[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gs2 and qop

To: Sam Hartman <hartmans-ietf@xxxxxxx>
Subject: Re: gs2 and qop
From: Simon Josefsson <jas@xxxxxxxxxxx>
Date: Thu, 07 Sep 2006 17:41:05 +0200
Cc: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <tsl4pvjwwws.fsf@xxxxxxxxxx> (Sam Hartman's message of "Thu\, 07 Sep 2006 10\:53\:23 -0400")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <tslac6sm3v5.fsf@xxxxxxxxxx> <44CF1B96.5010404@xxxxxxxxx> <44EC6C24.7040300@xxxxxxxxx> <87zmde5zx8.fsf@xxxxxxxxxxxxxxxxxxx> <44FF1585.5060607@xxxxxxxxx> <87k64fubq6.fsf@xxxxxxxxxxxxxxxxxxx> <tslodtrx0qn.fsf@xxxxxxxxxx> <87slj3sro7.fsf@xxxxxxxxxxxxxxxxxxx> <tsl8xkvwydu.fsf_-_@xxxxxxxxxx> <877j0fsq4u.fsf@xxxxxxxxxxxxxxxxxxx> <tsl4pvjwwws.fsf@xxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux)

Sam Hartman <hartmans-ietf@xxxxxxx> writes:

>>>>>> "Simon" == Simon Josefsson <jas@xxxxxxxxxxx> writes:
>
>     >> Are you talking about gss-api level qop or sasl security
>     >> layers?
>
>     Simon> SASL security layers.
>
> I skip your answers to the rest of my questions because they assumed
> you meant GSS QOP.
>
> I'm failing to see the downgrade attack here though: if integ_avail is
> false, you don't negotiate security layers.
> Provided you enforce that what is the downgrade issue.

GS2 doesn't enforce that right now.  Instead, GS2 would fail the
authentication, because the integ_avail flag was not set.  I suppose
that GS2 could accept this situation and continue.  This would be
insecure: the authorization identity is not integrity protected.  I
wouldn't want to see wide use of a mechanism that has such an obvious
security problem.  However, the SASL framework permits this.

Is the consensus that GS2 should support GSS-API mechanisms that
doesn't offer integrity protection?

If so, the document should also say that channel bindings MUST NOT be
negotiated when integ_avail is false, because the channel bindings in
that situation would also not integrity protected.

> Some editorial comments on the draft:
>
> In your examples you do separate parts of packets input to gss_wrap
> with ,.  I'd suggest |.
>
> You never clearly define that the qop values you talk about correspond
> to the security layer stuff in section 9.

Thanks, the updated document should address this.

/Simon

Follow-Ups:
- Re: gs2 and qop
  - From: Sam Hartman

References:
- AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Sam Hartman
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Alexey Melnikov
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Alexey Melnikov
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Simon Josefsson
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Alexey Melnikov
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Simon Josefsson
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Sam Hartman
- Re: AD Review for draft-ietf-sasl-gssapi-xx.txt
  - From: Simon Josefsson
- gs2 and qop
  - From: Sam Hartman
- Re: gs2 and qop
  - From: Simon Josefsson
- Re: gs2 and qop
  - From: Sam Hartman

Prev by Date: Re: gs2 and qop
Next by Date: Re: gs2 and qop
Previous by thread: Re: gs2 and qop
Next by thread: Re: gs2 and qop
Index(es):
- Date
- Thread