draft-ietf-kitten-krb5-gssapi-prf-03.txt   draft-ietf-kitten-krb5-gssapi-prf-04.txt 
NETWORK WORKING GROUP N. Williams NETWORK WORKING GROUP N. Williams
Internet-Draft Sun Internet-Draft Sun
Expires: November 13, 2005 May 12, 2005 Expires: December 15, 2005 June 13, 2005
A PRF for the Kerberos V GSS-API Mechanism A PRF for the Kerberos V GSS-API Mechanism
draft-ietf-kitten-krb5-gssapi-prf-03.txt draft-ietf-kitten-krb5-gssapi-prf-04.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 32 skipping to change at page 1, line 33
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on November 13, 2005. This Internet-Draft will expire on December 15, 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2005).
Abstract Abstract
This document defines the Pseudo-Random Function (PRF) for the This document defines the Pseudo-Random Function (PRF) for the
Kerberos V mechanism for the Generic Security Service Application Kerberos V mechanism for the Generic Security Service Application
Programming Interface (GSS-API), based on the PRF defined for the Programming Interface (GSS-API), based on the PRF defined for the
Kerberos V cryptographic framework, for keying application protocols Kerberos V cryptographic framework, for keying application protocols
given an established Kerberos V GSS-API security context. given an established Kerberos V GSS-API security context.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1 Conventions used in this document . . . . . . . . . . . . . . 3 1.1 Conventions used in this document . . . . . . . . . . . . . . 3
2. Kerberos V GSS Mechanism PRF . . . . . . . . . . . . . . . . . 3 2. Kerberos V GSS Mechanism PRF . . . . . . . . . . . . . . . . . 3
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4
5. Normative References . . . . . . . . . . . . . . . . . . . . . 5 5. Normative References . . . . . . . . . . . . . . . . . . . . . 4
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 5 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 5
Intellectual Property and Copyright Statements . . . . . . . . 6 Intellectual Property and Copyright Statements . . . . . . . . 6
1. Introduction 1. Introduction
This document specifies the Kerberos V GSS-API mechanism's pseudo- This document specifies the Kerberos V GSS-API mechanism's pseudo-
random function corresponding to [GSS-PRF]. The function is a "PRF+" random function corresponding to [GSS-PRF]. The function is a "PRF+"
style construction. style construction.
1.1 Conventions used in this document 1.1 Conventions used in this document
skipping to change at page 4, line 30 skipping to change at page 4, line 30
Legacy Kerberos V encryption types may be weak, particularly the Legacy Kerberos V encryption types may be weak, particularly the
single-DES encryption types. single-DES encryption types.
See also [GSS-PRF] for generic security considerations of See also [GSS-PRF] for generic security considerations of
GSS_Pseudo_random(). GSS_Pseudo_random().
See also [RFC3961] for generic security considerations of the See also [RFC3961] for generic security considerations of the
Kerberos V cryptographic framework. Kerberos V cryptographic framework.
Care should be taken not to exceed the useful lifetime of an
established security context's session key's useful lifetime as
implementations are not required to prevent overuse of the
GSS_Pseudo_random() function. This can effectively be achieved by
limiting the number of GSS_Pseudo_random() calls to, say, a handful
of calls per-security context.
Use of Ticket session keys, rather than sub-session keys, when Use of Ticket session keys, rather than sub-session keys, when
initiators and acceptors fail to assert sub-session keys, is initiators and acceptors fail to assert sub-session keys, is
dangerous as ticket reuse can lead to key reuse, therefore initiators dangerous as ticket reuse can lead to key reuse, therefore initiators
should assert sub-session keys always, and acceptors should assert should assert sub-session keys always, and acceptors should assert
sub-session keys at least when initiators fail to do so.. sub-session keys at least when initiators fail to do so..
The computational cost of computing this PRF+ may vary depending on The computational cost of computing this PRF+ may vary depending on
the Kerberos V encryption types being used, but generally the the Kerberos V encryption types being used, but generally the
computation of this PRF+ gets more expensive as the input and output computation of this PRF+ gets more expensive as the input and output
octet string lengths grow (note that the use of a counter in the PRF+ octet string lengths grow (note that the use of a counter in the PRF+
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/