[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)

To: Chaskiel M Grundman <cg2v@xxxxxxxxxxxxxx>, ietf-kink@xxxxxxxx, ietf-krb-wg@xxxxxxx
Subject: Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
From: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Date: Wed, 30 Nov 2005 12:59:11 -0600
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-kink/mail-archive/>
List-id: <ietf-kink.vpnc.org>
List-unsubscribe: <mailto:ietf-kink-request@vpnc.org?body=unsubscribe>
Mail-followup-to: Chaskiel M Grundman <cg2v@andrew.cmu.edu>, ietf-kink@vpnc.org, ietf-krb-wg@anl.gov
References: <541E2F6964443FE48495C910@bistromath.pc.cs.cmu.edu> <> <9976DC82CBFEFFEEE619CA06@sphinx.andrew.cmu.edu> <> <>
Sender: owner-ietf-kink@xxxxxxxxxxxxx
User-agent: Mutt/1.5.7i

On Wed, Nov 30, 2005 at 11:07:35AM -0600, Nicolas Williams wrote:
> So the only place that KINK gets replay protection for free from
> Kerberos V is in the AP exchange.  So, how exactly does KINK get "replay
> protection of key management messages," a goal stated in the first
> paragraph of the introduction?  Did I miss something?

Yes, I missed something: every KINK message has an AP-REQ or AP-REP (or
KRB-ERROR).

The KINK "checksum" field and KINK_ENCRYPT payload use keys derived from
the session key of the Ticket, which would normally mean that Ticket
reuse implies key reuse which brings replay protection into question.
But the presence of an AP-REQ or AP-REP in the KINK message that is part
of the checksum input means that key reuse is not enough to lead to
replays, and the presence of timestamps in the Authenticator and AP-REP
enc part means that the inputs to the checksum cannot be replayed unless
time goes backwards, and the requirement that the AP-REP timestamps
match the AP-REQ timestamps provides replay protection to the client.

This also answers my question about reflection attacks.

Is this analysis correct?

Nico
--

Follow-Ups:
- Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
  - From: Michael Thomas

References:
- Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
  - From: Nicolas Williams
- Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
  - From: Nicolas Williams
- Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
  - From: Nicolas Williams

Prev by Date: Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
Next by Date: Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
Previous by thread: Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
Next by thread: Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)
Index(es):
- Date
- Thread