn asked for more review of the CAMMAC draft. Here are my comments.
All but one is a minor wording issue, and none of them are intended to
be blocking.
* "The svc-verifier element of the CAMMAC is equivalent to the
ad-checksum element of AD-KDC-ISSUED" is true in the sense that
svc-verifier has the same functional and security properties as
ad-checksum, but is false in the sense of being precisely equivalent.
svc-verifier uses the ticket encryption key, while ad-checksum uses
the session key(*).
* "The KDC thus avoids recomputing all of the authorization data" seems
vague. I suggest adding "... for the issued ticket."
* "A Verifier-MAC where the key is that of the local Ticket-Granting
Service (TGS)" is phrased as if the local TGS only has one key.
"... where the key is a long-term key of the local..." would be more
correct.
* "... and it is very difficult to have two such authorization data
types coexist" would be more correctly phrased as "and it is very
difficult for two such authorization data types to coexist." It also
might be worth mentioning the non-standard authdata type we're
thinking of (SignedPath) instead of just asserting that one exists.
* Right now kdc-verifier is mandatory and svc-verifier is optional. I
can foresee situations where kdc-verifier isn't needed:
- If the KDC knows that all KDCs in its realm implement AD-CAMMAC, and
therefore will filter out CAMMACs from authdata requested by
clients, then it doesn't need any verifier at all for local TGTs.
- If the KDC knows that the target service does not or cannot use
S4U2Proxy, then it doesn't need to include a kdc-verifier. The
svc-verifier is sufficient for ticket modification requests (such as
renewals) which target the same server.
If we do decide to make kdc-verifier optional, we probably need to add
text saying that the KDC MUST NOT re-sign CAMMAC authdata unless it
has a kdc-verifier, except in one of the above cases: a CAMMAC in a
local TGT with configured assumptions about the other KDCs in the
realm, or a CAMMAC with a valid svc-verifier in a ticket modification
request.
It would certainly be simpler, and therefore safer, to require a
kdc-verifier in all cases. But ticket sizes are sometimes an issue,
and unneeded checksums can contribute noticeably.
(*) RFC 4120 is contradictory on what key ad-checksum should use, but
all implementations use the session key as far as I know.
- [kitten] CAMMAC review comments Greg Hudson
- Re: [kitten] CAMMAC review comments Tom Yu
- Re: [kitten] CAMMAC review comments Simo Sorce
- Re: [kitten] CAMMAC review comments Peter Mogensen