Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Freshness Extension
draft-ietf-kitten-pkinit-freshness-07

Document Type Active Internet-Draft (kitten WG)
Last updated 2016-12-23 (latest revision 2016-05-23)
Stream IETF
Intended RFC status Proposed Standard
Formats plain text pdf xml html bibtex
Reviews
Stream WG state Submitted to IESG for Publication
Document shepherd Matt Rogers
Shepherd write-up Show (last changed 2016-10-18)
IESG IESG state RFC Ed Queue
Consensus Boilerplate Yes
Telechat date
Responsible AD Stephen Farrell
Send notices to mrogers@redhat.com
IANA IANA review state IANA OK - Actions Needed
IANA action state RFC-Ed-Ack
RFC Editor RFC Editor state EDIT
Kitten Working Group                                       M. Short, Ed.
Internet-Draft                                                  S. Moore
Intended status: Standards Track                               P. Miller
Expires: November 24, 2016                         Microsoft Corporation
                                                            May 23, 2016

Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)
                          Freshness Extension
                 draft-ietf-kitten-pkinit-freshness-07

Abstract

   This document describes how to further extend the Public Key
   Cryptography for Initial Authentication in Kerberos (PKINIT)
   extension [RFC4556] to exchange an opaque data blob that a KDC can
   validate to ensure that the client is currently in possession of the
   private key during a PKINIT AS exchange.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on November 24, 2016.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of

Short, et al.           Expires November 24, 2016               [Page 1]
Internet-Draft              PKINIT Freshness                    May 2016

   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Kerberos message flow using KRB_AS_REQ without pre-
           authentication  . . . . . . . . . . . . . . . . . . . . .   3
     1.2.  Requirements Language . . . . . . . . . . . . . . . . . .   3
   2.  Message Exchanges . . . . . . . . . . . . . . . . . . . . . .   3
     2.1.  Generation of KRB_AS_REQ Message  . . . . . . . . . . . .   4
     2.2.  Generation of KRB_ERROR Message . . . . . . . . . . . . .   4
     2.3.  Generation of KRB_AS_REQ Message  . . . . . . . . . . . .   4
     2.4.  Receipt of KRB_AS_REQ Message . . . . . . . . . . . . . .   4
     2.5.  Receipt of second KRB_ERROR Message . . . . . . . . . . .   5
   3.  PreAuthentication Data Types  . . . . . . . . . . . . . . . .   5
   4.  Extended PKAuthenticator  . . . . . . . . . . . . . . . . . .   5
   5.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   6
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
   8.  Interoperability Considerations . . . . . . . . . . . . . . .   7
   9.  Normative References  . . . . . . . . . . . . . . . . . . . .   7
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   8

1.  Introduction

   The Kerberos PKINIT extension [RFC4556] defines two schemes for using
   asymmetric cryptography in a Kerberos preauthenticator.  One uses
   Diffie-Hellman key exchange and the other depends on public key
   encryption.  The public key encryption scheme is less commonly used
   for two reasons:

   o  Elliptic Curve Cryptography (ECC) Support for PKINIT [RFC5349]
      only specified Elliptic Curve Diffie-Hellman (ECDH) key agreement,
      so it cannot be used for public key encryption.

   o  Public key encryption requires certificates with an encryption
      key, that is not deployed on many existing smart cards.

   In the Diffie-Hellman exchange, the client uses its private key only
   to sign the AuthPack structure (specified in Section 3.2.1 of
   [RFC4556]), that is performed before any traffic is sent to the KDC.
   Thus a client can generate requests with future times in the
   PKAuthenticator, and then send those requests at those future times.
   Unless the time is outside the validity period of the client's
Show full document text