IETF Logo Mail Archive

Re: [kitten] Freshness Security Considerations for minimum/maximum size

Greg Hudson <ghudson@mit.edu> Thu, 01 December 2016 19:59 UTC

Return-Path: <ghudson@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF278129EF2 for <kitten@ietfa.amsl.com>; Thu, 1 Dec 2016 11:59:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.116
X-Spam-Level:
X-Spam-Status: No, score=-7.116 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.896, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6orUFgaPTv4c for <kitten@ietfa.amsl.com>; Thu, 1 Dec 2016 11:59:05 -0800 (PST)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FF2B129D3E for <kitten@ietf.org>; Thu, 1 Dec 2016 11:47:00 -0800 (PST)
X-AuditID: 1209190d-eebff700000009d2-a9-58407e323809
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id D7.80.02514.23E70485; Thu, 1 Dec 2016 14:46:59 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id uB1JkwxN030605; Thu, 1 Dec 2016 14:46:58 -0500
Received: from [18.101.8.122] (vpn-18-101-8-122.mit.edu [18.101.8.122]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id uB1JkuuR004676 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 1 Dec 2016 14:46:57 -0500
To: Michiko Short <michikos@microsoft.com>, "kitten@ietf.org" <kitten@ietf.org>
References: <CY1PR03MB2315AC54FFAF0CC292EBDD71D08F0@CY1PR03MB2315.namprd03.prod.outlook.com>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <3cee1ab5-8f73-fce0-58a8-36a1697c9b77@mit.edu>
Date: Thu, 01 Dec 2016 14:46:56 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <CY1PR03MB2315AC54FFAF0CC292EBDD71D08F0@CY1PR03MB2315.namprd03.prod.outlook.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrJIsWRmVeSWpSXmKPExsUixCmqrGtc5xBhcOQki8XRzatYLP518zkw eSxZ8pPJo3XHX/YApigum5TUnMyy1CJ9uwSujAtTYwqus1Y8/9HJ3sB4gqWLkZNDQsBE4nfD YSYQW0igjUnibI9RFyMXkL2BUeLG1wlMEM4RJonFu3vBqoQFgiR+nGljB7FFBKIkVh1bDxTn ACqKkVi9PR8kzCagLLF+/1awBbwCVhKbH35iBrFZBFQkJrTNZAOxRQUiJG497ICqEZQ4OfMJ mM0pECvx4NF9sPHMAnoSO67/YoWw5SW2v53DPIGRfxaSlllIymYhKVvAyLyKUTYlt0o3NzEz pzg1Wbc4OTEvL7VI10gvN7NELzWldBMjOBQleXcw/rvrdYhRgINRiYf3hbFDhBBrYllxZe4h RkkOJiVR3kd6QCG+pPyUyozE4oz4otKc1OJDjBIczEoivBFVQDnelMTKqtSifJiUNAeLkjjv f7ev4UIC6YklqdmpqQWpRTBZGQ4OJQlei1qgRsGi1PTUirTMnBKENBMHJ8hwHqDhk2pAhhcX JOYWZ6ZD5E8x6nIceL/iKZMQS15+XqqUOO8XkCIBkKKM0jy4OeAUkspR9YpRHOgtYd4UkHU8 wPQDN+kV0BImoCUd1+1BlpQkIqSkGhhnXeZ/tmu3wSnlyU/vvfOdEOvS9JPDefXxQzMb2DY4 zq2+Lv5aaV/d5csT1a94ZmfMZpPnKO5+8r8pdlftQVnemEcPumfosbyb6lasbvp87WbrjScz Ti6YzX30Df/d8+dmmS96VcAeckkqquv3hCfMIcHbf80KDP3ek2FbZxZ+ZG6Vkm/uxENnlViK MxINtZiLihMBAmHr+/wCAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/OMcvC-mzpkglP26gs6n_he5rbYc>
Subject: Re: [kitten] Freshness Security Considerations for minimum/maximum size
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2016 19:59:07 -0000

On 12/01/2016 12:55 PM, Michiko Short wrote:
> Minimum length

I think we should add a third paragraph to security considerations saying:

If freshness tokens sent by the KDC are too short or too predictable, an
attacker may be able to defeat the mechanism by creating signatures
using every possible token value.  To prevent this attack, the freshness
token SHOULD contain a minimum of 64 unpredictable bits.

(I am willing to accept an amendment changing 64 to 96 or 128.  It's a
SHOULD, so it doesn't really constrain the implementation.)

> Maximum length

Saying anything about maximum lengths would be out of character for
Kerberos standards, I think.  I don't think we should specify a maximum
length.

v2.23.0 | Report a Bug | By Email