[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SPKM] Re: [TLS] DTLS and GSS-API

To: martin.rex@xxxxxxx
Subject: Re: [SPKM] Re: [TLS] DTLS and GSS-API
From: Sam Hartman <hartmans-ietf@xxxxxxx>
Date: Sun, 05 Nov 2006 14:41:53 -0500
Cc: tls@xxxxxxxx, spkm@xxxxxxxx
In-reply-to: <200611032025.VAA17840@xxxxxxxxxxxxxxxxxxx> (Martin Rex's message of "Fri, 3 Nov 2006 21:25:38 +0100 (MET)")
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <200611032025.VAA17840@xxxxxxxxxxxxxxxxxxx>
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)

>>>>> "Martin" == Martin Rex <martin.rex@xxxxxxx> writes:
    >> 
    >> An alternate proposal for solving this problem was discussed in
    >> the past: construct a GSS-API mechanism based on DTLS.
    >> Advantages of this solution include reuse of code and
    >> specification between GSS-API and TLS implementations.  When
    >> new ciphers are specified for TLS they would be available for
    >> NFS.  We would not need to keep updating a GSS mechanism as
    >> public-key algorithms evolve and problems are found.
    >> 
    >> There are two main drawbacks I've heard to the DTLS proposal.
    >> First, we don't have a draft.  Second, it would not be
    >> interoperable with SPKM-3 deployments.

    Martin> There is a substantial difference between GSS-API and TLS
    Martin> which should not be ignored: In the GSS-API architecture,
    Martin> context level tokens (which exchange cryptographic
    Martin> material and perform the authentication) can only be
    Martin> exchanged at the beginning.

    Martin> After a security context has been established, the message
    Martin> flow depends entirely on the communication characteristics
    Martin> of the application, and may be entirey uni-directional and
    Martin> may preclude even alien attempts of a gssapi mechanism to
    Martin> piggy-back context-token on protected message tokens.

    Martin> With TLS, on the other hand, each of the communication
    Martin> peers may request a renegotiation of context parameters at
    Martin> (almost) any time during the communication.


I talked to Eric about this in another context.  He claimed that as a
practical matter it does not work if animplementation does a new
handshake without the cooperation of the upper-layer application.  You
are correct though that a DTLS GSS-API mechanism could only be
specified on the standards track if this issue were dealt with in some
manner that preserved the GSS-API model.


_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] DTLS and GSS-API
  - From: Martin Rex

Prev by Date: Re: [TLS] Re: NIST TLS recomendations
Next by Date: milk route milligram-hour
Previous by thread: Re: [TLS] DTLS and GSS-API
Next by thread: [TLS] NIST TLS recomendations
Index(es):
- Date
- Thread