Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Chemist who falls in acid is absorbed in work.


devel / comp.protocols.kerberos / Re: RFC 4121 & acceptor subkey use in MIC token generation

SubjectAuthor
o Re: RFC 4121 & acceptor subkey use in MIC token generationNico Williams

1
Re: RFC 4121 & acceptor subkey use in MIC token generation

<mailman.18.1698265703.2263420.kerberos@mit.edu>

 copy mid

https://www.novabbs.com/devel/article-flat.php?id=394&group=comp.protocols.kerberos#394

 copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: nic...@cryptonector.com (Nico Williams)
Newsgroups: comp.protocols.kerberos
Subject: Re: RFC 4121 & acceptor subkey use in MIC token generation
Date: Wed, 25 Oct 2023 15:28:14 -0500
Organization: TNet Consulting
Lines: 6
Message-ID: <mailman.18.1698265703.2263420.kerberos@mit.edu>
References: <202310241950.39OJoa0Z000708@hedwig.cmf.nrl.navy.mil>
<3db2752e-565e-1f64-b354-9031a2fe9334@mit.edu> <ZTiT0ub2uv5A/b4E@ubby21>
<202310251251.39PCpTqc026799@hedwig.cmf.nrl.navy.mil>
<ZTk62q0DIAZmW0eL@ubby21>
<CALF+FNwtDrQ0d+a=zsXyiYq6rhOiXXkqoxUnscwum0Q0wchLJQ@mail.gmail.com>
<ZTl6Xh517q6d/yBV@ubby21>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="3963"; mail-complaints-to="newsmaster@tnetconsulting.net"
Cc: Ken Hornstein <kenh@cmf.nrl.navy.mil>,
Jonathan Calmels via Kerberos <kerberos@mit.edu>
To: Jeffrey Hutzelman <jhutz@cmu.edu>
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mit.edu;
dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=l0yRJgYi;
dkim=pass (2048-bit key,
unprotected) header.d=cryptonector.com header.i=@cryptonector.com
header.a=rsa-sha256 header.s=dreamhost header.b=pUc3N+r4
ARC-Seal: i=4; a=rsa-sha256; d=mit.edu; s=arc; t=1698265701; cv=pass;
b=veLDnYJUOjp1wSZ5PrIxQfjUEhREEcTa7u4MYBvEPwgk0MnU+Yy+vSuPCNJgyC3yboxnU5PEyGOaMx6Ptzw1Ktx/2uhFNhY6kgY/QkUv3RK8x1o+B0mYc6cWaGduvbYiYeBTvOT7p8B32posso4BMeUIzlKMtwK0iYEPcFyaMkrdqlLt9C0IBd5XQ70iR44ynsPZ4HZ9AweZ/Egy5s8i60I1yuZagk6HvzUV4pBu+SqfN5pEbNSnfdrziNppwKBO0+jBCeqEu/pGaEV3PaT6+EKNzvGucmjOHARR9cd8XAYscrA24BsoQWKq7uIylH5TwrDvb4P9d1Z8PhxjHPQiMg==
ARC-Message-Signature: i=4; a=rsa-sha256; d=mit.edu; s=arc; t=1698265701;
c=relaxed/relaxed; bh=e4UULDXywQ06HwEzqi8GG0L/4uPwgX+tEGsLP/UzPHI=;
h=Date:From:Subject:Message-ID:MIME-Version:Content-Type;
b=aZH9GdVDYdSv6tc6N8dYc/KDmp2wJZJWQWBa48Bzdg8h3gcUeqNf/tCTIGBcI7pjyRFXKdXwDHN70H56cON9cNFw+miDjTWXkriqvgiclymHEP3dUaX0/tzRrwkdWPO+Msn2YdSKO/Vf5JDMtanDpbstPN2F0VImnAcUSzo+ZZMH3wU+2xc39W0ooJsIsgkfezVX5+qvU4u7Cr87mDPhGHg7BJulIOjkVwatG+faV67MqiSAiPFtw0F8uuyglDh/fHkIPtYpCMXzJGxMwMr2dIj4h7/TEiLxDABf6+tS9J8zOAmm45RzOaNTYXQzX6ZnARHDKZT0qmQfqjfl4c2RhA==
ARC-Authentication-Results: i=4; mit.edu; dkim=pass (1024-bit key;
unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=l0yRJgYi;
dkim=pass (2048-bit key;
unprotected) header.d=cryptonector.com header.i=@cryptonector.com
header.a=rsa-sha256 header.s=dreamhost header.b=pUc3N+r4
ARC-Seal: i=3; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=hfai4zgbqY+c+EaVzgHSWjNP908WOuzPZQB7+E6kl7Kt1dBxE73flNOYPT+gDjAWS5E3iNiZFp0C+17Q8uZ1dKQRy2K7RnOg2okPuR797oFcJcNRE5YaV4fE86UB8oUqk9FZmBc7jvGicxCclNV6OUGK08USdJG00laRzfkrrg5tJiVlKtRf3+kqpJxtvvLOfkED0v/xL7ApU68Aul1CdQCbg8bUSR4bGRO3pKf6N4FcIxG4TZhNRytsZQJ6xJIdNWeup+8nyrSgkUUWiUA7JhIQ5NUmRf0FhyMrGWiCPfjWdWjiG87UbILg6visS5Sz6nIm9g+FyJxEfhPi5wSeXQ==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=e4UULDXywQ06HwEzqi8GG0L/4uPwgX+tEGsLP/UzPHI=;
b=Z8tcsndMrpyMcwWFEf+yqYHR/FtQ3sqz2kp6qMNhvHbctRnGRSEGwX0CeXmTx7XmfL+uhrcBkBExZ/CMwa7S5EziP2ySGCFlcTmpMkzzRf/meVWUc6HsIVE8pO/4NBhNgRcTOo4i4vGvdsx32TwYGY7moZGOvcYQxj+/1FzH2pLI1dUsfTm1cwIHYqgPJqsH+PW5Edk9o4j0pQSl+9EUBdF9oC8XdkSrtyjeYuLDpZUHh2K3qUumrDH05Sem6j97tLm1WfBeqHqjJo43jLuZpPATe6yuSKUvLHfVZzpXdCaaD+tHVmGn1thxSFDLM7kTXxbI4nf2gUATcbtDKUYECQ==
ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=pass (sender ip is
23.83.223.167) smtp.rcpttodomain=mit.edu smtp.mailfrom=cryptonector.com;
dmarc=bestguesspass action=none header.from=cryptonector.com; dkim=pass
(signature was verified) header.d=cryptonector.com; arc=pass (0 oda=0 ltdi=0
93)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=e4UULDXywQ06HwEzqi8GG0L/4uPwgX+tEGsLP/UzPHI=;
b=l0yRJgYiahokXfkI874WqfIZdhoaSlJ7wmk+HsC2s9uHdQ9mVavZE6gk/E6ornpntDdsm2IoUHKA/AVmkSu+P2ZKwZC4NjVcNCknDrtQxHtG8jEarARnDnRWNVecCOh2ga+vu5FYMHm+MErqxjKKu/0A89mJGcG6Lfhrt3MH4UY=
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=VqWE0QRRTc6xYcFxc28v5i85Ex3gCN8cKjH/1SyPwyZwY71ISH29fvdh840prd9CBSj5NGHU2U5CA6fARtR1SpWTmPub+/JkvUUjE1rt+a/58SJiDgdxKWyoBBr0fmVCNSuauWRAzJ6HDFgp/sfM3nYk2l/WC+AtzWE42jFI3G6h/6t9YO9oWdrqu868plGJMkTyZ0ex+4phHM7zCoVfKpHnw1YeIYnzr13f3C0soB7Px7Jke90thiv/NZeu9ylhafJcfxmbvHuufGfT8XhdRWA1M9BeLoi/OBOCf9jD6ETLzdWHo3hJLmRTRBS7gZ8UYWQYd3h27fOSsLLjh22pyA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=e4UULDXywQ06HwEzqi8GG0L/4uPwgX+tEGsLP/UzPHI=;
b=imzh4FfP25rQNSD/M6cvnilG6iLtWjHFVcM6Sg/a6L60gpwkmroIO9CgJ0SBc1MWaaGaWM5Au+gVHRn0OetlnonFBffbZV+BsXfBBtn/5fJjE8wMPUNqDSHZkwmqqdyApP0BIclRPI3yMcYTM+UEvgkNpON6z0viJ1/yHSsepotoPu0stTdcH0Sp9DAOl9mPY4V6XMFU1H6vj7zOE9CsdCszZOIvlQmiOkLPNAsYnxd3N3TuxDRITut4AZpHvYErSLPxF4+nmMX7wTEt+1/rlk1e/fmAEyNA9IXFaZ1z1TEETe+DO5hQBrhhSM84IVG3MwRj/sd84J/KQX6rJaBaIQ==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
23.83.223.167) smtp.rcpttodomain=mit.edu smtp.mailfrom=cryptonector.com;
dmarc=bestguesspass action=none header.from=cryptonector.com; dkim=pass
(signature was verified) header.d=cryptonector.com; arc=pass (0 oda=0 ltdi=0
93)
Authentication-Results: spf=pass (sender IP is 23.83.223.167)
smtp.mailfrom=cryptonector.com; dkim=pass (signature was verified)
header.d=cryptonector.com;dmarc=bestguesspass action=none
header.from=cryptonector.com;
Received-SPF: Pass (protection.outlook.com: domain of cryptonector.com
designates 23.83.223.167 as permitted sender)
receiver=protection.outlook.com; client-ip=23.83.223.167;
helo=skyblue.cherry.relay.mailchannels.net; pr=C
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1698265697; a=rsa-sha256;
cv=none;
b=bnOYgUG00yFC/xn+3O1ECVmG1selETkPUcii9Y9i0Kt4RaIfOOmkQM2TSSPDbtrC09p/tu
oBNGkLw94TxKNuXrmzN1l/2OhFvDIH3BDkAvsPqAZ2t77sfCuKT+cj8dNL1RjuoVZ1WNdP
QwwW0q86DU44QuGGN1xxVL3LAY/3WlrFCOGHwCUqrAqOAHekRrGgEweXEUYnFPbToAmaxo
YJcS/ruRUN3oglEQ3dWqqIky8mL+H95tKM1QqG2uTp9IyXsDjeBFUEq7/vlWC4VwnrRhoU
76nbzfkSzt7qhVKh4UzukTdlXQbvQmKwnN9yXry0CgrP6Xsl68S/CEHbZewnYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=mailchannels.net; s=arc-2022; t=1698265697;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:content-type:content-type:
in-reply-to:in-reply-to:references:references:dkim-signature;
bh=e4UULDXywQ06HwEzqi8GG0L/4uPwgX+tEGsLP/UzPHI=;
b=4AFOQoH0wbr1wMTdiv6lKge7OJ2bs6ZKf+5Q68hP4fPT4bVfvqAviatv2aRYNtjxAu8S0d
eQD9VbBgWdxmzBse72n8ppf6bEmY66AAKs0jar08nKWqmWHIzeHQtD0lpZIQIImddxP06j
SEmzToB1w23+H7LU1grH9y8/MXlK9IVEX5pXuk5xiBG9D98ju3pJ77uiXpZeFlXE6sGZQQ
s/rHvxDAtpLdmWajLuSKteFhsv2k7JbCh48wTXaRZw3NbttgYuQ7fYUhFTBY53wqvU4Eay
H3159ps3L/4Z7j15OU2Pz/yb4NA3eoOKm7joHkYuG3CQPUxpWiNPRsPfSlfmRQ==
ARC-Authentication-Results: i=1; rspamd-79d8cddc67-djptv;
auth=pass smtp.auth=dreamhost smtp.mailfrom=nico@cryptonector.com
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Arithmetic-Dime: 53a0a3037555d006_1698265697402_1588380623
X-MC-Loop-Signature: 1698265697402:3671434443
X-MC-Ingress-Time: 1698265697402
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptonector.com;
s=dreamhost; t=1698265697;
bh=e4UULDXywQ06HwEzqi8GG0L/4uPwgX+tEGsLP/UzPHI=;
h=Date:From:To:Cc:Subject:Content-Type;
b=pUc3N+r4kXSWXK6B9M0PF7ps6LtyDDTW5cA7ulDIzr5pZe9oG+N9CNIcEI6siF2hh
dU2fSL3zLi1OSBlys9YCzhyC/VQrsug3J54MuhZhcbYtsHXQ/PfOy/SaBPQW/3e0rK
EDhxhlSc2aCBCYKd5lb506eZ0TMsjs7EA89CuIYyQNRpaDQ0/x03/igyjY9kEX9bqC
oLZAjTJ6n7ysvGN/F3jCBTczb2kHvs/97ryxsJbkme/Tg1Ij4Bpl59i9TqEL/mEB+V
O+N/FNhbZ9fVpVT0GlP13q41y8Eg5DCKMa0RfqtqRXgB8bzM5I/YEBxMG99mgq2OVl
2wiSFtrz84IjQ==
Content-Disposition: inline
In-Reply-To: <CALF+FNwtDrQ0d+a=zsXyiYq6rhOiXXkqoxUnscwum0Q0wchLJQ@mail.gmail.com>
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MWH0EPF000971E2:EE_|SA1PR01MB6718:EE_
X-MS-Office365-Filtering-Correlation-Id: 939ac6e7-241c-466d-df74-08dbd598ec63
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: jER2YeZk8VqAKZHHHts7YS4VFvn7plHbfqQ5ZghFUO7zrbYbKYae24+UKWN32liSnLq1WG7/O5GH0dlF5367Hzte77r0NMowmtgwq91vp1YHut3hosNropWeytgmq0xNDiOz3KtJVgR5dwyoyuvphhAT35WIRYPUP+X/8gj5nqq4rH77P0gnQClWL5P2/4g5hXQAso4u4K5Qr2g2Qq+vST7a8fkHGBg6ldNlPyULmTz9IBaKDiudhmXHmijyPLCCcrkzXpTq+WwLyOVnLrnDeUZYijf9FApOJ/Y5tRkkkkZGEqZ/1MtL6Vzm9cxB9AQtx9cOLTOCU5M34r865cGL9jGGzYIV7s7YgfigE/2w8B123YQtuoH9IsWxhzitQD8OafJXkwvH2UO+Suhq2cgYQGfzeSnPFVEb5ADLTQZ+JwVtKX8wijFcIrfuJn9RvSWdSJDnVeVEG3yQfbtGMsPyqiF0vyYYJBJy9zURtKjKegf4tORXpag+itKneV/8HZRj4U4vYGe5jGWT1B7MHsyJVr8Mm/scRAXzKK6W0oYcou6IUX/eaz0mNHU5uPWYj+xkV368Da2otgZfZZpZjk2EX09jhoyqZaK7Jd51NEQrGY7uiAPeizSMTN9dY8FgF2V0PyyqwPvzsiHyZB10H++LTce3nDP2/h7UIGsVYVHBi/hhqIkZf+22f41cfDNbCWjJftcuCMwvBCeHsswMbgQeMQ==
X-Forefront-Antispam-Report: CIP:23.83.223.167; CTRY:CA; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:skyblue.cherry.relay.mailchannels.net;
PTR:skyblue.cherry.relay.mailchannels.net; CAT:NONE;
SFS:(13230031)(4636009)(39860400002)(376002)(136003)(346002)(396003)(48200799006)(61400799006)(64100799003)(451199024)(83380400001)(4326008)(2906002)(8676002)(6862004)(7596003)(9576002)(356005)(7636003)(9686003)(55016003)(5660300002)(316002)(786003)(498600001)(956004)(26005)(336012)(86362001)(558084003)(6266002)(54906003)(68406010)(70586007)(33716001);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 20:28:17.9520 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 939ac6e7-241c-466d-df74-08dbd598ec63
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000971E2.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR01MB6718
X-OriginatorOrg: mitprod.onmicrosoft.com
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <ZTl6Xh517q6d/yBV@ubby21>
X-Mailman-Original-References: <202310241950.39OJoa0Z000708@hedwig.cmf.nrl.navy.mil>
<3db2752e-565e-1f64-b354-9031a2fe9334@mit.edu> <ZTiT0ub2uv5A/b4E@ubby21>
<202310251251.39PCpTqc026799@hedwig.cmf.nrl.navy.mil>
<ZTk62q0DIAZmW0eL@ubby21>
<CALF+FNwtDrQ0d+a=zsXyiYq6rhOiXXkqoxUnscwum0Q0wchLJQ@mail.gmail.com>
 by: Nico Williams - Wed, 25 Oct 2023 20:28 UTC

On Wed, Oct 25, 2023 at 12:16:15PM -0400, Jeffrey Hutzelman wrote:
> In any case, I think the behavior Ken is seeing is that the initiator
> doesn't even assert a subkey -- it always uses the ticket session key. That
> seems... unfortunate.

That is.

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor