SPAKE Pre-Authentication
draft-ietf-kitten-krb-spake-preauth-10

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-kitten-krb-spake-preauth-07. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator has a question about one of the actions requested in the IANA Considerations section of this document.

The IANA Functions Operator understands that, upon approval of this document, there are three actions which we must complete.

First, in the Pre-authentication and Typed Data registry on the Kerberos Parameters registry page located at:

https://www.iana.org/assignments/kerberos-parameters/

the existing registration for:

Type: 151
Name: PA-SPAKE
Reference: [draft-ietf-kitten-krb-spake-preauth]

will have its reference changed to [ RFC-to-be ].

Second, a new registry is to be created called the Kerberos Second Factor Types registry.

IANA Question --> This document says that 'All specifications must be published prior to entry inclusion in the registry.' Does an I-D count as a published specification, or is the intention that an I-D must be published as an RFC before an assignment can be made?

For documents produced by other organizations, does making the document available online in any form count as publication?

IANA Question --> Where should this new registry be located? Does it belong on the Kerberos Parameters registry page located at:

https://www.iana.org/assignments/kerberos-parameters/

or, should it be added to another existing registry page? If not, does it belong in an existing category at http://www.iana.org/protocols?

The new registry will be managed via Specification Required as defined in RFC8126.

There is a single, initial registration in the new registry as follows:

ID Number Name Reference
------------------------------+-----------------+------------
-2147483648 to -1 Reserved for Private and/or Experimental Use
0 Reserved
1 SF-NONE [ RFC-to-be ]
2 to 2147483647 Unassigned

Third, a new registry is to be created called the Kerveros SPAKE Groups registry.

IANA Question --> Where should this new registry be located? Does it belong on the Kerberos Parameters registry page located at:

https://www.iana.org/assignments/kerberos-parameters/

or, should it be added to another existing registry page? If not, does it belong in an existing category at http://www.iana.org/protocols?

The new registry will be managed via Specification Required as defined in RFC8126.

The registry has values between -2147483648 to 2147483647, inclusive. Value 0 is reserved. There are four initial registrations in the new registry as follows:

ID Number: 1
Name: edwards25519
Specification: Section 4.1 of [RFC7748] (edwards25519)
Serialization: Section 3.1 of [RFC8032]
Multiplier Length: 32
Multiplier Conversion: Section 3.1 of [RFC8032]
SPAKE M Constant:
d048032c6ea0b6d697ddc2e86bda85a33adac920f1bf18e1b0c6d166a5cecdaf
SPAKE N Constant:
d3bfb518f44f3430f29d0c92af503865a1ed3281dc69b35dd868ba85f886c4ab
Hash function: SHA-256 ([RFC6234])


ID Number: 2
Name: P-256
Specification: Section 2.4.2 of [SEC2]
Serialization: Section 2.3.3 of [SEC1] (compressed format)
Multiplier Length: 32
Multiplier Conversion: Section 2.3.8 of [SEC1]
SPAKE M Constant:
02886e2f97ace46e55ba9dd7242579f2993b64e16ef3dcab95afd497333d8fa12f
SPAKE N Constant:
03d8bbd6c639c62937b04d997f38c3770719c629d7014d49a24b4f98baa1292b49
Hash function: SHA-256 ([RFC6234])


ID Number: 3
Name: P-384
Specification: Section 2.5.1 of [SEC2]
Serialization: Section 2.3.3 of [SEC1] (compressed format)
Multiplier Length: 48
Multiplier Conversion: Section 2.3.8 of [SEC1]
SPAKE M Constant:
030ff0895ae5ebf6187080a82d82b42e2765e3b2f8749c7e05eba3664
34b363d3dc36f15314739074d2eb8613fceec2853
SPAKE N Constant:
02c72cf2e390853a1c1c4ad816a62fd15824f56078918f43f922ca215
18f9c543bb252c5490214cf9aa3f0baab4b665c10
Hash function: SHA-384 ([RFC6234])

ID Number: 4
Name: P-521
Specification: Section 2.6.1 of [SEC2]
Serialization: Section 2.3.3 of [SEC1] (compressed format)
Multiplier Length: 66
Multiplier Conversion: Section 2.3.8 of [SEC1]
SPAKE M Constant:
02003f06f38131b2ba2600791e82488e8d20ab889af753a41806c5db1
8d37d85608cfae06b82e4a72cd744c719193562a653ea1f119eef9356907edc9b5
6979962d7aa
SPAKE N Constant:
0200c7924b9ec017f3094562894336a53c50167ba8c5963876880542b
c669e494b2532d76c5b53dfb349fdf69154b9e0048c58a42e8ed04cef052a3bc34
9d95575cd25
Hash function: SHA-512 ([RFC6234])

IANA Question --> How should the references to the Standards for Efficient Cryptography Group references appear in the registry?

The IANA Functions Operator understands that these are the only actions required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist

The following Last Call announcement was sent out (ends 2020-05-26):

From: The IESG
To: IETF-Announce
CC: kaduk@mit.edu, kitten-chairs@ietf.org, draft-ietf-kitten-krb-spake-preauth@ietf.org, kitten@ietf.org, Nicolas Williams , nico@cryptonector.com
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (SPAKE Pre-Authentication) to Proposed Standard


The IESG has received a request from the Common Authentication Technology
Next Generation WG (kitten) to consider the following document: - 'SPAKE
Pre-Authentication'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2020-05-26. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  This document defines a new pre-authentication mechanism for the
  Kerberos protocol that uses a password authenticated key exchange.
  This document has three goals.  First, increase the security of
  Kerberos pre-authentication exchanges by making offline brute-force
  attacks infeasible.  Second, enable the use of second factor
  authentication without relying on FAST.  This is achieved using the
  existing trust relationship established by the shared first factor.
  Third, make Kerberos pre-authentication more resilient against time
  synchronization errors by removing the need to transfer an encrypted
  timestamp from the client.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-kitten-krb-spake-preauth/



No IPR declarations have been submitted directly on this I-D.

Summary:
Nico Williams is the shepherd, Ben Kaduk is the responsible AD.

This document describes a new "pre-authentication" protocol for Kerberos
V5 [RFC4120], one that uses a zero-knowledge password proof for
authenticating a client principal to a Kerberos Authentication Server
(AS), part of the Kerberos key distribution center (KDC).  Besides
supporting the use of simple passwords, this method also supports second
factors.

Review and Consensus:
The KITTEN WG mailing list has had a number of threads on the topic of
Simple Password Authenticate Key Exchange (SPAKE) for Kerberos, and four
on this particular Internet-Draft.

Recent threads make it clear that this document is ready for
advancement.  Some participants have suggested additional features, but
there is consensus that these can be added as extensions to this
protocol in future updates (the protocol is extensible), or if need be
as a new protocol.

Intellectual Property:
There are no intellectual property disclosures against this document,
and all authors have confirmed compliance with BCPs 78 and 79.

Note:
This draft is targeting Proposed Standard status, and has a normative
down-reference to draft-irtf-cfrg-spake2-06, which draft is targeting
Informational status, and is not yet out of CFRG.

Summary:
Nico Williams is the shepherd, Ben Kaduk is the responsible AD.

This document describes a new "pre-authentication" protocol for Kerberos
V5 [RFC4120], one that uses a zero-knowledge password proof for
authenticating a client principal to a Kerberos Authentication Server
(AS), part of the Kerberos key distribution center (KDC).  Besides
supporting the use of simple passwords, this method also supports second
factors.

Review and Consensus:
The KITTEN WG mailing list has had a number of threads on the topic of
Simple Password Authenticate Key Exchange (SPAKE) for Kerberos, and four
on this particular Internet-Draft.

Recent threads make it clear that this document is ready for
advancement.  Some participants have suggested additional features, but
there is consensus that these can be added as extensions to this
protocol in future updates (the protocol is extensible), or if need be
as a new protocol.

Intellectual Property:
There are no intellectual property disclosures against this document,
and all authors have confirmed compliance with BCPs 78 and 79.

Note:
This draft is targeting Proposed Standard status, and has a normative
down-reference to draft-irtf-cfrg-spake2-06, which draft is targeting
Informational status, and is not yet out of CFRG.