[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AD Review for draft-ietf-sasl-gssapi-xx.txt

To: Sam Hartman <hartmans-ietf@xxxxxxx>
Subject: Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
From: Simon Josefsson <jas@xxxxxxxxxxx>
Date: Thu, 07 Sep 2006 16:00:08 +0200
Cc: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <tslodtrx0qn.fsf@xxxxxxxxxx> (Sam Hartman's message of "Thu\, 07 Sep 2006 09\:30\:40 -0400")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <tslac6sm3v5.fsf@xxxxxxxxxx> <44CF1B96.5010404@xxxxxxxxx> <44EC6C24.7040300@xxxxxxxxx> <87zmde5zx8.fsf@xxxxxxxxxxxxxxxxxxx> <44FF1585.5060607@xxxxxxxxx> <87k64fubq6.fsf@xxxxxxxxxxxxxxxxxxx> <tslodtrx0qn.fsf@xxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux)

Sam Hartman <hartmans-ietf@xxxxxxx> writes:

> So, this is a bit complicated and perhaps the best thing is to decide
> that we just don't care about mechansims without integ_avail.

For GS2, there is a downgrade attack of the quality of protection (at
the SASL level) if the GSS-API mechanism doesn't provide integrity of
GSS_Wrap tokens.  In general, that's probably not acceptable.

However, if a particular GSS-API mechanism doesn't provide integrity,
perhaps the security problems in having GS2 support it anyway, with
the obvious weakness of an downgrade attack, is acceptable?  Thoughts
on this?

> RFC 4422 only requires us to integrity protect the security layer
> exchange if the underlying mechanism has integrity protection.  It is
> quite clear that we cannot do channel binding exchange without
> integrity protection.

Right.

> I'm assuming that gssapi mechanisms protect their negotiation enough
> that if integrity is requested that the mechanism prevents downgrade
> attacks and either gives you integrity or only fails to give you
> integrity if one end doesn't support it or required credentials are
> missing.  If you are concerned that is not actually required by 2743
> I'd be happy to see if we can get kitten to specify that.

It may be a good thing to do, but it doesn't seem directly relevant to
this.  The downgrade attack I talk about above is at the SASL level,
not at the GSS-API level.

> I don't think it makes any sense at all to return prot_ready without
> integrity being available so aborting if somehow you get prot_ready
> but later not integ_avail seems fine.

Right.

> (Alternatively we could require that integ_avail is set at the same
> time as prot_ready)

That would be up to Kitten, I suppose.

> The only important thing seems to be not to negotiate a security layer
> or pass channel bindings if integ_avail is not set.

For GS2, it may be as important to not succeed the authentication if
integ_avail is not set.

/Simon

Follow-Ups:
- gs2 and qop
  - From: Sam Hartman

References:
- AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Sam Hartman
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Alexey Melnikov
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Alexey Melnikov
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Simon Josefsson
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Alexey Melnikov
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Simon Josefsson
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Sam Hartman

Prev by Date: Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
Next by Date: gs2 and qop
Previous by thread: Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
Next by thread: gs2 and qop
Index(es):
- Date
- Thread