The Unencrypted Form of Kerberos 5 KRB-CRED Message
draft-ietf-krb-wg-clear-text-cred-03

[Ballot discuss]
The security considerations say:
  >
  > The transport MUST also provide confidentiality, integrity, and
  > end to end security.
  >
  This needs to be more clear.  First, the sentences that follow seem
  to indicate that authentication is also required.  Also, I cannot
  find where the ends are specified to go with this MUST statement.

[Ballot discuss]
The security considerations say:
  >
  > The transport MUST also provide confidentiality, integrity, and
  > end to end security.
  >
  This needs to be more clear.  First, the sentences that follow seem
  to indicate that authentication is also required.  Also, I cannot
  find where the ends are specified to go with this MUST statement.

[Ballot discuss]
The security considerations say:
  >
  > The transport MUST also provide confidentiality, integrity, and
  > end to end security.
  >
  This needs to be more clear.  First, the sentences that follow seem
  to indicate that authentication is also required.  Also, I cannot
  find where the ends are specified to go with this MUST statement.

Upon approval of this document, IANA will update the reference for the
following Kerberos Encryption Type Number so that it points to this
document:

0 reserved [RFC-to-be]

http://www.iana.org/assignments/kerberos-parameters

[Ballot discuss]
The security considerations say:
  >
  > The transport MUST also provide confidentiality, integrity, and
  > end to end security.
  >
  This needs to be more clear.  First, the sentences that follow seem
  to indicate that authentication is also required.  Also, I cannot
  find where the ends are specified to go with this MUST statement.

[Ballot discuss]
Maybe I'm missing something obvious, but

  The Kerberos Encryption Type 0 is an invalid value [RFC3961].
  ...
  The encryption type (etype) MUST be specified as 0.
  ....
  The use of encryption type 0 in the
  unencrypted form of the KRB-CRED is not to specify an encryption
  type.  In the context of the KRB-CRED it is a message specific
  indicator to be interpreted as ...

appears to me as an inconsistency. Type 0 was defined as invalid in RFC 3961, but here you define semantics for it, at least int he context of KRB-CRED? Shouldn't you say "... was defined as an invalid value in [RFC3961] but is redefined here in the context of KRB-CRED to stand for ..."?

[Ballot comment]
1. I share the feeling of uneasiness expressed by DBH about putting this document on the standards track. I expect the security experts to ease my concerns.

2. In the IANA considerations section:

The reference for Kerberos encryption type 0 should be updated to
  point to this document.

It would be probably good to mention that this is the Kerberos Encryption Type Numbers in the Kerberos parameters registry. Should not it also say something like 'message not encrypted' instead of 'reserved'?

[Ballot comment]
1. I share the feeling of uneasiness expressed by DBH. I expect the security experts to ease my concerns.

2. In the IANA considerations section:

The reference for Kerberos encryption type 0 should be updated to
  point to this document.

It would be probably good to mention that this is the Kerberos Encryption Type Numbers in the Kerberos parameters registry. Should not it also say something like 'message not encrypted' instead of 'reserved'?

[Ballot comment]
It would be nice if this document included a sentence or two about why the KRB-CRED Message was removed between RFC 1510 and RFC 4510, and why it's important to bring that feature back now. As it is, that history is hidden in the mail archive, so it appears to the naive reader that the KRB-CRED Message is a new feature.

[Ballot comment]
This document does describe how to do something (albeit unsavory) in an interoperable manner, and I can imagine this document being refined with experience, so it is at least plausible to leave on the standards track. And the document does have serious admonitions about how this protocol ought to be used. I share Dave's discomfort, but I think this document has an acceptable level of warning to implementers.

[Ballot comment]
This document does describe how to do something (albeit unsavory) in an interoperable manner, and I can imagine this document being refined with experience, so it is at least plausible to leave on the standards track. And the document does have serious admonitions about how this protocol ought to be used. I share Dave's discomfort, think this document has an acceptable level of warning to implementers.

[Ballot discuss]
I am uncomfortable with this proposal.

As per RFC3365, MUST is for implementers, yet the security of this option depends on statements that the deployer MUST provide adequate protection for the credentials.
I am not rasing a discuss about the possibly inappropriate use of RFC2119 language, but about the potential damage to the Internet via security vulnerabilities.
This specification could create serious security holes, and the protocol cannot fulfill its purpose without security properties it does not provide.

In the wrong hands, the vulnerability of this specific option could introduce cascading vulnerabilities. Any system that depends on the credentials exposed by inadequate protection by the deployer of this option could become vulnerable.
That might presumably include network management systems, routing systems, and so on.
The ramifications of network changes allowed by such a leak could "escape" local control and impact the Internet.
So I'm a bit concerned that we are publishing such a standard.

There is no language indicating that an **implementation MUST** somehow verify that it is only used with appropriate security (and I realize that coudl be a termedously difficult engineering proposition). The protocol spec in this document does nothing to ensure the strong security required by BCP 61 (which seems to represent a solid IETF community consensus).

If the purpose is to document existing practice, maybe this should be published as Informational rather than standards-track, with the IETF recommendation that this SHOULD NOT be used due to the high risk associated with inadequate protection. Do we really want to publish a standards-track document whose abstract says this is desirable?

I note that Stephen Farrel balloted Yes, Sam Hartman is the document shepherd, and Jeff Hutzelman was a contributor and all presumably support this option being published. But it still makes me uncomfortable.

State changed to In Last Call from Last Call Requested.

The following Last Call Announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Subject: Last Call:  (The Unencrypted Form Of Kerberos 5 KRB-CRED Message) to Proposed Standard


The IESG has received a request from the Kerberos WG (krb-wg) to consider
the following document:
- 'The Unencrypted Form Of Kerberos 5 KRB-CRED Message'
  as a Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2011-08-12. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  The Kerberos 5 KRB-CRED message is used to transfer Kerberos
  credentials between applications.  When used with a secure transport
  the unencrypted form of the KRB-CRED message may be desirable.  This
  document describes the unencrypted form of the KRB-CRED message.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-krb-wg-clear-text-cred/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-krb-wg-clear-text-cred/


No IPR declarations have been submitted directly on this I-D.

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated September 17, 2008.

(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the
document and, in particular, does he or she believe this
version is ready for forwarding to the IESG for publication?

Sam hartman; yes.

(1.b) Has the document had adequate review both from key WG members
and from key non-WG members? Does the Document Shepherd have
any concerns about the depth or breadth of the reviews that
have been performed?

yes

(1.c) Does the Document Shepherd have concerns that the document
needs more review from a particular or broader perspective,
e.g., security, operational complexity, someone familiar with
AAA, internationalization or XML?
no

(1.d) Does the Document Shepherd have any specific concerns or
issues with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he
or she is uncomfortable with certain parts of the document, or
has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated
that it still wishes to advance the document, detail those
concerns here. Has an IPR disclosure related to this document
been filed? If so, please include a reference to the
disclosure and summarize the WG discussion and conclusion on
this issue.
no concerns

(1.e) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with
others being silent, or does the WG as a whole understand and
agree with it?

When this work was originally proposed, it was out of charter for the
working group. There was strong support for the work, although for
reasons unclear to the chairs, several WG participants wanted to see
the work go forward as a WG draft even though that meant
rechartering, rather than going forward immediately as an
AD-sponsored proposed standard. The author updated the draft based
on the discussion, the WG was rechartered and the document was
adopted and last called. Two individuals expressed support in last
call; no other comments were made. This plus the strong support
expressed prior to adoption suggests a fairly strong consensus.

(1.f) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in
separate email messages to the Responsible Area Director. (It
should be in a separate email because this questionnaire is
entered into the ID Tracker.)
no

(1.g) Has the Document Shepherd personally verified that the
document satisfies all ID nits? (See the Internet-Drafts Checklist
and http://tools.ietf.org/tools/idnits/). Boilerplate checks are
not enough; this check needs to be thorough. Has the document
met all formal review criteria it needs to, such as the MIB
Doctor, media type and URI type reviews?

I've reviewed, yes. Looks good. There are some typos and usage
errors. I've asked for some editorial corrections if a new version
is required later in the process. However, this is well within the
sort of thing the rfc-editor routinely corrects and I believe the
technical content is clear now and will remain clear if the rfc
editor corrects these issues. So, if we need another version
editorial fixes before rfc-editor would be good, but they are not
blocking.


(1.h) Has the document split its references into normative and
informative? Are there normative references to documents that
are not ready for advancement or are otherwise in an unclear
state? If such normative references exist, what is the
strategy for their completion? Are there normative references
that are downward references, as described in [RFC3967]? If
so, list these downward references to support the Area
Director in the Last Call procedure for them [RFC3967].

The references are split. There are a couple of normative references
that probably could be informative, but none of them are downward
references or references to IDs so I don't see a point in being
ultra picky about this.

(1.i) Has the Document Shepherd verified that the document IANA
consideration section exists and is consistent with the body
of the document? If the document specifies protocol
extensions, are reservations requested in appropriate IANA
registries? Are the IANA registries clearly identified? If
the document creates a new registry, does it define the
proposed initial contents of the registry and an allocation
procedure for future registrations? Does it suggest a
reasonable name for the new registry? See [RFC5226]. If the
document describes an Expert Review process has Shepherd
conferred with the Responsible Area Director so that the IESG
can appoint the needed Expert during the IESG Evaluation?

The document accurately states no IANA actions. No new message types
are introduces; this document simply describes additional semantics
for an existing message.


(1.j) Has the Document Shepherd verified that sections of the
document that are written in a formal language, such as XML
code, BNF rules, MIB definitions, etc., validate correctly in
an automated checker?

NA

(1.k) The IESG approval announcement includes a Document
Announcement Write-Up. Please provide such a Document
Announcement Write-Up? Recent examples can be found in the
"Action" announcements for approved documents. The approval
announcement contains the following sections:

Technical Summary
The Kerberos 5 KRB-CRED message is used to transfer Kerberos
credentials between applications. When used with a secure transport
the unencrypted form of the KRB-CRED message may be desirable. This
document describes the unencrypted form of the KRB-CRED message.




Working Group Summary

The Kerberos Working group had consensus to publish this document as a
proposed standard.

Document Quality

The OASIS Security Services TC received a request for a mechanism to
transport a Kerberos ticket and associated credential information in
the Security Assertion Markup Language. This will be transported over
a confidentiality and integrity protected channel. The intent is for a
SAML IDP to be able to permit a SAML service to use Kerberos acting on
behalf of some subject. As such, the service may have no existing
Kerberos keying material but will have SAML keying material. As an
implementation accident, at least three Kerberos implementations
already had a facility for transporting Kerberos credentials without a
key. Previously this was thought to be an unneeded facility that at
best was yet another corner case to test. This document standardizes
that already widely implemented facility because it happened to meet
the needs of the WG in this area.