help-shishi
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Shishi and certificates

From: Simon Josefsson
Subject: Re: Shishi and certificates
Date: Thu, 30 Nov 2006 15:30:31 +0100
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.91 (gnu/linux) 
Alberto Fondi <address@hidden> writes:

> Simon Josefsson ha scritto:
>> Alberto Fondi <address@hidden> writes:
>>
>>   
>>> Hi,
>>>
>>>    we have proved shishi in our organization and, even if it is in
>>> development, it seems to be a very good program. In particular my
>>> chief very like the features about authentication codified with
>>> certificates. However we want to ask if it could be possibile and if
>>> it is in program an authentication directly through certificates,
>>> where the user autenticates himself without providing a password, but
>>> using only his certificate.
>>>     
>>
>> Hi Alberto!  That is currently not possible, but what you describe is
>> exactly what the goal here is.  It should be possible to use X.509
>> client certificates or OpenPGP keys to get a Kerberos ticket.  I hope
>> to be able to work on this in the winter.  It is not much work
>> required to make this work, I expect a few weeks of development work
>> for me including documentation and testing etc.
>>
>> Essentially what is missing is that the user database Shisa map a
>> X.509 certificates or OpenPGP keys to a Kerberos principal, and that
>> shishid use that information and send the AP-REP using NULL encryption
>> in the TLS authenticated channel.
>>
>> Btw, let me know if you run into any problem or feel the documentation
>> is unclear somehow.  You are one of the earliest users, so all
>> feedback is very valuable.
>>
>> /Simon
>>
>>   
> Thank you Simon, but i have another question about your response:
>
> you speak about a NULL encryption, but what about using the same
> protocol kerberos uses with encryption, within a TLS authenticated
> channel ?

First, let me clarify my proposal: Shishi clients open a TLS
connection to the Shishi KDC, client-authenticated with X.509 or
OpenPGP, and then sends the AP-REQ inside the TLS channel to shishid.

If the client certificate/key map to a Kerberos principal, shishid
will send the proper AP-REP back using Kerberos NULL encryption inside
the encrypted TLS channel.

Using Kerberos encryption inside the TLS channel too would be
possible, but the question is which encryption key to use.  If you use
the long-term key of the client, the client will need the password to
decrypt it...  One alternative is to use the TLS PRF to derive a
session-key which is used to encrypt the AP-REQ.

> It will be more secure, isn't it ?

With my scheme above, I don't think so.  The attacker need to break
TLS in order to read your NULL encrypted response.  If he can break
TLS, he can probably generate any encryption keys using the TLS PRF
too, and then any additional Kerberos encryption is useless.

/Simon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]