Skip to main content

Last Call Review of draft-ietf-kitten-pkinit-freshness-07

Request Review of draft-ietf-kitten-pkinit-freshness
Requested revision No specific revision (document currently at 07)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2016-11-03
Requested 2016-10-22
Authors Michiko Short , Seth Moore , Paul Miller
I-D last updated 2016-12-12
Completed reviews Genart Last Call review of -07 by Russ Housley
Opsdir Last Call review of -07 by Scott O. Bradner
Assignment Reviewer Scott O. Bradner
State Completed
Request Last Call review on draft-ietf-kitten-pkinit-freshness by Ops Directorate Assigned
Reviewed revision 07
Result Has issues
Completed 2016-12-12
This is an OPS-DIR review of Public Key Cryptography for Initial Authentication
in Kerberos (PKINIT) Freshness Extension

This ID describes PKINT systems that use Diffie-Hellman exchanging information
to prove that the client actually has the correct private key.  This ID plugs a
vulnerability in the PKINT use of Diffie-Hellman.

The client capable of using the new mechanism signals that fact to the server
which can then test to be
 sure the client has the correct private key.

The mechanism described seems simple enough and generally is built on
mechanisms already present in the PKINT specifications so should be easy to

The added verification feature, by itself, presents no operational issues -
anything that plugs vulnerabilities is to be applauded.

I do see an operational issue that is not covered in the ID.    It might help
to add a section providing guidance in the case where a server operator wants
to require use of the verification feature and a client does not support it. Is
there an error the server can return that a human could use to figure out why
an exchange fails?  In any case, some guidance as to what the server should do
in such a case could be helpful.

If such a situation is to be avoided (configuring a server to require the
feature) then discussing that fact would be useful.