draft-ietf-kitten-krb-spake-preauth-03.txt   draft-ietf-kitten-krb-spake-preauth-04.txt 
Internet Engineering Task Force N. McCallum Internet Engineering Task Force N. McCallum
Internet-Draft S. Sorce Internet-Draft S. Sorce
Updates: 3961 (if approved) R. Harwood Updates: 3961 (if approved) R. Harwood
Intended status: Standards Track Red Hat, Inc. Intended status: Standards Track Red Hat, Inc.
Expires: June 3, 2018 G. Hudson Expires: July 28, 2018 G. Hudson
MIT MIT
November 30, 2017 January 24, 2018
SPAKE Pre-Authentication SPAKE Pre-Authentication
draft-ietf-kitten-krb-spake-preauth-03 draft-ietf-kitten-krb-spake-preauth-04
Abstract Abstract
This document defines a new pre-authentication mechanism for the This document defines a new pre-authentication mechanism for the
Kerberos protocol that uses a password authenticated key exchange. Kerberos protocol that uses a password authenticated key exchange.
This document has three goals. First, increase the security of This document has three goals. First, increase the security of
Kerberos pre-authentication exchanges by making offline brute-force Kerberos pre-authentication exchanges by making offline brute-force
attacks infeasible. Second, enable the use of second factor attacks infeasible. Second, enable the use of second factor
authentication without relying on FAST. This is achieved using the authentication without relying on FAST. This is achieved using the
existing trust relationship established by the shared first factor. existing trust relationship established by the shared first factor.
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 3, 2018. This Internet-Draft will expire on July 28, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 3, line 5 skipping to change at page 3, line 5
10.5. Brute Force Attacks . . . . . . . . . . . . . . . . . . 16 10.5. Brute Force Attacks . . . . . . . . . . . . . . . . . . 16
10.6. Denial of Service Attacks . . . . . . . . . . . . . . . 17 10.6. Denial of Service Attacks . . . . . . . . . . . . . . . 17
10.7. Reply-Key Encryption Type . . . . . . . . . . . . . . . 17 10.7. Reply-Key Encryption Type . . . . . . . . . . . . . . . 17
10.8. KDC Authentication . . . . . . . . . . . . . . . . . . . 17 10.8. KDC Authentication . . . . . . . . . . . . . . . . . . . 17
11. Assigned Constants . . . . . . . . . . . . . . . . . . . . . 17 11. Assigned Constants . . . . . . . . . . . . . . . . . . . . . 17
12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17
12.1. Kerberos Second Factor Types . . . . . . . . . . . . . . 18 12.1. Kerberos Second Factor Types . . . . . . . . . . . . . . 18
12.1.1. Registration Template . . . . . . . . . . . . . . . 18 12.1.1. Registration Template . . . . . . . . . . . . . . . 18
12.1.2. Initial Registry Contents . . . . . . . . . . . . . 18 12.1.2. Initial Registry Contents . . . . . . . . . . . . . 18
12.2. Kerberos SPAKE Groups . . . . . . . . . . . . . . . . . 18 12.2. Kerberos SPAKE Groups . . . . . . . . . . . . . . . . . 19
12.2.1. Registration Template . . . . . . . . . . . . . . . 19 12.2.1. Registration Template . . . . . . . . . . . . . . . 19
12.2.2. Initial Registry Contents . . . . . . . . . . . . . 19 12.2.2. Initial Registry Contents . . . . . . . . . . . . . 19
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 21
13.1. Normative References . . . . . . . . . . . . . . . . . . 20 13.1. Normative References . . . . . . . . . . . . . . . . . . 21
13.2. Non-normative References . . . . . . . . . . . . . . . . 22 13.2. Non-normative References . . . . . . . . . . . . . . . . 22
Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 23 Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 23
Appendix B. SPAKE M and N Value Selection . . . . . . . . . . . 24 Appendix B. SPAKE M and N Value Selection . . . . . . . . . . . 24
Appendix C. Test Vectors . . . . . . . . . . . . . . . . . . . . 24 Appendix C. Test Vectors . . . . . . . . . . . . . . . . . . . . 24
Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 31 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 31
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 31 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 31
1. Introduction 1. Introduction
When a client uses PA-ENC-TIMESTAMP (or similar schemes, or the KDC When a client uses PA-ENC-TIMESTAMP (or similar schemes, or the KDC
skipping to change at page 7, line 34 skipping to change at page 7, line 34
pre-authentication. We will begin by explaining the most verbose pre-authentication. We will begin by explaining the most verbose
version of the protocol which all implementations MUST support. Then version of the protocol which all implementations MUST support. Then
we will describe several optional optimizations to reduce round- we will describe several optional optimizations to reduce round-
trips. trips.
Mechanism messages are communicated using PA-DATA elements within the Mechanism messages are communicated using PA-DATA elements within the
padata field of KDC-REQ messages or within the METHOD-DATA in the padata field of KDC-REQ messages or within the METHOD-DATA in the
e-data field of KRB-ERROR messages. All PA-DATA elements for this e-data field of KRB-ERROR messages. All PA-DATA elements for this
mechanism MUST use the following padata-type: mechanism MUST use the following padata-type:
PA-SPAKE TBD PA-SPAKE 151
The padata-value for all PA-SPAKE PA-DATA values MUST be empty or The padata-value for all PA-SPAKE PA-DATA values MUST be empty or
contain a DER encoding for the ASN.1 type PA-SPAKE. contain a DER encoding for the ASN.1 type PA-SPAKE.
PA-SPAKE ::= CHOICE { PA-SPAKE ::= CHOICE {
support [0] SPAKESupport, support [0] SPAKESupport,
challenge [1] SPAKEChallenge, challenge [1] SPAKEChallenge,
response [2] SPAKEResponse, response [2] SPAKEResponse,
encdata [3] EncryptedData, encdata [3] EncryptedData,
... ...
skipping to change at page 17, line 44 skipping to change at page 17, line 44
11. Assigned Constants 11. Assigned Constants
The following key usage values are assigned for this mechanism: The following key usage values are assigned for this mechanism:
KEY_USAGE_SPAKE_TRANSCRIPT 65 KEY_USAGE_SPAKE_TRANSCRIPT 65
KEY_USAGE_SPAKE_FACTOR 66 KEY_USAGE_SPAKE_FACTOR 66
12. IANA Considerations 12. IANA Considerations
IANA has assigned the following number for PA-SPAKE in the "Pre-
authentication and Typed Data" registry:
+----------+-------+-----------------+
| Type | Value | Reference |
+----------+-------+-----------------+
| PA-SPAKE | 151 | [this document] |
+----------+-------+-----------------+
The notes for the "Kerberos Checksum Type Numbers" registry should be The notes for the "Kerberos Checksum Type Numbers" registry should be
updated with the following addition: "If the checksum algorithm is updated with the following addition: "If the checksum algorithm is
non-deterministic, see [this document] Section 4." non-deterministic, see [this document] Section 4."
This document establishes two registries with the following This document establishes two registries with the following
procedure, in accordance with [RFC5226]: procedure, in accordance with [RFC5226]:
Registry entries are to be evaluated using the Specification Required Registry entries are to be evaluated using the Specification Required
method. All specifications must be be published prior to entry method. All specifications must be be published prior to entry
inclusion in the registry. There will be a three-week review period inclusion in the registry. There will be a three-week review period
 End of changes. 9 change blocks. 
9 lines changed or deleted 18 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/