summaryrefslogtreecommitdiff
path: root/doc/standardisation/draft-josefsson-kerberos5-starttls-02.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/standardisation/draft-josefsson-kerberos5-starttls-02.txt')
-rw-r--r--doc/standardisation/draft-josefsson-kerberos5-starttls-02.txt672
1 files changed, 0 insertions, 672 deletions
diff --git a/doc/standardisation/draft-josefsson-kerberos5-starttls-02.txt b/doc/standardisation/draft-josefsson-kerberos5-starttls-02.txt
deleted file mode 100644
index 5793b7053..000000000
--- a/doc/standardisation/draft-josefsson-kerberos5-starttls-02.txt
+++ /dev/null
@@ -1,672 +0,0 @@
-
-
-
-Network Working Group S. Josefsson
-Internet-Draft SJD
-Intended status: Standards Track October 21, 2006
-Expires: April 24, 2007
-
-
- Using Kerberos V5 over the Transport Layer Security (TLS) protocol
- draft-josefsson-kerberos5-starttls-02
-
-Status of this Memo
-
- By submitting this Internet-Draft, each author represents that any
- applicable patent or other IPR claims of which he or she is aware
- have been or will be disclosed, and any of which he or she becomes
- aware will be disclosed, in accordance with Section 6 of BCP 79.
-
- Internet-Drafts are working documents of the Internet Engineering
- Task Force (IETF), its areas, and its working groups. Note that
- other groups may also distribute working documents as Internet-
- Drafts.
-
- Internet-Drafts are draft documents valid for a maximum of six months
- and may be updated, replaced, or obsoleted by other documents at any
- time. It is inappropriate to use Internet-Drafts as reference
- material or to cite them other than as "work in progress."
-
- The list of current Internet-Drafts can be accessed at
- http://www.ietf.org/ietf/1id-abstracts.txt.
-
- The list of Internet-Draft Shadow Directories can be accessed at
- http://www.ietf.org/shadow.html.
-
- This Internet-Draft will expire on April 24, 2007.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (2006).
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Josefsson Expires April 24, 2007 [Page 1]
-
-Internet-Draft Protecting Kerberos V5 with TLS October 2006
-
-
-Abstract
-
- This document specify how the Kerberos V5 protocol can be transported
- over the Transport Layer Security (TLS) protocol, to provide
- additional security features.
-
-
-Table of Contents
-
- 1. Introduction and Background . . . . . . . . . . . . . . . . . 3
- 2. Kerberos V5 STARTTLS Extension . . . . . . . . . . . . . . . . 5
- 3. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
- 4. STARTTLS aware KDC Discovery . . . . . . . . . . . . . . . . . 7
- 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
- 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9
- 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
- 7.1. Normative References . . . . . . . . . . . . . . . . . . . 10
- 7.2. Informative References . . . . . . . . . . . . . . . . . . 10
- Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 11
- Intellectual Property and Copyright Statements . . . . . . . . . . 12
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Josefsson Expires April 24, 2007 [Page 2]
-
-Internet-Draft Protecting Kerberos V5 with TLS October 2006
-
-
-1. Introduction and Background
-
- This document describe how a Kerberos V5 [2] implementation may
- upgrade communication between clients and Key Distribution Centers
- (KDCs) to use the Transport Layer Security (TLS) [4] protocol.
-
- The TLS protocol offer integrity and privacy protected exchanges that
- can be authentication using X.509 certificates, OpenPGP keys [7], and
- user name and passwords via SRP [6].
-
- There are several reasons to use Kerberos V5 over TLS.
-
- o Prevents downgrade attacks affecting, e.g., encryption types and
- pre-auth data negotiation. The encryption type field in KDC-REQ,
- and the METHOD-DATA field with the requested pre-auth types from
- the server in KDC_ERR_PREAUTH_REQUIRED errors in KDC-REP, are sent
- without integrity or privacy protection in Kerberos 5. This
- allows an attacker to replace the encryption type with a
- compromised encryption type, e.g., 56-bit DES, or request that
- clients should use a broken pre-auth type. Since clients in
- general cannot know the encryption types other servers support, or
- the pre-auth types servers prefer or require, it is difficult for
- the client to detect if there was a man-in-the-middle or if the
- remote server simply did not support a stronger encryption type or
- preferred another pre-auth type.
-
-
- o Kerberos exchanges are privacy protected. Part of many Kerberos
- packets are transfered without privacy protection (i.e.,
- encryption). That part contains information, such as the client
- principal name, the server principal name, the encryption types
- supported by the client, the lifetime of tickets, etc. Revealing
- such information is, in some threat models, considered a problem.
-
-
- o Additional authentication against the KDC. In some situations,
- users are equipped with smart cards with a RSA authentication key.
- In others, users have a OpenPGP client on their desktop, with a
- public OpenPGP key known to the server.
-
- o The TLS protocol has been studied by many parties. In some threat
- models, the designer prefer to reduce the number of protocols that
- can hurt the overall system security if they are compromised.
-
-
- o Explicit server authentication of the KDC to the client. In
- traditional Kerberos 5, authentication of the KDC is proved as a
- side effect that the KDC knows your encryption key (i.e., your
-
-
-
-Josefsson Expires April 24, 2007 [Page 3]
-
-Internet-Draft Protecting Kerberos V5 with TLS October 2006
-
-
- password).
-
- The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
- "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
- document are to be interpreted as described in RFC 2119 [1].
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Josefsson Expires April 24, 2007 [Page 4]
-
-Internet-Draft Protecting Kerberos V5 with TLS October 2006
-
-
-2. Kerberos V5 STARTTLS Extension
-
- The STARTTLS extension uses the Kerberos V5 TCP extension mechanism
- [3]. The extension uses bit #TBD in the extension bitmask.
-
- The protocol is as follows. After the server has sent the 4-octet
- value 0x00000000 to indicate support of this extension, the stream
- will be controlled by the TLS protocol and its framing. The TLS
- protocol is initiated by the client.
-
- Typically, the client initiate the TLS handshake protocol by sending
- a client hello, and the server responds, and the handshake continues
- until it either succeed or fails.
-
- If for any reason the handshake fails, the STARTTLS protocol will
- also fail, and the TLS error is used as the error indication.
-
- If the handshake succeeds, the Kerberos V5 authentication protocol is
- performed within the protected TLS channel, like a normal TCP
- Kerberos V5 exchange. In particular, this means that every Kerberos
- V5 packet will be prefixed by a 4-octet length field, that indicate
- the length of the Kerberos V5 packet.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Josefsson Expires April 24, 2007 [Page 5]
-
-Internet-Draft Protecting Kerberos V5 with TLS October 2006
-
-
-3. Examples
-
- A complete packet flow for a successful AS-REQ/REP exchange protected
- by this mechanism will be as follows. The "STARTTLS-bit" is a
- 4-octet value with only the bit allocated for this extension set.
-
- Client Server
-
- [ Kerberos V5 TCP extension mechanism negotiation starts ]
-
- [0x70000000 & STARTTLS-bit] -------->
- [0x00000000]
- <--------
-
- [ TLS negotiation starts ]
-
-
- ClientHello -------->
- ServerHello
- Certificate*
- ServerKeyExchange*
- CertificateRequest*
- <-------- ServerHelloDone
- Certificate*
- ClientKeyExchange
- CertificateVerify*
- [ChangeCipherSpec]
- Finished -------->
- [ChangeCipherSpec]
- <-------- Finished
-
- [ Kerberos V5 negotiation starts ]
-
- 4 octet length field
- Kerberos V5 AS-REQ -------->
- 4 octet length field
- Kerberos V5 AS-REP
- <--------
-
- * Indicates optional or situation-dependent messages that are not
- always sent.
-
-
-
-
-
-
-
-
-
-
-Josefsson Expires April 24, 2007 [Page 6]
-
-Internet-Draft Protecting Kerberos V5 with TLS October 2006
-
-
-4. STARTTLS aware KDC Discovery
-
- Section 7.2.3 of Kerberos V5 [2] describe how Domain Name System
- (DNS) SRV records [5] can be used to find the address of an KDC.
- Using the terminology of Section 7.2.3 of RFC 4120, we define a new
- Proto of "tls" to indicate that the particular KDC is intended to
- support this STARTTLS extension. The Service, Realm, TTL, Class,
- SRV, Priority, Weight, Port and Target have the same meaning as in
- RFC 4120.
-
- For example:
-
- _kerberos._tls.EXAMPLE.COM. IN SRV 0 0 88 kdc1.example.com.
- _kerberos._tls.EXAMPLE.COM. IN SRV 1 0 88 kdc2.example.com.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Josefsson Expires April 24, 2007 [Page 7]
-
-Internet-Draft Protecting Kerberos V5 with TLS October 2006
-
-
-5. IANA Considerations
-
- The IANA is requested to allocate a bit in the "Kerberos TCP
- Extensions" registry for the extension described in this document, as
- per [3].
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Josefsson Expires April 24, 2007 [Page 8]
-
-Internet-Draft Protecting Kerberos V5 with TLS October 2006
-
-
-6. Security Considerations
-
- The security considerations in Kerberos V5, TLS, and the extension
- mechanism framework are inherited.
-
- To protect against the inherent downgrade attack in the extension
- framework, it is suggested that implementations offer a policy to
- require that this extension is successfully negotiated. For
- interoperability with implementations that do not support this
- extension, it is suggested that the policy is disabled by default.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Josefsson Expires April 24, 2007 [Page 9]
-
-Internet-Draft Protecting Kerberos V5 with TLS October 2006
-
-
-7. References
-
-7.1. Normative References
-
- [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
- Levels", BCP 14, RFC 2119, March 1997.
-
- [2] Neuman, C., Yu, T., Hartman, S., and K. Raeburn, "The Kerberos
- Network Authentication Service (V5)", RFC 4120, July 2005.
-
- [3] Josefsson, S., "Extended Kerberos Version 5 Key Distribution
- Center (KDC) Exchanges Over TCP",
- draft-ietf-krb-wg-tcp-expansion-01 (work in progress),
- September 2006.
-
- [4] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS)
- Protocol Version 1.1", RFC 4346, April 2006.
-
- [5] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
- specifying the location of services (DNS SRV)", RFC 2782,
- February 2000.
-
-7.2. Informative References
-
- [6] Taylor, D., "Using SRP for TLS Authentication",
- draft-ietf-tls-srp-12 (work in progress), June 2006.
-
- [7] Mavroyanopoulos, N., "Using OpenPGP keys for TLS
- authentication", draft-ietf-tls-openpgp-keys-10 (work in
- progress), June 2006.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Josefsson Expires April 24, 2007 [Page 10]
-
-Internet-Draft Protecting Kerberos V5 with TLS October 2006
-
-
-Author's Address
-
- Simon Josefsson
- SJD
-
- Email: simon@josefsson.org
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Josefsson Expires April 24, 2007 [Page 11]
-
-Internet-Draft Protecting Kerberos V5 with TLS October 2006
-
-
-Full Copyright Statement
-
- Copyright (C) The Internet Society (2006).
-
- This document is subject to the rights, licenses and restrictions
- contained in BCP 78, and except as set forth therein, the authors
- retain all their rights.
-
- This document and the information contained herein are provided on an
- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
- ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
- INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
- INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-
-Intellectual Property
-
- The IETF takes no position regarding the validity or scope of any
- Intellectual Property Rights or other rights that might be claimed to
- pertain to the implementation or use of the technology described in
- this document or the extent to which any license under such rights
- might or might not be available; nor does it represent that it has
- made any independent effort to identify any such rights. Information
- on the procedures with respect to rights in RFC documents can be
- found in BCP 78 and BCP 79.
-
- Copies of IPR disclosures made to the IETF Secretariat and any
- assurances of licenses to be made available, or the result of an
- attempt made to obtain a general license or permission for the use of
- such proprietary rights by implementers or users of this
- specification can be obtained from the IETF on-line IPR repository at
- http://www.ietf.org/ipr.
-
- The IETF invites any interested party to bring to its attention any
- copyrights, patents or patent applications, or other proprietary
- rights that may cover technology that may be required to implement
- this standard. Please address the information to the IETF at
- ietf-ipr@ietf.org.
-
-
-Acknowledgment
-
- Funding for the RFC Editor function is provided by the IETF
- Administrative Support Activity (IASA).
-
-
-
-
-
-Josefsson Expires April 24, 2007 [Page 12]
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 18:55:36 +0000