Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

The bogosity meter just pegged.

devel / comp.protocols.kerberos / Re: RFC 4121 & acceptor subkey use in MIC token generation

SubjectAuthor
o Re: RFC 4121 & acceptor subkey use in MIC token generationKen Hornstein

1
Re: RFC 4121 & acceptor subkey use in MIC token generation

<mailman.17.1698252307.2263420.kerberos@mit.edu>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=393&group=comp.protocols.kerberos#393

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!news.hispagatos.org!news.nntp4.net!weretis.net!feeder8.news.weretis.net!3.eu.feeder.erje.net!3.us.feeder.erje.net!feeder.erje.net!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: kenh@cmf.nrl.navy.mil (Ken Hornstein)
Newsgroups: comp.protocols.kerberos
Subject: Re: RFC 4121 & acceptor subkey use in MIC token generation
Date: Wed, 25 Oct 2023 12:44:40 -0400
Organization: TNet Consulting
Lines: 28
Message-ID: <mailman.17.1698252307.2263420.kerberos@mit.edu>
References: <202310241950.39OJoa0Z000708@hedwig.cmf.nrl.navy.mil>
<3db2752e-565e-1f64-b354-9031a2fe9334@mit.edu> <ZTiT0ub2uv5A/b4E@ubby21>
<202310251251.39PCpTqc026799@hedwig.cmf.nrl.navy.mil>
<ZTk62q0DIAZmW0eL@ubby21>
<CALF+FNwtDrQ0d+a=zsXyiYq6rhOiXXkqoxUnscwum0Q0wchLJQ@mail.gmail.com>
<202310251644.39PGieLN008378@hedwig.cmf.nrl.navy.mil>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="26271"; mail-complaints-to="newsmaster@tnetconsulting.net"
Cc: <kerberos@mit.edu>
To: Jeffrey Hutzelman <jhutz@cmu.edu>
Authentication-Results: mit.edu; dmarc=pass (p=reject dis=none)
header.from=cmf.nrl.navy.mil
Authentication-Results: mit.edu; arc=pass smtp.remote-ip=18.9.3.17
ARC-Seal: i=2; a=rsa-sha256; d=mit.edu; s=arc; t=1698252306; cv=pass;
b=fb4h72HJ5a717apt+KZJn6ccOvRAM6BX5riL907bSQIA4TBaLT1fGwiUOzU8VznBNwKmLjFPZy0QgczNUW1/cJMm7z52u5TDz7k0tHlOdzpogprXRZZsopM+TBo1MtBYcjlLry3PVhTV8bgo2GRmQ5CFWymiGyadsVQt0R1ZgS16TWAZwVVgqYPEgCZtzg7IpoS+hGnLZ94IFaDhzEryb68JU/QN9cFd9GrykIrF9OJUd36WIaN4mlOthkecmh5+EncMaQdlqeeKLR8oVonHt5+XzT88J4gyoNkwUZovYS+eoc3fDvAU3LXlRCNbWILms2t4xpjYst8PaEI5vJwVlA==
ARC-Message-Signature: i=2; a=rsa-sha256; d=mit.edu; s=arc; t=1698252306;
c=relaxed/relaxed; bh=c3POf4HtQf28qLnKT6xnUFAdzDwymNIvaAa7FybpLAk=;
h=Message-ID:From:Subject:MIME-Version:Content-Type:Date;
b=LTbJu7jzdAPIFwmZYg0YPoHiPsBOYnULwOBYzzEaogsE16nYTV2xtnmt1+SojNzGem91AUN78Xk4MCXBYn4Q8T3O9pHDyS4+dFf4HeT/E9AyTq65Y5sUlqrGtDHPCQ+/yJh7SXRd0ELpDrC/+6QnSltbEw3ozxqcH2Dv1Mu4UqoqPa3SYSTemwCN1D0lwCSXGcspUlWhvlv5+tEzTu1cIyw+FK0gDXRRH6zVt1jhMNzvnskxIQ9kJ7FJ6rRu49Qz89nYjEIeW/+1T5oEFVewY90cf6qzBF81/XVp61dCX9Vrov3JeaBKAmAA8gEO3ZDNZtFr2NuyN7Gq3LcUIRFwjg==
ARC-Authentication-Results: i=2; mit.edu; dkim=pass (1024-bit key;
unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=lDGRGQVq;
dkim=pass (2048-bit key;
unprotected) header.d=nrl.navy.mil header.i=@nrl.navy.mil header.a=rsa-sha256
header.s=s2.dkim header.b=bnUzLIC3
Authentication-Results: mit.edu; dkim=pass (1024-bit key;
unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=lDGRGQVq;
dkim=pass (2048-bit key;
unprotected) header.d=nrl.navy.mil header.i=@nrl.navy.mil header.a=rsa-sha256
header.s=s2.dkim header.b=bnUzLIC3
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=b2KLSNN3jcfz6f/dzTC8KQAIos4piGOEZyT/acR4YzJjnwLHJKyaAkHZvRrsDj8CqWXRMqvdNuJSTvIUT0EgibC9E0D3yFGSswzdDNSiBTDWa1ez09Sh1OifDf/QI+ZOZzLuHuttfLBlUpYL0rH581pOGUqwwB8GUJ+9HQksbp/59DHdElNAH/Yjt3CtNnsfEAEPdfD8KErpAjQGN9ppvv4CnzrrsarrXtEuDCrlOEYKf+VhckpQbKkLNh5EvIUtzeHZ//9aQG92VzYb2vX+VaY+ltfLAt7uvTSYRoL/6N8n+OBv8/kN2gPDt6ghZbBRS5Lyzir5w9EsMONa6wO0EA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=c3POf4HtQf28qLnKT6xnUFAdzDwymNIvaAa7FybpLAk=;
b=oZiXz7dioeihlEUJgN2Fu0YV6qAyeIJBcIeRijztWmEYstbtQHmUaTGVNL+SrRdQ65PVuPFGeRoWVx800fs+6KC4Bx1hpGJjoxABnnBdgYd3ZQGdXW7KJMORD6eGxKv7391xcHzLxLVbdZSDpQD5OB+8Gln9rBLIt4kfkfql76/yK2fMzfRqLcoq5zC5URqPKYlIRfoVTNuAfyW5X8lLAbiqeU0VCM10SnbNjMJ7zCWOr6iY+uX4lzKSPXCQnF7QxoavLclgO6GcECNySiB9qCy0Ztk4H/RtTQzU2BKSjDBMLpS+WK1i3/LFfWhmDhX/IRlz4cFVvkyr8fW5oij5hQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
140.32.61.234) smtp.rcpttodomain=mit.edu smtp.mailfrom=cmf.nrl.navy.mil;
dmarc=pass (p=reject sp=reject pct=100) action=none
header.from=cmf.nrl.navy.mil; dkim=pass (signature was verified)
header.d=nrl.navy.mil; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=c3POf4HtQf28qLnKT6xnUFAdzDwymNIvaAa7FybpLAk=;
b=lDGRGQVq9LSpws2p5YUWJ6UZmyUsOk9NWLm1cusgn64MwnaHO2+igFLs2LNbwZXivRWpAl3jCmIHY2xfxN120D5Bey46YHcRMDX8+BoiRyD1pObgEUWsXMxAm4jJJgbPCNof4L1nHkbeJhe9cJuztT+MeXa1ZkZF2iHcRpc/fpQ=
Authentication-Results: spf=pass (sender IP is 140.32.61.234)
smtp.mailfrom=cmf.nrl.navy.mil; dkim=pass (signature was verified)
header.d=nrl.navy.mil;dmarc=pass action=none header.from=cmf.nrl.navy.mil;
Received-SPF: Pass (protection.outlook.com: domain of cmf.nrl.navy.mil
designates 140.32.61.234 as permitted sender)
receiver=protection.outlook.com; client-ip=140.32.61.234; helo=mf.dren.mil;
pr=C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nrl.navy.mil;
h=message-id : from :
to : cc : subject : in-reply-to : references : mime-version : content-type
: date; s=s2.dkim; bh=c3POf4HtQf28qLnKT6xnUFAdzDwymNIvaAa7FybpLAk=;
b=bnUzLIC3FoFK2PzYwXzGU0qA/JaNYqmv8zBNSwY9l9Bz3xFrgiRzPTAkf4uqFmhGN0h6
gjC+unn/gdqv35jTOvK89bIyxmR8hflQtrgNZqzG4vmGrkNVCahtQw4hQLsBBiStNEJX
fJzy5L5igBFwh3G13zHY+6VSu2qo3Q4rE1R+i06gS/tu0Ft79NnX0HjBlKuucdEALZ7D
mjdKc2spvS4Dg7jit4d+gGmFG2Rqvc0ylGD5KFLDzOzmzQf81mzVx1lk0H4wpsmBGukA
S1AXtveIFvDNZeV2dy/BnVPa9F2yw3/GH5NcN4TClZ84+5j7aT6GOZdL16f+IoZDvvA/ kw==
In-Reply-To: <CALF+FNwtDrQ0d+a=zsXyiYq6rhOiXXkqoxUnscwum0Q0wchLJQ@mail.gmail.com>
X-Face: "Evs"_GpJ]],xS)b$T2#V&{KfP_i2`TlPrY$Iv9+TQ!6+`~+l)#7I)0xr1>4hfd{#0B4
WIn3jU;bql;{2Uq%zw5bF4?%F&&j8@KaT?#vBGk}u07<+6/`.F-3_GA@6Bq5gN9\+s;_d
gD\SW #]iN_U0 KUmOR.P<|um5yP<ea#^"SJK;C*}fMI;Mv(aiO2z~9n.w?@\>kEpSD@*e`
X-NRLCMF-Spam-Score: () hits=0 User Authenticated
X-NRLCMF-Virus-Scanned:
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BL02EPF0001A0FD:EE_|SA1PR01MB6766:EE_
X-MS-Office365-Filtering-Correlation-Id: f101c05b-d03f-41ba-d47c-08dbd579b79e
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: oW+YeEf2tFH+a1cYyzRYcUE5JgtRavfkw1kAavy8vUa8ft+rxu7uMArsq4Ddu0ZqcrOGUFEGrOPRoG7D7z5uGeoy5X/r0qdyAUIuD41f+Lk2LtPmGC7vbXyupB+6i3CfEJ6/Z/XUF9VhmFVZ5vevfdrwhaNX5DRsj8/cNhUE6AWBA5QV53m6ZtHbAD4uo71+DFS3LSpb74S9upB4XHDBZ8JoemUsEoGHH6XEWJB3fHnlkqjty36gWvhA06DeNFYiKB5MV+Rfft5y8gVWDZQLapDYUeVB6kLT0m4+4OFp4jWMit4AX7BlivtyJNLmKbW4DyMRcGSlxOzBXiCmwbFZ+5BVMdAiV7q2M+ZWM6vnXaUcgLOdqBDCBVnWvO/8X9nDFEwrEwJliSLDX4eU5rIfQBRzqQxabKNdSAd0mDXphs8IrwA6HrgPJ6Y5I+z7KrA2LbK65kILltQOpWcYt/Lg3942mKDMhawxspCtQngHTN2ENeoSbUQo7q32KgjhRqgqys63NJ7dNCMb2Lkpyo5sbtcde38eZnSJUNTWzpH8qKlrKpbubRBfV+TGat7TsU/FH5zPaz7L/zn4REy8xGYtIkdQq4zGzp5G0Cd0eg3OMg07Jv7AAXTsP+sCAVZ1K6uGXKme4e7IWelBtQ8TT62SjVLOFBRUFs9EPY+yrFOrrJKbHFRsO6wcq27s8UygWY/fIRsIHYbItq1yhvaRUl/H5A==
X-Forefront-Antispam-Report: CIP:140.32.61.234; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:mf.dren.mil; PTR:mfw.dren.mil; CAT:NONE;
SFS:(13230031)(4636009)(39860400002)(376002)(136003)(346002)(396003)(451199024)(64100799003)(61400799006)(48200799006)(26005)(86362001)(2906002)(6862004)(5660300002)(8676002)(68406010)(4326008)(956004)(6666004)(498600001)(316002)(7636003)(1076003)(70586007)(786003)(356005)(83380400001)(336012)(426003)(45080400002);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 16:44:54.9112 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f101c05b-d03f-41ba-d47c-08dbd579b79e
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: BL02EPF0001A0FD.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR01MB6766
X-OriginatorOrg: mitprod.onmicrosoft.com
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <202310251644.39PGieLN008378@hedwig.cmf.nrl.navy.mil>
X-Mailman-Original-References: <202310241950.39OJoa0Z000708@hedwig.cmf.nrl.navy.mil>
<3db2752e-565e-1f64-b354-9031a2fe9334@mit.edu> <ZTiT0ub2uv5A/b4E@ubby21>
<202310251251.39PCpTqc026799@hedwig.cmf.nrl.navy.mil>
<ZTk62q0DIAZmW0eL@ubby21>
<CALF+FNwtDrQ0d+a=zsXyiYq6rhOiXXkqoxUnscwum0Q0wchLJQ@mail.gmail.com>
 by: Ken Hornstein - Wed, 25 Oct 2023 16:44 UTC

>Yeah; IIRC that was to allow cases where the initiator would send the first
>context token in the same packet/message with early data, such as a MIC
>binding the exchange to some channel. In retrospect, perhaps it has caused
>more trouble than it was worth. We didn't use this in RFC 4462 userauth,
>which doesn't use mutual anyway.

I mean, fair enough; I understand what Nico was saying as to the
intention; my point is just that it seems that (a) MIT Kerberos only
sets the PROT_READY flag when GSS_S_COMPLETE is returned, and Heimdal
sets it ... never? At least that's what the MacOS X version of Heimdal
seems to do. So if there ARE apps that actually look at the PROT_READY
flag, it seems like at least if they're using Kerberos mechanisms they
never actually will see it which makes me wonder if anyone ever actually
tested this, ever. No idea what the GSS code in Microsoft will do.

>In any case, I think the behavior Ken is seeing is that the initiator
>doesn't even assert a subkey -- it always uses the ticket session key. That
>seems... unfortunate.

It's worse: the initiator doesn't assert a subkey (which I can
personally live with) but also ignores the subkey asserted in the
AP-REP, at least for ssh authentication code (there are comments that
say they do look at the subkey when doing tests that involve SMB).
Like I said, this works with MIT Kerberos because they don't actually
enforce the RFC's MUST, based on (what I argued was wrong) a 20 year
old comment.

--Ken

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor