Telechat Review of draft-josefsson-kerberos5-starttls-
|Requested revision||No specific revision (document currently at 09)|
|Team||Security Area Directorate (secdir)|
|I-D last updated||2010-02-02|
Secdir Last Call review of -??
by Magnus Nystrom
Secdir Telechat review of -?? by Magnus Nystrom
This is a follow-up to the review I made back in December on version -07 of this document. Simon has implemented all the changes I proposed (and more!) and I have only one comment on this version, pertaining to the new text in Section 5. I cannot judge the validity of the statement that "Many client environments [presumably the ones that this protocol targets] do not have secure long-term storage, which is required to validate certificates", but assuming this statement is true, then, for clarity, I would suggest changing the 2nd and 3rd paragraph of the section to: " A goal for the protocol described in this memo is that it should be as easy to implement and deploy on clients as support for UDP/TCP. Since many client environments do not have secure long-term storage (and server certificate validation requires some form of long-term storage), the Kerberos V5 STARTTLS protocol does not require clients to verify server certificates. If server certification had been required, then environments with constrained clients such as those mentioned would be forced to disable TLS; this would arguably be worse than TLS without server certificate validation as use of TLS, even without server certificate validation, protects against some attacks that Kerberos V5 over UDP/TCP do not. For example, even without server certificate validation, TLS does protect against passive network sniffing aimed at tracking Kerberos service usage by a given client. Note however that use of TLS without server certificate verification opens up for a range of active attacks such as man-in-the-middle. " Best, -- Magnus