Re: draft-ietf-secsh-gsskeyex-06.txt security considerations

[Nicolas Williams <Nicolas.Williams%sun.com@localhost>]

On Mon, Jul 14, 2003 at 11:52:52AM -0400, Joel N. Weber II wrote:
> I'd like to propose adding the following text to
> draft-ietf-secsh-gsskeyex-06.txt after the end of the paragraph in the
> security considerations section that starts with ``The key exchange
> method described in section 1'':
> 
>    However, the security of the key exchange does not require that the
>    GSSAPI mechanism provide any replay detection.
> 
> I also notice that the key exchange mechanism is actually discussed in
> section 2 and not section 1.
> 
> And it seems somewhat asymetrical that security considerations talks
> about the required properties of a GSSAPI mechanism used for key
> exchange, but says nothing about user authentication.

As with the lack of reference to replay [and out-of-sequence] detection,
the text you requests is likely absent because none is needed.

In the case of replay detection it is not needed since one and not more
than one non-context token GSS-API message token is to be exchanged!

In the case of GSS-API userauth, per-message integrity services are not
needed because no non-context GSS-API tokens are exchanged!

This leaves the use of mutual authentication during GSS-API userauth as
an interesting case.  Since the server is authenticated during the key
exchange phase of the protocol mutual authentication during the userauth
phase of the protocol is not needed - it neither helps security nor
hurts it in this particular case.

Perhaps the fact that and reasons why GSS-API replay and out-of-sequence
detection are not needed at all here and why GSS-API mutual
authentication and per-message integrity services are not needed in the
userauth case ought to be stated.

Cheers,

Nico
--