Minutes for krb-wg at IETF65
** IETF 65 - Dallas, TX
** Kerberos Working Group
** Mon, Mar 20 - 09:00 - 11:30
Chair: Jeffrey Hutzelman
Scribe: Love Hörnquist-Åstrand
* Agenda:
+ Preliminaries - Jeffrey Hutzelman (5 min)
+ Document Status - Jeffrey Hutzelman (5 min)
+ Technical Discussion (120 min)
- Anonymity
- Hash Agility Mandate / SHA-256
- Set/Change Password
- Referrals
- Kerberos Extensions
+ Update Milestones - Chair and Participants (10 min)
* Document Status
The chair gave a brief update on the status of current documents.
+ PKINIT and OCSP-for-PKINIT have been approved by the IESG.
+ Enctype negotation was been approved by the IESG
XXX gssapi documents?
+ The PKINIT ECC document is still in progress.
+ There is active work on Larry's anonymity draft, set/change
password, and extensions.
* Anonymity
There was a discussion of anonymity and of Larry's draft.
The sense of the room was that this document was going in the right
direction and should be adopted as a WG item. There was discussion
on the issue of what client principal name should appear in anonymous
tickets, and of the ticket substitution attack described by Aaron.
same thing as TLS, client not authenticated
sam, want to continue w/o continue
until we have a way to transport assertions
love, read the draft, agree with the principal
summary by larry:
not empty string, use
(something like anonymous/anonymous@)
define ticket flag
auth path for client and server cross realm
guidelines for gssapi implemeeaetions
def, what is anonymous ticket
getting anon ticket in AS or TGS request
setting a KDC option
KDC will return a anonymous ticket and remove auth-data
document is a acceptet working group item in the next revision
discussion on anonymity support by other mechanisms
discussion on realm name
discussion on name
larry: anonymous/anonymous/anonymous
tom: a/n/o/n/y/m/o/u/s
sam, need a new nameform, needs more general way to do it.
jhutz, just another name, plenty of examples before
nico, use critical auth-data element?
collision
discussion on how the client sees anonymity
aron jaggard
anonyity switching
leaking names
nico: authenticated plaintext will fix this?
sam: does this problem already exists? ---> yes
the server can't trust the attacker is exposing the
real client
document in security considerations?
how to solve this is unclear
sam, this is a very specific problem
go for extention
* Hash Agility
There was a discussion of algorithm agility in Kerberos and related
protocols, particularly as it relates to hashes:
- The core Kerberos protocol has always had enctype negotiation, which
also negotiates use of associated checksum types. With the approval
of the enctype-negotiation document, it is possible for applications
to negotiate use of an enctype not supported by the KDC.
- PKINIT has several algorithm negotiation issues and currently uses
SHA-1 as the only checksum algorithm in the paChecksum slot. There
is also a potential issue with a key derivation function which is
currently based on SHA-1; there is room to add the ability to
negotiate a different function, but this has not been done and there
are no alternate KDF's defined.
- There was a discussion of the impact of this issue on the ECC work.
Particularly, there is a question as to whether the SHA-1 currently
used by PKINIT is strong enough for the ECC groups which will be
introduced by the new document. Larry will look into this further.
- RFC4121 (the Kerberos GSSAPI mechanism) has an issue with channel
bindings, which are currently protected using MD5. A work item has
been added to correct this; Shawn Emery will act as editor.
* Kerberos Extensions
Tom Yu gave us a brief update. Open issues seem to be language tags
and the question of whether and how much new ASN.1 syntax to use.
ACTION ITEMS:
* chair: Get Anonymous listed as a WG item
* chair: Update milestones
* lzhu: Evaluate hash strength issue for PKINIT ECC
* jhutz, lzhu, lha: Figure out milestone for PKINIT Hash Agility
* jhutz, nico, shawn: Figure out milestone for RFC4121 Hash Agility
* hartmans: Find out if Nov 2006 is reasonable MS for hash agility
* New Document Authors
- PKINIT Hash Agility - Love, Larry
- RFC4121 Hash Agility - Shawn Emery
MILESTONES:
Done - Consensus on direction for Change/Set password
Jul 06 - Review milestones
Jul 06 - Last Call Anonymous
TBD - Last Call PKINIT Hash Agility
TBD - Last Call RFC4121 Hash Agility