On Jun 4, 2007, at 9:36 PM, Nicolas Williams wrote: > On Mon, Jun 04, 2007 at 04:48:25PM -0700, Henry B. Hotz wrote: >> If I had my way, any vendor would need to convince me that they have >> solved the KDC robustness problem. I have a hard time imagining a > > The OTP robustness problem, you mean.
Same thing if you build the OTP into the KDC. I'm not personally interested in OTP that doesn't get you a Kerberos ticket. >> vendor being able to make money solving this problem unless the >> market was bigger than just Kerberos servers. > > Sun doesn't sell an OTP solution. Sun might include pluggable OTP > support in its KDC, but it wouldn't be Sun's job to see to it that a > third party OTP implementation is robust. > > In any case, the real problem is that OTPs are cool, but they > typically > aren't key generating. If they were then it'd be a lot easier to use > them in network protocols. > >> I'm not sure I know how to solve the problem. The solution would >> need a really robust sync service like UBIK, but fast enough that it >> never times out a traditional kinit, even with multiple, >> transcontinental kdc's. > > If I could get away with it I'd make the OTP tokens key generating and > I'd have an authentication protocol based on the OTP key that uses > nonces, challenges and server instance names to keep the protocol > messages non-replayable. But guess what: OTPs generally aren't key > generating and we don't manufacture OTPs. (Well, I suppose we could > write a J2ME applet that works the way I'd want it to and customers > could run it on their cell phones, but I'm not sure that that would > be a > realistic deployment scenario -- folks like tamper resistant tokens.) Could make some unique serial number and other hardware-instance- unique info part of the input to the OTP so you get a different output if you move the software. That's how RSA does their soft tokens AFAIK. >> Is it worth bringing this up on the IETF list? > > Maybe. There is an Internet OTP, after all. You mean RFC2289? AFAIK it doesn't address the robustness issue I mentioned, though it probably mentions the problem somewhere. At least the SASL mech that uses it makes mention of the problem. > Nico > -- ------------------------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
