RFR 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine
Xuelei Fan
xuelei.fan at oracle.com
Wed Oct 22 10:56:38 UTC 2014
Thanks for the valuable input, Henry and Nico!
JSSE had supported RFC2712 for a few years. We are trying to move the
implementation of RFC2712 into the Krb5 module of JDK.
The input is valuable to me to follow the trend of TLS/Kerberos. Is
there a draft proposal for the new use of Kerberos in TLS? I think we
can benefits from the new ideas while doing the moving.
Thanks & Regards,
Xuelei
On 10/22/2014 5:09 AM, Nico Williams wrote:
> [Adding Roland and Viktor to the cc list. I'm not quoting anything,
> but it's roughly this: there's interest in implementing RFC2712, which
> is Kerberos in TLS. Hank is inviting me to state my opinion; see
> below.]
>
> RFC2712 is to be burned. Please do not implement. We should either
> add a different extension to TLS to use Kerberos (or GSS), or simply
> not try this.
>
> There are at least two major problems with RFC2712:
>
> - ciphersuite impedance mistmatches:
>
> The way this should have worked is that the Kerberos [sub-]session
> key should have been used to key any TLS PSK ciphersuite. But instead
> we have a TLS ciphersuite per-Kerberos enctype, and... that list
> hasn't kept up with the times, so there's no AES ones. Oops.
>
> - RFC2712 does NOT use the AP-REQ PDU. It violates the interfaces
> provided by RFC1510 (later RFC4120). This is bad in many ways, and
> you'll notice if you try to implement it.
>
> As for JGSS and Java Kerberos, there are many other bugs/RFEs I'd
> rather see fixed/implemented there before anything like RFC2712.
>
> Nico
> --
>
More information about the security-dev
mailing list