Leif, On 01/04/2011, at 12:55 AM, Leif Johansson wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > >> Yes, this is (more or less) what we're proposing. If you want to see an >> possible approach I tried, you can see the tlv-mic branch of Moonshot. > > Luke can I get you to formulate that approach in English for those of > us who do not track moonshot code. When the initiator has sent its last token, it calls GSS_GetMIC on the entire conversation (including the last leg excepting the MIC). The MIC is sent in a TLV-tagged token along with other extension tokens (currently only one is defined for the initiator, containing GSS channel binding information). The acceptor verifies the initiator MIC and then, in its last leg, calls GSS_GetMIC on the entire conversation (including both last legs, excepting the acceptor MIC) and sends it in an extension token to the initiator. The initiator verifies the acceptor MIC before returning GSS_S_COMPLETE. (It is true that this approach does require the client and server to maintain the entire conversation state.) With respect to communicating the mutual authentication state, a new TLV token type is defined containing a 32-bit integer in network byte order, which consists of req_flags as passed to GSS_Init_sec_context. These flags are masked by, currently, GSS_C_MUTUAL_FLAG before encoding. Other flags may be allowed in the future; at this stage we do not wish to reveal in plaintext anything more than the mutual authentication state. Once the acceptor returns GSS_S_COMPLETE, it will set the received mutual authentication state in ret_flags. -- Luke _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
