[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)

To: Chaskiel M Grundman <cg2v@xxxxxxxxxxxxxx>
Subject: Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
From: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Date: Tue, 29 Nov 2005 15:39:04 -0600
Cc: ietf-kink@xxxxxxxx, ietf-krb-wg@xxxxxxx
In-reply-to: <9976DC82CBFEFFEEE619CA06@sphinx.andrew.cmu.edu>
List-archive: <http://www.vpnc.org/ietf-kink/mail-archive/>
List-id: <ietf-kink.vpnc.org>
List-unsubscribe: <mailto:ietf-kink-request@vpnc.org?body=unsubscribe>
Mail-followup-to: Chaskiel M Grundman <cg2v@andrew.cmu.edu>, ietf-kink@vpnc.org, ietf-krb-wg@anl.gov
References: <541E2F6964443FE48495C910@bistromath.pc.cs.cmu.edu> <> <9976DC82CBFEFFEEE619CA06@sphinx.andrew.cmu.edu>
Sender: owner-ietf-kink@xxxxxxxxxxxxx
User-agent: Mutt/1.5.7i

On Tue, Nov 29, 2005 at 03:57:40PM -0500, Chaskiel M Grundman wrote:
> --On Tuesday, November 29, 2005 12:41:38 -0600 Nicolas Williams 
> <Nicolas.Williams@xxxxxxx> wrote:
> 
> > - Sub-session key generation.
> > [...]
> kink actually proscribes the use of sub-session keys:
> 
> 4 KINK Message Format[....]
>  o  Cksum (variable) -- Kerberos keyed checksum over the entire
>      message excluding the Cksum field itself.[...] The key used
>      MUST be the session key in the ticket.
> 
> 7 ISAKMP Key Derivation [....]
> 
> o  SKEYID_d is the session key in the Kerberos service ticket from
>      the AP-REQ.  Note that subkeys are not used in KINK and MUST be
>      ignored if received.
> 
> This issue has been discussed in the past (multiple times even), and 
> bringing it up again will probably not result in anything other than wasted 
> time.

*nod*

> I did notice that section 4.2.7 KINK_ENCRYPT does not specify what key is 
> used, only that it
> "is encrypted using the encryption algorithm specified by the etype of the 
> session key"

Hmmm, mumble, mumble, reflection attacks, mumble, mumble.

Shouldn't KINK derive separate keys for each direction for the "cksum"
and KINK_ENCRYPT payload fields?  Or is there inherent protection from
reflection attacks in the actual message flow?

Follow-Ups:
- Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
  - From: Nicolas Williams
- Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
  - From: KAMADA Ken'ichi

References:
- Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
  - From: Nicolas Williams

Prev by Date: Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
Next by Date: Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
Previous by thread: Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
Next by thread: Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
Index(es):
- Date
- Thread