From rmaloneo@nextgentel.com Mon Jun 23 06:00:37 2008 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 48BA23A6979 for ; Mon, 23 Jun 2008 06:00:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -31.346 X-Spam-Level: X-Spam-Status: No, score=-31.346 tagged_above=-999 required=5 tests=[BAYES_80=2, HELO_DYNAMIC_HCC=4.295, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.097, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1, SARE_FROM_DRUGS=1.666, SUBJ_ALL_CAPS=2.077, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id laXmR8HvRMOx for ; Mon, 23 Jun 2008 06:00:32 -0700 (PDT) Received: from cpc1-kemp4-0-0-cust553.lutn.cable.ntl.com (cpc1-kemp4-0-0-cust553.lutn.cable.ntl.com [82.6.46.42]) by core3.amsl.com (Postfix) with SMTP id 60C643A69B3 for ; Mon, 23 Jun 2008 06:00:30 -0700 (PDT) Message-Id: <20080623023939.17484.qmail@cpc1-kemp4-0-0-cust553.lutn.cable.ntl.com> To: Subject: RE: SALE 89% OFF From: VIAGRA INC MIME-Version: 1.0 Content-Type: text/html Date: Mon, 23 Jun 2008 06:00:30 -0700 (PDT)
From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 26 08:05:55 2008 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D22E73A693B for ; Thu, 26 Jun 2008 08:05:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3EB3njPbgstZ for ; Thu, 26 Jun 2008 08:05:54 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id B8A203A67D0 for ; Thu, 26 Jun 2008 08:05:54 -0700 (PDT) Received: from mailhost.anl.gov (localhost [127.0.0.1]) by localhost.ctd.anl.gov (Postfix) with ESMTP id BEB6E40; Thu, 26 Jun 2008 10:05:56 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 247C93A; Thu, 26 Jun 2008 10:05:50 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id DF0E380D8F; Thu, 26 Jun 2008 10:05:50 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 5776C80D81 for ; Thu, 26 Jun 2008 10:05:49 -0500 (CDT) Received: from mailrelay.anl.gov (localhost [127.0.0.1]) by localhost.ctd.anl.gov (Postfix) with ESMTP id F04255F0C04; Thu, 26 Jun 2008 10:05:48 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id CF3675F0C03 for ; Thu, 26 Jun 2008 10:05:48 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AlIBAMZMY0jYUv0zfGdsb2JhbACSYQEBCwUCBAkRBZ9T X-IronPort-AV: E=Sophos;i="4.27,708,1204524000"; d="scan'208";a="16337868" Received: from mail153.messagelabs.com ([216.82.253.51]) by mailgateway.anl.gov with SMTP; 26 Jun 2008 10:05:48 -0500 X-VirusChecked: Checked X-Env-Sender: Adam.Lewis@motorola.com X-Msg-Ref: server-14.tower-153.messagelabs.com!1214492746!16194833!1 X-StarScan-Version: 5.5.12.14.2; banners=-,-,- X-Originating-IP: [129.188.136.8] Received: (qmail 15376 invoked from network); 26 Jun 2008 15:05:47 -0000 Received: from motgate8.mot.com (HELO motgate8.mot.com) (129.188.136.8) by server-14.tower-153.messagelabs.com with SMTP; 26 Jun 2008 15:05:47 -0000 Received: from il06exr03.mot.com (il06exr03.mot.com [129.188.137.133]) by motgate8.mot.com (8.12.11/Motorola) with ESMTP id m5QF5kvU004899 for ; Thu, 26 Jun 2008 08:05:46 -0700 (MST) Received: from il06vts04.mot.com (il06vts04.mot.com [129.188.137.144]) by il06exr03.mot.com (8.13.1/Vontu) with SMTP id m5QF5ksw024608 for ; Thu, 26 Jun 2008 10:05:46 -0500 (CDT) Received: from de01exm67.ds.mot.com (de01exm67.am.mot.com [10.176.8.18]) by il06exr03.mot.com (8.13.1/8.13.0) with ESMTP id m5QF5jV7024596 for ; Thu, 26 Jun 2008 10:05:45 -0500 (CDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Thu, 26 Jun 2008 11:05:42 -0400 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Proxiable/forwardable question thread-index: AcjXnhoS5s7GDEiTSYOq3CIahHKfZg== From: "Lewis Adam-CAL022" To: X-CFilter-Loop: Reflected Subject: [Ietf-krb-wg] Proxiable/forwardable question X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Hi all, I am considering Kerberos as a design solution for a communication system, and have some questions with respect to its capability for delegation. As I currently understand the RFC and deployments thus far, delegation is used when Alice logs onto Bob, and Bob needs to access a resource on Carol using Alice's credentials. My question centers around integrity and confidentiality of messages. Using Kerberos, it is possible for Alice to log into Bob, and for Alice to delegate to Bob, such that Bob can not only authenticate to Carole (on Alice's behalf), but also have the authentication result in a shared session key between Alice and Carole? Thanks Adam _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 26 10:27:23 2008 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 734FB3A6AFB for ; Thu, 26 Jun 2008 10:27:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Xwjp+xvuLlp for ; Thu, 26 Jun 2008 10:27:22 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 4ED583A6947 for ; Thu, 26 Jun 2008 10:27:22 -0700 (PDT) Received: from mailhost.anl.gov (localhost [127.0.0.1]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 9BF863C; Thu, 26 Jun 2008 12:27:25 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id A05DF3F; Thu, 26 Jun 2008 12:27:23 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 4329880D8F; Thu, 26 Jun 2008 12:27:23 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id C637380D81 for ; Thu, 26 Jun 2008 12:27:21 -0500 (CDT) Received: from mailrelay.anl.gov (localhost [127.0.0.1]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 74B8D5F0C03; Thu, 26 Jun 2008 12:27:21 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 50AFF5F0C01 for ; Thu, 26 Jun 2008 12:27:21 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AnUEAMxtY0iAAskQVWdsb2JhbACSWAEWBQgGE6Br X-IronPort-AV: E=Sophos;i="4.27,709,1204524000"; d="scan'208";a="16349198" Received: from jackfruit.srv.cs.cmu.edu ([128.2.201.16]) by mailgateway.anl.gov with ESMTP; 26 Jun 2008 12:27:20 -0500 Received: from SIRIUS.FAC.CS.CMU.EDU (SIRIUS.FAC.CS.CMU.EDU [128.2.209.170]) (authenticated bits=0) by jackfruit.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id m5QHRII8028858 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 26 Jun 2008 13:27:19 -0400 (EDT) Date: Thu, 26 Jun 2008 13:27:18 -0400 From: Jeffrey Hutzelman To: Lewis Adam-CAL022 , ietf-krb-wg@lists.anl.gov Message-ID: <0D4EFF373FC0C17BE33A790D@sirius.fac.cs.cmu.edu> In-Reply-To: References: X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline Cc: jhutz@cmu.edu Subject: Re: [Ietf-krb-wg] Proxiable/forwardable question X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov --On Thursday, June 26, 2008 11:05:42 AM -0400 Lewis Adam-CAL022 wrote: > Hi all, > > I am considering Kerberos as a design solution for a communication > system, and have some questions with respect to its capability for > delegation. As I currently understand the RFC and deployments thus far, > delegation is used when Alice logs onto Bob, and Bob needs to access a > resource on Carol using Alice's credentials. My question centers around > integrity and confidentiality of messages. Using Kerberos, it is > possible for Alice to log into Bob, and for Alice to delegate to Bob, > such that Bob can not only authenticate to Carole (on Alice's behalf), > but also have the authentication result in a shared session key between > Alice and Carole? Bob can relay Kerberos traffic between Alice and Carol, such that Alice and Carol end up proving their identities to each other and sharing a session key no one else knows, even though they can't directly talk to each other. If you need a key that all three parties know, start by having two parties agree on a key, then have one of them tell the third(*). Of course, once you have a key all three parties agree on, you have to think very carefully about how you're going to use it. Most cryptographic communication protocols are designed to secure communication between exactly two parties, and don't automatically scale to cases where there are more than two parties, especially if all of them are talking. (*) In the exchange you describe, there actually is a key that all three parties know -- the session key in the ticket which Alice has delegated to Bob. Bob and Carol know this key as a result of the normal Kerberos AP-REQ exchange, and Alice knows it because she can look at what she sent to Bob. However, you really don't want to use this key for anything other than the AP-REQ exchange, because you won't necessarily get a new one every time Alice forwards a ticket to Bob, and that makes the analysis much harder. -- Jeff _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 26 11:44:56 2008 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 257113A69D3 for ; Thu, 26 Jun 2008 11:44:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LMxwam6eWIGA for ; Thu, 26 Jun 2008 11:44:55 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 0C4493A68F1 for ; Thu, 26 Jun 2008 11:44:55 -0700 (PDT) Received: from mailhost.anl.gov (localhost [127.0.0.1]) by localhost.ctd.anl.gov (Postfix) with ESMTP id B7F4A30; Thu, 26 Jun 2008 13:44:57 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 7B88E24; Thu, 26 Jun 2008 13:44:54 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 5A3C580D8F; Thu, 26 Jun 2008 13:44:54 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 6B1D980D81 for ; Thu, 26 Jun 2008 13:44:52 -0500 (CDT) Received: from mailrelay.anl.gov (localhost [127.0.0.1]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 12C095F0C05; Thu, 26 Jun 2008 13:44:52 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id E3F085F0C04 for ; Thu, 26 Jun 2008 13:44:51 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AjkBAIyAY0jYUvUzfGdsb2JhbACSYgEBCwUCBgcRBaB+ X-IronPort-AV: E=Sophos;i="4.27,709,1204524000"; d="scan'208";a="16354470" Received: from mail119.messagelabs.com ([216.82.245.51]) by mailgateway.anl.gov with SMTP; 26 Jun 2008 13:44:51 -0500 X-VirusChecked: Checked X-Env-Sender: Adam.Lewis@motorola.com X-Msg-Ref: server-10.tower-119.messagelabs.com!1214505889!27423869!1 X-StarScan-Version: 5.5.12.14.2; banners=-,-,- X-Originating-IP: [144.189.100.101] Received: (qmail 27217 invoked from network); 26 Jun 2008 18:44:49 -0000 Received: from motgate2.mot.com (HELO motgate2.mot.com) (144.189.100.101) by server-10.tower-119.messagelabs.com with SMTP; 26 Jun 2008 18:44:49 -0000 Received: from az33exr03.mot.com (az33exr03.mot.com [10.64.251.233]) by motgate2.mot.com (8.12.11/Motorola) with ESMTP id m5QIimNr006768 for ; Thu, 26 Jun 2008 11:44:48 -0700 (MST) Received: from az10vts02.mot.com (az10vts02.mot.com [10.64.251.243]) by az33exr03.mot.com (8.13.1/Vontu) with SMTP id m5QIimQc019375 for ; Thu, 26 Jun 2008 13:44:48 -0500 (CDT) Received: from de01exm67.ds.mot.com (de01exm67.am.mot.com [10.176.8.18]) by az33exr03.mot.com (8.13.1/8.13.0) with ESMTP id m5QIikUC019358 for ; Thu, 26 Jun 2008 13:44:47 -0500 (CDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Thu, 26 Jun 2008 14:44:42 -0400 Message-ID: In-Reply-To: <0D4EFF373FC0C17BE33A790D@sirius.fac.cs.cmu.edu> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Ietf-krb-wg] Proxiable/forwardable question thread-index: AcjXsedtxALRhH4YQo+TS8ZPWDYN1QACWcIg References: <0D4EFF373FC0C17BE33A790D@sirius.fac.cs.cmu.edu> From: "Lewis Adam-CAL022" To: "Jeffrey Hutzelman" , X-CFilter-Loop: Reflected Subject: Re: [Ietf-krb-wg] Proxiable/forwardable question X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Hi Jeff, > > I am considering Kerberos as a design solution for a communication > > system, and have some questions with respect to its capability for > > delegation. As I currently understand the RFC and deployments thus > > far, delegation is used when Alice logs onto Bob, and Bob needs to > > access a resource on Carol using Alice's credentials. My question > > centers around integrity and confidentiality of messages. Using > > Kerberos, it is possible for Alice to log into Bob, and for > Alice to > > delegate to Bob, such that Bob can not only authenticate to > Carole (on > > Alice's behalf), but also have the authentication result in > a shared > > session key between Alice and Carole? > > Bob can relay Kerberos traffic between Alice and Carol, such > that Alice and Carol end up proving their identities to each > other and sharing a session key no one else knows, even > though they can't directly talk to each other. > If you need a key that all three parties know, start by > having two parties agree on a key, then have one of them tell > the third(*). > I'm looking at the first option, in fact I would prefer that Bob does not know the session key between Alice and Carol. Once the session keys have been established, bearer traffic will flow directly between Alice and Carol, by-passing Bob. Pseudo-logic is something like this: 1) Alice authenticates to Bob 2) Bob authenticates Alice to Carol 3) Alice and Carol get shared secret to authenticate traffic between them, bypassing Bob Steps 1 and 2 are straight forward, but what part of the RFC describes how step 3 is enabled? _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Jun 26 13:21:56 2008 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2359E3A68EA for ; Thu, 26 Jun 2008 13:21:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O0Fv-PjOpgZx for ; Thu, 26 Jun 2008 13:21:54 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id DBDB03A6823 for ; Thu, 26 Jun 2008 13:21:54 -0700 (PDT) Received: from mailhost.anl.gov (localhost [127.0.0.1]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 2B75839; Thu, 26 Jun 2008 15:21:58 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id B517C24; Thu, 26 Jun 2008 15:21:54 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 7C8B780D8F; Thu, 26 Jun 2008 15:21:54 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id AB73280D81 for ; Thu, 26 Jun 2008 15:21:52 -0500 (CDT) Received: from mailrelay.anl.gov (localhost [127.0.0.1]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 579375F0C03; Thu, 26 Jun 2008 15:21:52 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 252DD5F0C01 for ; Thu, 26 Jun 2008 15:21:52 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkkDAJSWY0iAAskQX2dsb2JhbACSWhcFBgcUoUE X-IronPort-AV: E=Sophos;i="4.27,710,1204524000"; d="scan'208";a="16361625" Received: from jackfruit.srv.cs.cmu.edu ([128.2.201.16]) by mailgateway.anl.gov with ESMTP; 26 Jun 2008 15:21:51 -0500 Received: from SIRIUS.FAC.CS.CMU.EDU (SIRIUS.FAC.CS.CMU.EDU [128.2.209.170]) (authenticated bits=0) by jackfruit.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id m5QKLmr6006681 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 26 Jun 2008 16:21:49 -0400 (EDT) Date: Thu, 26 Jun 2008 15:11:03 -0400 From: Jeffrey Hutzelman To: Lewis Adam-CAL022 , ietf-krb-wg@lists.anl.gov Message-ID: In-Reply-To: References: <0D4EFF373FC0C17BE33A790D@sirius.fac.cs.cmu.edu> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline Cc: jhutz@cmu.edu Subject: Re: [Ietf-krb-wg] Proxiable/forwardable question X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.9 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov --On Thursday, June 26, 2008 02:44:42 PM -0400 Lewis Adam-CAL022 wrote: > > Hi Jeff, > >> > I am considering Kerberos as a design solution for a communication >> > system, and have some questions with respect to its capability for >> > delegation. As I currently understand the RFC and deployments thus >> > far, delegation is used when Alice logs onto Bob, and Bob needs to >> > access a resource on Carol using Alice's credentials. My question >> > centers around integrity and confidentiality of messages. Using >> > Kerberos, it is possible for Alice to log into Bob, and for >> Alice to >> > delegate to Bob, such that Bob can not only authenticate to >> Carole (on >> > Alice's behalf), but also have the authentication result in >> a shared >> > session key between Alice and Carole? >> >> Bob can relay Kerberos traffic between Alice and Carol, such >> that Alice and Carol end up proving their identities to each >> other and sharing a session key no one else knows, even >> though they can't directly talk to each other. >> If you need a key that all three parties know, start by >> having two parties agree on a key, then have one of them tell >> the third(*). >> > > I'm looking at the first option, in fact I would prefer that Bob does > not know the session key between Alice and Carol. Once the session keys > have been established, bearer traffic will flow directly between Alice > and Carol, by-passing Bob. Pseudo-logic is something like this: > > 1) Alice authenticates to Bob > 2) Bob authenticates Alice to Carol Bob doesn't authenticate Alice to Carol, at least not if you're using Kerberos. Credential delegation would mean that Bob could authenticate to Carol _as Alice_. Carol won't be able to tell the difference between Bob and the real Alice. You can certainly build an application in which Bob gives a key to Carol and says "the other person with this key is Alice", and Carol somehow believes Bob. But that wouldn't be Kerberos. > 3) Alice and Carol get shared secret to authenticate traffic between > them, bypassing Bob > Steps 1 and 2 are straight forward, but what part of the RFC describes > how step 3 is enabled? Basically, what you want to do is have Alice and Carol conduct an AP-REQ/AP-REP exchange, in which Alice authenticates to Carol, after which they have a shared secret. If Alice and Carol cannot directly communicate, then Bob can serve as an intermediary, relaying messages between Alice and Carol but not being able to interpret them. It might help a lot if you give up on the hypothetical and tell us what you're really trying to do. There's a good chance that there is a solution based on existing technology, but it's hard to tell without knowing more about what's going on. -- Jeff _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg