SASL GSS-API Bridge: GS2

Slides:

Advertisements

Similar presentations

A brief look at the WS-* framework Josh Howlett, JANET(UK) TF-EMC2 Prague, September 2007.

Advertisements

Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software.

Draft-lemonade-imap-submit-01.txt “Forward without Download” Allow IMAP client to include previously- received message (or parts) in or as new message.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.

G Robert Grimm New York University Protection and the Control of Information Sharing in Multics.

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

SOCKS Group: Challenger Member: Lichun Zhan. Agenda Introduction SOCKS v4 SOCKS v5 Summary Conclusion References Questions.

(Preliminary) Gap Analysis Hannes Tschofenig. Goal of this Presentation The IETF has developed a number of security technologies that are applicable to.

Windows NT ® Single Sign On Cross Platform Applications (Part II) John Brezak Program Manager Windows NT Security Microsoft Corporation.

KMIP Profiles version 1.3 A Method to Define Operations Access Control and Interaction Between a Client and Server Presented by: Kiran Kumar Thota & Bob.

RADIUS Crypto-Agility Requirements November 18, 2008 David B. Nelson IETF 73 Minneapolis.

EAP Keying Problem Draft-aboba-pppext-key-problem-03.txt Bernard Aboba

Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.

240-Current Research Easily Extensible Systems, Octave, Input Formats, SOA.

What’s MPEG-21 ? (a short summary of available papers by OCCAMM)

Proposal for RBAC Features for SDD James Falkner Sun Microsystems October 11, 2006.

Kerberos Guilin Wang School of Computer Science 03 Dec

Guidelines for Cryptographic Algorithm Agility Russ Housley IETF 89 - SAAG Session.

MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

RTP Splicing Status Update draft-ietf-avtext-splicing-for-rtp-11 Jinwei Xia.

Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.

Service Component Architecture (SCA) Policy FrameWork V1.0 Ashok Malhotra – Oracle Anish Karmarkar – Oracle David Booz - IBM …

SubmissionJoe Kwak, InterDigital1 Simplified 11k Security Joe Kwak InterDigital Communications Corporation doc: IEEE /552r0May 2004.

TEE: TLS Authentication Using EAP draft-nir-tls-eap-02.txt Yoav Nir Yaron Sheffer (presenter) Hannes Tschofenig Peter Gutmann IETF-70, Vancouver, Dec.

Technical Security Issues in Cloud Computing By: Meiko Jensen, Jorg Schwenk, Nils Gruschka, Luigi Lo Lacono Presentation by: Winston Tong 2009 IEEE.

Host Identifier Revocation in HIP draft-irtf-hiprg-revocation-01 Dacheng Zhang IETF 79.

TAG Presentation 18th May 2004 Paul Butler

VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.

Authenticated Identity

Chapter 7: Modifiability

Introduction Wireless devices offering IP connectivity

MQTT-255 Support alternate authenticaion mechanisms

Security+ All-In-One Edition Chapter 1 – General Security Concepts

OGSA-WG Basic Profile Session #1 Security

OAuth WG Conference Call, 11th Jan. 2013

Updated SBSP draft-birrane-dtn-sbsp-01.txt Edward Birrane

Application Layer Security Mike Pajevski (NASA/JPL) April 2009

Katrin Hoeper Channel Bindings Katrin Hoeper

draft-lemonade-imap-submit-01.txt “Forward without Download”

TAG Presentation 18th May 2004 Paul Butler

European AFS & Kerberos Conference 2010

editor: Stephen Farrell,

Cryptography and Network Security Chapter 16

GSS-API based Authentication and Key Establishment in TLS

GS2: Bridge between SASL and GSS-API

draft-ietf-geopriv-lbyr-requirements-02 status update

SECMECH BOF EAP Methods

Maryna Komarova (ENST)

draft-ipdvb-sec-01.txt ULE Security Requirements

Working Group Draft for TCPCLv4

Securing the CASP Protocol

Cryptography and Network Security

Architecture Competency Group

IEEE MEDIA INDEPENDENT HANDOVER

Life’s Too Short To Be Mediocre – HBS The Professionals Choice

SAMANVITHA RAMAYANAM 18TH FEBRUARY 2010 CPE 691

Mechanism to update current session parameters

IEEE MEDIA INDEPENDENT HANDOVER DCN:

PAA-2-EP protocol PANA wg - IETF 58 Minneapolis

JAAS AuthN Tokens in uPortal and Beyond

Clause 7 Comment Resolutions

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec

draft-ietf-dtn-bpsec-06

NFD Tunnel Authentication

Working Group Draft for TCPCLv4

IEEE MEDIA INDEPENDENT HANDOVER

Presentation transcript:

SASL GSS-API Bridge: GS2 http://josefsson.org/sasl-gs2-*/ Open Issues IAB concern about excessive layering (20%) Channel bindings relationship (60%) Defining channel bindings for GS2 under TLS (20%) If you are implementing this now, please contact simon@josefsson.org if you are interested in interop testing.

draft-iab-auth-mech 1/2 http://www.ietf.org/internet-drafts/draft-iab-auth-mech- 05.txt Section 11.3: Many of the legacy authentication mechanisms that users and administrators wish to support are themselves generic frameworks of one kind or another. For instance, SASL allows the use of GSSAPI, which itself is a generic framework for a number of mechanisms. This sort of layering dramatically increases both implementation and deployment complexity. For instance, GSSAPI contains mechanisms that are essentially equivalent to Kerberos, but SASL also supports Kerberos directly. Under what conditions should clients use Kerberos directly and under which should they use it through GSSAPI? In accordance with the principle of having as few mechanisms as possible, frameworks should avoid mechanisms that are themselves frameworks, in favor of using the second framework's mechanisms directly. "We'll build ours on top of theirs" is a bad policy.

draft-iab-auth-mech 2/2 Q: Does anyone have concrete plans to use non-krb5 mechanisms? Worried about absent review from non-KerberosV5 communities. Solutions: Go ahead. If there is a problem with non-KerberosV5 mechanisms, solve them later on. May lead to GS3-* which imply even worse interop problems than between GS2-* and GSSAPI. Potential disaster unless someone has a good idea on how to avoid it. Drop support for non-KerberosV5 mechanisms, i.e., rename this to GS2-KRB5. Non-KerberosV5 mechanism can use this protocol as a foundation to define a new mechanism. If we need to support e.g. SPKM too, include it in this spec too, as GS2-SPKM.

Channel binding relationship 1/2 Background: “Sam points out that in SASL what we want out of channel binindings is to affect the negotiation of security layers. If a channel being bound to provides integrity and confidentiality protection then the application won't want to use a SASL mechanism's own security layers -- it's a waste.” draft-ietf-sasl-gs2-00 can transfer non-GSS-API “channel binding” data in a separate field outside of the GSS Context/Wrap tokens. Problem: how do GSS-API cb interact with GS2 cb? Please chose between choices in next slide... (or come up with more options)

There is just one channel binding concept There is just one channel binding concept. The application will have to put exactly the same data into "channel_binding_data" and "chan_binding". This will lead to a security consideration that the GS2 mechanism may expose the channel binding in the clear. There are two channel bindings concepts, and they are orthogonal. Applications may set "chan_binding" (GSS-API cb) on a per-application need, and the "channel_binding_data" (GS2 cb) will have to be defined for, e.g., TLS. Having "chan_binding" be application-specified seem problematic to me. There is little interoperability in that. However, it may solve some problems. Same as 2 but the "chan_binding" field MUST be NULL. In other words, for GS2 interop we disallow the GSS-API cb completely, and only support a GS2 cb. There are two channel bindings concepts, but they are related. The GS2 cb data field is included within the GSS-API cb field. This would permit the most flexibility while continuing to use the GSS-API cb fields. It has the same interop problems as 2. 4) There are two channel bindings concepts, but they are related. The GSS-API cb is included within the GS2 cb. This is similar to 3, but has some different security properties. It seems this may end up including the initiator/acceptor addresses in the data protected by the Wrap token.

Channel bindings for GS2 under TLS Offline discussions with Nico to use the (expired) draft-ietf-kitten-gssapi-channel-bindings-01.txt Technical change: Don't use finished messages, use the TLS PRF to derive specific data used in GS2. Reason: GnuTLS applications cannot easily access the unencrypted finished messages (they just see the encrypted message). This approach seem generally safer in the future given various TLS extensions (TLS/IA) that may modify semantic of a finished message.