CURRENT_MEETING_REPORT_
Reported by John Linn/Geer Zolot Associates and Sam Sjogren/TGV
Minutes of the Common Authentication Technology Working Group (CAT)
The Common Authentication Technology Working Group (CAT) met for two
sessions at the Columbus IETF. The primary Agenda item was integration
of security features into FTP, a topic for which Sam Sjogren is acting
as task leader and on which Steve Lunt has generated a working document
which will shortly be released as an Internet-Draft. Additional
discussion topics were the advancement status of currently active CAT
Internet-Drafts (GSS-API, GSS-API C bindings, and Kerberos V5), and a
working proposal by Ted Ts'o for a CATS stream-oriented protocol overlay
to be used in conjunction with GSS-API.
Status Of Specifications
The CAT Internet-Drafts have been pending administrative action for some
time, and an action plan was evolved for their advancement
recommendation. An updated Kerberos V5 specification was produced by
Cliff Neuman; comments received from its review list by April 10th will
be reflected in an Internet-Draft to be issued by April 17th. Primary
late-breaking changes include added detail on an encrypted timestamp
preauthentication type, and a new message type for credential exchange
when proxies are being provided to an end server.
Concurrently with the Kerberos specification review, an advancement memo
will be prepared for the set of Internet-Drafts (GSS-API, GSS-API C
bindings, Kerberos V5). Intended follow-on documents will include a CAT
mechanism definition (with token format) based on Kerberos V5. It was
determined that use of the mechanism tagging recommended in GSS-API
Appendix B should be adopted as mandatory, and message stream facilities
were strongly desired within GSS-API mechanisms in order to satisfy FTP
functional and integration requirements; a new appendix to the GSS-API
specification has been drafted and distributed to the CAT mailing list
codifying the results of this discussion.
CATS Stream Protocol
The CATS proposal, presented by Ted Ts'o, was engendered by a desire to
provide prospective protocol integrators with a subprotocol
specification for security, along with a stream-oriented API. An
explicit CATS goal is that it be implementable quickly and without
kernel modifications (unlike, e.g., IP- level security). CATS presents
an alternative, generic form for protocol integration, contrasting with
the protocol-specific integration being employed in Telnet options and
FTP commands. Submission of a revised CATS specification as an
Internet-Draft is planned.
In evolving CATS, Ted observed that the status of the tagging scheme in
GSS- API Appendix B as a recommendation to mechanism designers led to
1
�
undesirable ambiguity, and suggested making it mandatory; this
suggestion was adopted and would be integrated into the Kerberos V5
implementation. Among other discussion, it was suggested that the CATS
protocol be extended in order to exchange preamble tokens in advance of
context establishment for mechanism type negotiation, and this prospect
will be examined.
FTP Security
Sam Sjogren began the FTP part of the meeting by describing the goals
for the FTP security work, as initiated at a BOF during the previous
IETF and to be continued under the CAT Working Group framework. Support
for authentication, as well as integrity verification and privacy, via
any of a number of different mechanisms will be provided by this work.
Steve Lunt presented his proposal for extensions to the FTP protocol
(additional commands) to implement the security goals; he intends to
make an FTP security implementation publicly available. An overhead
presentation supplemented the draft that had previously been posted to
the Group's mailing list. Lively discussion occurred during and after
this presentation, to the point that an additional evening meeting was
scheduled to continue the discussions. The resulting FTP security
discussions were quite fruitful, both in terms of providing feedback for
improving the draft proposal for FTP as well as fine tuning the GSS-API
requirements and specifications. It was decided that the case of a
three-party FTP interaction is sufficiently complex and rarely enough
used that specification of how to do it securely will be deferred,
probably to a separate document to be produced later.
Once peer entity authentication has been completed (and a session key is
available), the proposed FTP security approach protects all subsequent
FTP commands for at least integrity (encapsulation of base-64 encoding
of gss_seal() output within MIC command), and optionally for
confidentiality as well as integrity (encapsulation within ENC command,
gss_seal() conf_flag TRUE). It was observed that underlying GSS-API
mechanisms must represent and protect the conf_avail flag value and
other service availability indicators within their tokens to prevent
active attacks; the to-be-written ``Kerberos Vn for GSS-API'' and other
mechanism design documents will describe how this protection is
provided. (These indicator protection requirements apply independently
of whether GSS-API is employed.) To protect against active attackers
corrupting a data or control stream by changing the order of data or
commands in the stream, protection via sequence numbers or some other
such technique must be provided by the FTP security standard or the
underlying mechanisms.
Given that the FTP control connection is a Telnet stream, questions
arose about the rationale for not using the Telnet authentication option
as an approach for FTP. Steve cited two reasons: (1) because the Host
Requirements RFC precludes use of Telnet options on the FTP control
connection, and (2) because of a desire to provide data integrity, which
Telnet security does not offer.
2
�
There was discussion of the fact that no facility was exposed at the
level of the FTP security commands for negotiating the type and strength
of cryptography to be used for data protection. However, it was
recognized that such features can exist within underlying mechanisms yet
remain transparent at the level of FTP. The ordering of USER and AUTH
commands will be made such that an FTP server may make a decision on
what authentication and encryption mechanisms are acceptable based on
who the user is.
Kerberos ticket granularity and naming issues were discussed. For
Kerberos V4, the form of a target FTP server's name should be
``ftp.<simple-host>'', and for Kerberos V5,
``ftp/<domain-qualified-host>''. It was noted that use of different
target names for different server processes within a host is not
primarily an access control measure, but does permit the servers to run
in different protection domains (as might be desirable for an FTP server
available to casual remote users).
Areas to be revised in the FTP draft based on discussion include:
o Additional discussion of requirements.
o Approach for transfer of arbitrarily long tokens from client to
server.
o Alignment of base-64 encoding technique with RFC1421.
o Statements regarding mechanism negotiation (including a statement
that an FTP server may refuse to accept anything less than suitably
strong authentication).
o Further work on the data stream protection approach.
Attendees
Steve Alexander stevea@lachman.com
John Campbell jrcamp@nosc.mil
William Chung whchung@watson.ibm.com
Stephen Crocker crocker@tis.com
Dave Cullerot cullerot@ctron.com
Antonio Fernandez afa@thumper.bellcore.com
James Galvin galvin@tis.com
Jisoo Geiter geiter@mitre.org
Richard Graveman rfg@ctt.bellcore.com
Frank Kastenholz kasten@ftp.com
David Katinsky dmk@pilot.njin.net
Charles Kaufman kaufman@zk3.dec.com
Stephen Kent kent@bbn.com
Zbigniew Kielczewski zbig@eicon.qc.ca
Andrew Knutsen andrewk@sco.com
3
�
Paul Lambert paul_lambert@email.mot.com
John Linn linn@gza.com
James Mahon mahonj@honfsi1.att.com
Cynthia Martin martin@spica.disa.mil
Evan McGinnis bem@3com.com
P.V. McMahon p.v.mcmahon@rea0803.wins.icl.co.uk
Bob Morgan morgan@networking.stanford.edu
Clifford Neuman bcn@isi.edu
Emmanuel Pasetes ekp@enlil.premenos.sf.ca.us
Christopher Provenzano proven@csi.compuserve.com
Steven Richardson sjr@merit.edu
April Richstein amr@tycho.ncsc.mil
Shawn Routhier sar@epilogue.com
Jeffrey Schiller jis@mit.edu
Wolfgang Schneider schneider@gmd.de
Sam Sjogren sjogren@tgv.com
Stuart Stanley stuarts@apertus.com
Bob Stewart rlstewart@eng.xyplex.com
Stuart Stubblebine stubblebine@isi.edu
Louisa Thomson louisa@whitney.hac.com
Klaus Truoel truoel@gmd.de
Theodore Ts'o tytso@mit.edu
James Weatherford weatherf@nosc.mil
Peter Wilson peter_wilson@3com.com
4