Re: gss userauth

To: Love <lha%stacken.kth.se@localhost>
Subject: Re: gss userauth
From: Sam Hartman <hartmans%mit.edu@localhost>
Date: Tue, 26 Aug 2003 17:02:58 -0400

>>>>> "Love" == Love  <lha%stacken.kth.se@localhost> writes:

    Love> Sam Hartman <hartmans%mit.edu@localhost> writes:

    >> The mechanism does as good of a job as it can for such cases.
    >> In such cases, GSSAPI tokens are like one-time passwords.  We
    >> know that if an attacker manages to tunnel them or otherwise
    >> get ahold of the token before the token reaches the server (and
    >> the server's replay cache), then the token can be used by the
    >> attacker.

    Love> It could do better if it did channel bindings with session
    Love> identifier in application data using GSS_C_AF_NULLADDRs.

    Love> Then gss mechs without integrity support but with (in gss
    Love> spec optional) channel binding support would not be
    Love> vulnerable to tunneling.

It could do that.  I wonder if it would work.  I am sufficiently
uncomfortable with GSS channel bindings to refrain from recommending
their use until CCM becomes much more mature.

Right now, I think that depending on channel bindings would delay our
solution.  If we believe we want to break backward compatability, I'd
rather choose one of the other approaches.

Follow-Ups:
- Re: gss userauth
  - From: Nicolas Williams

References:
- draft minutes from IETF57 secure shell meeting.
  - From: Bill Sommerfeld
- gss userauth
  - From: Love
- Re: gss userauth
  - From: Love Hörnquist Åstrand
- Re: gss userauth
  - From: Sam Hartman
- Re: gss userauth
  - From: Love

Prev by Date: Re: gss userauth
Next by Date: Re: gss userauth
Previous by Thread: Re: gss userauth
Next by Thread: Re: gss userauth
Indexes:

Home | Main Index | Thread Index | Old Index