idnits 2.17.1 

draft-ietf-kitten-krb5-gssapi-prf-02.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3667, Section 5.1 on line 14.

  -- Found old boilerplate from RFC 3978, Section 5.5 on line 191.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 168.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 175.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 181.

  ** Found boilerplate matching RFC 3978, Section 5.4, paragraph 1 (on line
     197), which is fine, but *also* found old RFC 2026, Section 10.4C,
     paragraph 1 text on line 36.

  ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure
     Acknowledgement -- however, there's a paragraph with a matching
     beginning. Boilerplate error?

  ** This document has an original RFC 3978 Section 5.4 Copyright Line,
     instead of the newer IETF Trust Copyright according to RFC 4748.

  ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
     of the newer disclaimer which includes the IETF Trust according to RFC
     4748.

  ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate
     instead of verbatim RFC 3978 boilerplate.  After 6 May 2005, submission
     of drafts without verbatim RFC 3978 boilerplate is not accepted.

     The following non-3978 patterns matched text found in the document. 
     That text should be removed or replaced:

        By submitting this Internet-Draft, I certify that any applicable patent
        or other IPR claims of which I am aware have been disclosed, or
        will be disclosed, and any of which I become aware will be
        disclosed, in accordance with RFC 3668.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an Introduction section.

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)

  ** There are 5 instances of lines with control characters in the document.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (July 2004) is 7225 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Unused Reference: 'RFC2743' is defined on line 143, but no explicit
     reference was found in the text

  == Unused Reference: 'RFC2744' is defined on line 146, but no explicit
     reference was found in the text

  -- Possible downref: Non-RFC (?) normative reference: ref. 'CFX'

  -- Possible downref: Non-RFC (?) normative reference: ref. 'GSS-PRF'

  -- Possible downref: Non-RFC (?) normative reference: ref. 'KRB5-CRYPTO'


     Summary: 9 errors (**), 0 flaws (~~), 4 warnings (==), 10 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	NETWORK WORKING GROUP                                        N. Williams
3	Internet-Draft                                                       Sun
4	Expires: December 30, 2004                                     July 2004

6	               A PRF for the Kerberos V GSS-API Mechanism
7	                draft-ietf-kitten-krb5-gssapi-prf-02.txt

9	Status of this Memo

11	   By submitting this Internet-Draft, I certify that any applicable
12	   patent or other IPR claims of which I am aware have been disclosed,
13	   and any of which I become aware will be disclosed, in accordance with
14	   RFC 3668.

16	   Internet-Drafts are working documents of the Internet Engineering
17	   Task Force (IETF), its areas, and its working groups.  Note that
18	   other groups may also distribute working documents as
19	   Internet-Drafts.

21	   Internet-Drafts are draft documents valid for a maximum of six months
22	   and may be updated, replaced, or obsoleted by other documents at any
23	   time.  It is inappropriate to use Internet-Drafts as reference
24	   material or to cite them other than as "work in progress."

26	   The list of current Internet-Drafts can be accessed at
27	   http://www.ietf.org/ietf/1id-abstracts.txt.

29	   The list of Internet-Draft Shadow Directories can be accessed at
30	   http://www.ietf.org/shadow.html.

32	   This Internet-Draft will expire on December 30, 2004.

34	Copyright Notice

36	   Copyright (C) The Internet Society (2004).  All Rights Reserved.

38	Abstract

40	   This document defines the Pseudo-Random Function (PRF) for the
41	   Kerberos V mechanism for the Generic Security Service Application
42	   Programming Interface (GSS-API), based on the PRF defined for the
43	   Kerberos V cryptographic framework, for keying application protocols
44	   given an established Kerberos V GSS-API security context.

46	Table of Contents

48	   1. Conventions used in this document  . . . . . . . . . . . . . . . 3
49	   2. Kerberos V GSS Mechanism PRF . . . . . . . . . . . . . . . . . . 4
50	   3. Security Considerations  . . . . . . . . . . . . . . . . . . . . 5
51	   4. Normative References . . . . . . . . . . . . . . . . . . . . . . 5
52	      Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5
53	      Intellectual Property and Copyright Statements . . . . . . . . . 7

55	1.  Conventions used in this document

57	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
58	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
59	   document are to be interpreted as described in [RFC2119].

61	2.  Kerberos V GSS Mechanism PRF

63	   The GSS-API PRF [GSS-PRF] function for the Kerberos V mechanism [CFX]
64	   shall be the output of a PRF+ function based on the enctype's PRF
65	   function keyed with the negotiated session key of the security
66	   context and key usage X (TBD).

68	   The security context MUST be fully established, else the mechanism
69	   MUST fail with GSS_S_UNAVAILABLE as the major status code and
70	   GSS_KRB5_S_KG_CTX_INCOMPLETE as the minor status code.

72	   This PRF+ MUST be keyed with a key derived, with key usage (TBD),
73	   from the session used by the initiator and acceptor, after the
74	   security context is fully established, to derive keys for per-message
75	   tokens.  For the current Kerberos V mechanism [CFX] this means that
76	   the PRF+ MUST be keyed with the acceptor-asserted subkey, if it did
77	   assert such a key, or the initiator's sub-session key otherwise.

79	   The PRF+ function is a simple counter-based extension of the Kerberos
80	   V pseudo-random function [KRB5-CRYPTO] for the enctype of the
81	   security context's keys:

83	   	PRF+(K, L, S) = truncate(L, T1 || T2 || .. || Tn)

85	   	Tn = pseudo-random-function(K, n || S)

87	   	where '||' is the concatenation operator, 'n' is encoded as a
88	   	network byte order 32-bit unsigned binary number, and where
89	   	truncate(L, S) truncates the input octet string S to length L.

91	   The maximum output size of the Kerberos V mechanism's GSS-API PRF
92	   then is, necessarily, 2^32 octets.

94	   Implementations MUST support output size of up to 2^14 octets at
95	   least.

97	   If the implementation cannot produce the desired output then it MUST
98	   output what it can.

100	   The minimum input octet string length that implementations MUST
101	   support is also 2^14 octets.  If the input octet string is longer
102	   than the maximum that an implementation can process then the
103	   implementation MUST fail with GSS_S_FAILURE as the major status code
104	   and GSS_KRB5_S_KG_INPUT_TOO_LONG as the minor status code.

106	3.  Security Considerations

108	   Kerberos V enctypes' PRF functions use a key derived from contexts'
109	   session keys and should preserve the forward security properties of
110	   the mechanisms' key exchanges.

112	   Legacy Kerberos V enctypes may be weak, particularly the single-DES
113	   enctypes.

115	   See also [GSS-PRF] for generic security considerations of
116	   GSS_Pseudo_random().

118	   The computational cost of computing this PRF+ may vary depending on
119	   the Kerberos V enctypes being used, but generally the computation of
120	   this PRF+ gets more expensive as the input and output octet string
121	   lengths grow (note that the use of a counter in the PRF+ construction
122	   allows for parallelization).  This means that if an application can
123	   be tricked into providing very large input octet strings and
124	   requesting very long output octet strings then that may constitue a
125	   denial of service attack on the application; therefore applications
126	   SHOULD place appropriate limits on the size of any input octet
127	   strings received from their peers without integrity protection.

129	4  Normative References

131	   [CFX]      Zhu, L., Jaganathan, K. and S. Hartman, "The Kerberos
132	              Version 5 GSS-API Mechanism: Version 2".

134	   [GSS-PRF]  Williams, N., "A PRF API extension for the GSS-API".

136	   [KRB5-CRYPTO]
137	              Raeburn, K., "Encryption and Checksum Specifications for
138	              Kerberos 5".

140	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
141	              Requirement Levels", BCP 14, RFC 2119, March 1997.

143	   [RFC2743]  Linn, J., "Generic Security Service Application Program
144	              Interface Version 2, Update 1", RFC 2743, January 2000.

146	   [RFC2744]  Wray, J., "Generic Security Service API Version 2 :
147	              C-bindings", RFC 2744, January 2000.

149	Author's Address

151	   Nicolas Williams
152	   Sun Microsystems
153	   5300 Riata Trace Ct
154	   Austin, TX  78727
155	   US

157	   EMail: Nicolas.Williams@sun.com

159	Intellectual Property Statement

161	   The IETF takes no position regarding the validity or scope of any
162	   Intellectual Property Rights or other rights that might be claimed to
163	   pertain to the implementation or use of the technology described in
164	   this document or the extent to which any license under such rights
165	   might or might not be available; nor does it represent that it has
166	   made any independent effort to identify any such rights.  Information
167	   on the procedures with respect to rights in RFC documents can be
168	   found in BCP 78 and BCP 79.

170	   Copies of IPR disclosures made to the IETF Secretariat and any
171	   assurances of licenses to be made available, or the result of an
172	   attempt made to obtain a general license or permission for the use of
173	   such proprietary rights by implementers or users of this
174	   specification can be obtained from the IETF on-line IPR repository at
175	   http://www.ietf.org/ipr.

177	   The IETF invites any interested party to bring to its attention any
178	   copyrights, patents or patent applications, or other proprietary
179	   rights that may cover technology that may be required to implement
180	   this standard.  Please address the information to the IETF at
181	   ietf-ipr@ietf.org.

183	Disclaimer of Validity

185	   This document and the information contained herein are provided on an
186	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
187	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
188	   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
189	   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
190	   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
191	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

193	Copyright Statement

195	   Copyright (C) The Internet Society (2004).  This document is subject
196	   to the rights, licenses and restrictions contained in BCP 78, and
197	   except as set forth therein, the authors retain all their rights.

199	Acknowledgment

201	   Funding for the RFC Editor function is currently provided by the
202	   Internet Society.