** IETF 60 - San Diego, CA
** Kerberos Working Group
** Wed, Aug 4, 2004 - 13:00-15;00
Chairs: Doug Engert, Jeffrey Hutzelman
Scribe: Ken Hornstein
* Agenda:
+ Introduction - Chairs (5 min)
+ Document Status - Chairs (5 min)
+ WG Priorities - Chairs (10 min)
+ PKINIT - Brian Tung
+ Preauthentication Framework - Sam Hartman (10 min)
+ LDAP Information Model - Lief Johansson (10 min)
+ Change Password Protocol - Nico Williams (10 min)
+ Referrals - Larry Zhu (10 min)
+ Self-Imposed Limitations - Doug Engert (5 min)
+ kerberos-extensions - Tom Yu (30 min)
* Document Status
The chairs reviewed the status of several documents moving through
the IETF process, and solicited comments on a couple of issues...
+ Crypto Framework
- The crypto framework was approved by the IESG and is now in
the RFC-Editor queue. There is a desire to fix a problem in
the pseudo-random function defined by the simplified profile.
- Sam Hartman (co-author) described the PRF problem and the
proposed solution in some detail. It is a one-line document
change, and the function in question is not used by the core
kerberos protocol or anything that has yet been deployed.
- The chair noted that the AD had previously indicated he would
allow such a change during editing, provided there was a
documented concensus of the WG.
- The chairs asked for the concensus of the room; there was
significant support and no opposition. The issue will be
brought up on the mailing list for confirmation.
[This has been done; there was support but no objection. -jhutz]
+ GSSAPI-CFX
- This document was approved by the IESG and is now in the
RFC-Editor queue.
- Steve Bellovin (security AD) said he was still unsure about
Sam Hartman's assertion that no new IANA registries are
needed, and this issue is still outstanding.
+ AES
- This document is still in the IESG queue
- Ken Raeburn (editor) indicated there were comments received
during the last-call process, that some of the recommendations
(e.g. relating to key-salting) were vague.
- Russ Housley (AD) indicated the AD's havn't decided yet.
[Since the meeting, the IESG approved this for Proposed -jhutz]
+ Kerberos Clarifications
- This document is still undergoing revision to resolve issues
raised by the IESG. One more revision to go, we hope.
- An issue was described that was raised by Steve Bellovin
during IESG review related to prohibiting the use of link-local
addresses in tickets and a few other places. This issue was
discussed between the chairs, the SEC and INT AD's, and some
of the document authors, and we believe it is resolved.
- Cliff Neuman (author) will put in the relevant changes.
- A second issue was rasied on the list by Nico Williams and
Wyllys Ingersoll, who would like to see AES-128 added as a
RECOMMENDED enctype. In the absence of any objections on the
list, this will happen in the next rev.
[No objections have been seen on the list -jhutz]
* WG Priorities and Milestones [see slides]
- First draft of preauth by Jan 2005
- First draft of extensions by Nov 2004 (IETF61)
- Submit extensions to IESG by April 2005
- It was suggested that the milestone for PKCROSS be dropped;
Russ Housley (AD) indicated that if it's on the charter, it
must have a milestone.
- Someone looked for the online charter page, but it was not
available. Discussion deferred to the list.
[The charter is available now, and while the scope does include
"proposals on new and extended functionality...", it does not
specifically name any particular such proposals. However, I
personally would like to see work happen on PKCROSS or some
equivalent functionality -jhutz]
- Setting of milestones for PKINIT and Set/Change PW was deferred.
* PKINIT
+ Brian Tung (editor) gave a brief overview of open issues [see slides]
+ OCSP Tunnelling
- Brian Tung indicated he thought there was agreement on what
the text should look like, based on proposals from Larry Zhu
and Nico Williams
- Larry indicated he had the I-D ready to submit.
- Sense of the room was to proceed with Larry's document as
a separate draft.
- Chairs indicated Larry should submit the draft as a WG document.
+ DH Key Derivation
- Sam Hartman described the goal here, which is to allow parties
to cache DH keys and use them again in static-static mode.
The main issue is how to do key derivation and use nonces.
- The new proposal involves adding longer, DH-specific nonces
in both directions. Then take a bunch of stuff and feed it
into PRF to derive a key.
- This requires a wire format change, and Sam wanted to defer
discussion until we see if we have other wire format changes.
- After some discussion, the sense of the room was that this
change should be made. This will be validated on the list.
- The question of wire format changes will be deferred to the list.
- The question of MAY vs SHOULD will be deferred to the list.
+ BER vs DER / IMPLICIT OCTET STRING wrapping
[ These topics are related, and the discussion was intertwined ]
- Russ explained an encoding issue relating to certificates and
X.500 directories. In this scenario, when a CA makes a cert,
it encodes in DER. But when the cert is placed in an X.500
directory, the X.500 DAP includes the object directly rather
than octet-string wrapped, so it gets encoded in BER. So, when
a client receives a cert via DAP, it needs to decode the cert
and reencode it as DER in order to validate the signature.
- Jeff Hutzelman expressed a desire to specify a single encoding,
preferably DER
[I don't remember this, but it's in the jabber log -jhutz]
- Sam Hartman objected to requiring DER, just for the benefit of
a single vendor who doesn't support indefinite-length encodings.
- Tom Yu reports that going from a hand-coded DER decoder to one
that handles full BER is hard.
- Jeff Hutzelman, attempting to channel CableLabs, stated that
they believe permitting BER is a significant change, and they
will probably choose to be non-compliant. [I now better
understand their position; they _really_ want to be able to
interop with off-the-shelf KDC's, but doing BER in embedded
clients is too much of a hurdle -jhutz]
- Sam Hartman pointed out that while people are acting under the
assumption that specifying DER makes a vendor's life easier,
it is also the case that specifying BER makes other vendors'
lives easier. He says if we're going to choose whose life to
make easier, it should be the vendor deploying product on the
open internet, rather than in a closed environment.
- Love Hörnquist-Åstrand comments (via Jabber) that it's a CMS
type, and CMS specifies BER, so the question is only whether
to wrap it as an octet-string.
- Jeff Hutzelman, again attempting to channel CableLabs,
says wrapping CMS objects in OCTET-STRING won't be hard for
implementors to deal with, but will be a wire change, and all
wire changes are cause for concern for them.
- Wrapping doesn't solve the DER vs BER issue, but it does help
some vendors by letting them use off-the-shelf libraries.
- Tom Yu indicated that wraooing in IMPLICIT OCTET-STRING results
in a single-bit change on the wire.
- The sense of the room was to specifiy that CMS objects in
PKINIT be wrapped in IMPLICIT OCTET-STRING.
- There was agreement to specify that PKINIT messages themselves
(not embedded CMS objects) MUST be DER-encoded.
- There was much argument over trying to come up with wording
for a question the chair was trying to ask about BER vs DER.
Once the argument settled down and the question was asked,
it was clear that there was not clear agreement on this issue.
+ Unauthenticated Plaintext
- Sam Hartman said he was unsure whether there were security
issues with unsigned parts of the protocol.
+ Nonces
+ DH Groups
- The chair asked whether the IESG would approve a document which
recommended only Oakley groups 1 and 2.
- Russ Housley (AD) responded "maybe"
- Based on recent experience in SSH, Jeff Hutzelman suggested
it would probably not be approved.
- Russ indicated we would have to have at least one MUST, and that
it does not have to be group 14.
- There was a _lot_ of chatter on Jabber about how negotation
of groups actually does/will work.
- Doc Evans reported (via Jabber) that the PacketCable spec
currently REQUIRES group 2 and RECCOMMENDS group 1.
- The outcome of discussion in the room and on Jabber seems to
favor making group 2 REQUIRED and group 14 RECOMMENDED.
+ Root CA in Cert Chain
- Russ Housley (AD) indicated that the root CA cert must _not_
be included in the certificate chain; otherwise he will send
the document back.
* Pre-Authentication Framework
- Sam Hartman (author) gave an update on the status of the preauth
framework document, including some open issues.
- Sam indicated he would need help with preparing ASCII art in
the document.
- Brian Tung offered to provide help with the document.
- Love Hörnquist-Åstrand offered to review the document.
* Kerberos Information Model
- Leif Johansson talked about the ongoing side-work on developing
an information model for Kerberos. [see slides]
- The initial work is nearly complete, and ready for WG review.
- Sam Hartman indicated he'd presented some of this work to a
vendor, who seemed interested and had some feedback.
- Leif indicated that comments from previous IETF's [Vienna? -jhutz]
were folded into the latest draft.
- Nico Williams indicated he would review the document.
- Sam Hartman proposed making this a WG document
- Lacking the charter text, the chair was unable to say for certain,
but believes this work falls within the charter [since then,
I've read the charter, and I still believe it -jhutz].
- The sense of the room favored making this a WG work item.
- Russ Housley (AD) admonished us to finish PKINIT first.
- Lief indicated he would accept any comments.
* Set/Change Password
- Nico Williams (author) gave an update on the set/change password
document [see slides]
- Larry Zhu would like to be able to negotiate support for error
codes, so new codes can be added without IETF intervention.
- Nico indicaed this should go to the list
- Nico described some issues relating to internationalization,
particularly with regard to making things work when a KDC which
implements this protocol wants to provide support for legacy
just-send-8 Kerberos clients. To that end, he proposed adding
a mechanism for clients to provide hints as to what encoding
they are using.
- The sense of the room was in support of adding encoding hints.
* Self-Imposed Limitations of Kerberos
- Doug Engert (co-chair) gave a presentation on some of the
problems that face Kerberos as it becomes widely deployed.
- See the slides and Jabber discussion for more detail.
* KDC Referrals
- Larry Zhu (author/editor) gave some updates on the referrals
document [see slides]
- Larry indicated maybe next step was last call, and wanted
WG input on this.
- The chairs indicated that the decision to go to WG last call
would be made by them, based on whether the document appeared
ready; that in turn would depend heavily on the author's sense
of how ready the document is.
- Sam Hartman indicated he did not think the document was ready
yet for WG last call.
* Kerberos Extensions
- Due to lack of time, Tom Yu was unable to give his presentation
on the status of kerberos-extensions. However, slides are
available in the meeting proceedings.
* Meeting closed