On Fri, 21 Feb 2014, Michael Meffie wrote:
On Wed, 19 Feb 2014 16:23:36 -0500
Benjamin Kaduk <[email protected]> wrote:
Hi all,
The core rxgk document (which just had a last call period) has a normative
reference to RFC 4402 for the PRF+ construction, which is an algorithm to
get variable-length pseudo-random bytestrings from the RFC 3961 enctype's
pseudo_random() function. The construction is basically just to invoke
the underlying pseudo_random() function in counter mode.
However, there is an erratum [1] filed against RFC 4402, which notes that
the implementors of that specification for krb5 gss_pseudo_random()
started the counter at 0, even though the text of RFC 4402 mandates that
the counter start at 1.
Because of this ambiguity about what value the counter starts at, in order
to ensure interoperability of rxgk implementations, we should note/clarify
what behavior rxgk expects. It's probably easiest to do this by noting
directly in the document, i.e., issue a new I-D with just this change.
It's my understanding that if we have agreement on the list for the
clarification, no additional last call period is necessary.
Thanks Ben,
So if I understand; This is not a change (or errata), but a clarification?
The clarification is to say the RFC 4402 mandate of starting the counter
at 1 is correct for afs3-rxgk (even though other impementations of 4402
start at 0)?
That's my thinking, yes.
Can you suggest the correct wording?
My current proposal is to apply this patch (a4d36684 on my github):
epoch || cid || start_time || key_number))
</artwork>
</figure>
+ <t>[[The PRF+ function defined in RFC 4402 specifies that the values
+ of the counter 'n' should begin at 1, for T1, T2, ... Tn.
+ However, implementations of that PRF+ function for the
+ gss_pseudo_random() implementation for the krb5 mechanism have
+ disregarded that specification and started the counter 'n' from 0.
+ Since there is no interoperability concern between krb5
+ gss_pseudo_random() and rxgk key derivation, implementations of
+ the RFC 4402 PRF+ function for rxgk key derivation should use the
+ RFC 4402 version as specified, that is, with the counter 'n'
beginning
+ at 1.]]</t>
<t>L is the key generation seed length as specified in the RFC3961
profile.</t>
<t>epoch, cid and key_number are passed as 32 bit quantities;
start_time
-Ben
_______________________________________________
AFS3-standardization mailing list
[email protected]
http://lists.openafs.org/mailman/listinfo/afs3-standardization
