From leifj at it.su.se Mon Jun 9 17:06:33 2003 From: leifj at it.su.se (Leif Johansson) Date: Mon, 09 Jun 2003 23:06:33 +0200 Subject: [Kdc-info] blasphemy Message-ID: <3EE4F6D9.10403@it.su.se> To actually start the design-process and make sure it goes quicker than so far (sorry) I have created a first draft UML-diagram of the information-model. Writing text from this once we are happy with the diagram should be relatively painless. I have given some thoughts to the multiplicity of the associations and to the types involved but not to the names in the model. Note that the names need have nothing to do with the names in any schema we eventually write from this. I have a couple of specific questions: * Is the keyversion associated with the key or with the principal? * Is the auxilliary key data (I was thinking about AES requirements) appropriate? * What exactly goes into password policy? There is a gif of the diagram but if you like to suggest edits (yes please!) you need to get Poseidon for UML. The "Community Edition" is free but needs java to run. Its a really nice UML-tool btw. http://www.gentleware.com I still hope to make the -00 cutoff for a first draft of the information model. Cheers Leif -------------- next part -------------- A non-text attachment was scrubbed... Name: kdc-info-diagram.gif Type: image/gif Size: 5402 bytes Desc: not available Url : http://mailman.mit.edu/pipermail/kdc-info/attachments/20030609/018f5d52/attachment.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: kdc-info.zargo Type: application/octet-stream Size: 6631 bytes Desc: not available Url : http://mailman.mit.edu/pipermail/kdc-info/attachments/20030609/018f5d52/attachment.obj From raeburn at MIT.EDU Tue Jun 10 23:23:14 2003 From: raeburn at MIT.EDU (Ken Raeburn) Date: Tue, 10 Jun 2003 23:23:14 -0400 Subject: [Kdc-info] blasphemy In-Reply-To: <3EE4F6D9.10403@it.su.se> (Leif Johansson's message of "Mon, 09 Jun 2003 23:06:33 +0200") References: <3EE4F6D9.10403@it.su.se> Message-ID: Leif Johansson writes: > * Is the keyversion associated with the key or with the principal? With the key -- or, perhaps, a set of keys. We might want the model to reinforce "my key is at version 4 and supports triple-DES and RC4" rather than "my DES key is at version 4 and my AES key is at version 5". At least, I *think* that's the way it needs to work. I haven't tried to really wrap my head around a way of making the second approach work, but I don't think it would. But maybe the model doesn't necessarily need to reinforce that. Not associated with the principal -- if you want to rekey a service, you want to keep the old key around on the KDC a while so people can renew tickets previously issued. What "flags" do you imagine being associated with a key? At this level, isn't it appropriate to spell them out? > * Is the auxilliary key data (I was thinking about AES > requirements) appropriate? We need something like that, but I'm not sure how to store it. All the KDC would care about would be the octet string form, but that's not what the admin system is going to care about. > * What exactly goes into password policy? Good question. I'll try to get to looking over the LDAP password policy stuff soon, for some ideas. Some random thoughts: I think there would be at least two categories of password-related policies: (1) when is a password change needed (including "now"); (2) what new passwords are allowed. I don't know if they'd be entirely independent; "you chose a short password, so you're going to have to change it again tomorrow." "When is a password change permitted" needs to be covered, but probably would fit in one of those two categories. Non-password policies and other info: - require preauth? what kind? handle for auxiliary data for preauth system, which might or might not be associated with key version numbers. (srp: probably associated with key and kvno; smart card: not associated) - can initial tickets be issued for this principal? (probably not for many random service principals, in many environments) boolean? - can service tickets be issued for this principal? (probably not for most user principals with relatively weak keys) boolean? - supported encryption types for service principals, since Kerberos doesn't allow the client and server to negotiate. MIT currently overloads the set of service keys for this purpose, but they really should be separate. Principal aliases? (Sorry for the rambling, I'm trying to head home shortly, and just want to get some of this down so I don't forget it. Let me know if I'm diving into too low a level of detail for the stuff we want.) BTW, I'm wondering if we should revisit the conclusion we came to (in Atlanta?) that the "minimal model" approach boiled down to almost nothing and thus wasn't interesting. A "minimum practical model" probably wouldn't use some of the hacks we were talking about (like having clients renew tickets frequently in lieu of storing max ticket lifetimes and/or expiration dates in the database), but wouldn't need nearly all the features the current KDC databases support. I think Sam or someone else at the London(?) meeting argued for it, and wasn't there when we decided to drop it. I don't recall the arguments for doing the miminal model. Ken From leifj at it.su.se Wed Jun 11 04:53:59 2003 From: leifj at it.su.se (Leif Johansson) Date: Wed, 11 Jun 2003 10:53:59 +0200 Subject: [Kdc-info] blasphemy In-Reply-To: References: <3EE4F6D9.10403@it.su.se> Message-ID: <3EE6EE27.3000104@it.su.se> Ken Raeburn wrote: >Leif Johansson writes: > > >> * Is the keyversion associated with the key or with the principal? >> >> > >With the key -- or, perhaps, a set of keys. We might want the model >to reinforce "my key is at version 4 and supports triple-DES and RC4" >rather than "my DES key is at version 4 and my AES key is at version >5". At least, I *think* that's the way it needs to work. I haven't >tried to really wrap my head around a way of making the second >approach work, but I don't think it would. But maybe the model >doesn't necessarily need to reinforce that. > There are two issues here: 1. Separation of key-stuff from non-key stuff in the model. 2. Association of the key version to the keytype. Issue 1 is a requirement of our work! We need to be very careful about what attribute we associate with principals. If the version is associated with the keyset then we probably need a new keyset object which has a 1-1 association with the principal but is separate from it. > >Not associated with the principal -- if you want to rekey a service, >you want to keep the old key around on the KDC a while so people can >renew tickets previously issued. > > Good point! >What "flags" do you imagine being associated with a key? >At this level, isn't it appropriate to spell them out? > > Yes. I was thinking about (from hdb.asn1) HDBFlags ::= BIT STRING { initial(0), -- require as-req forwardable(1), -- may issue forwardable proxiable(2), -- may issue proxiable renewable(3), -- may issue renewable postdate(4), -- may issue postdatable server(5), -- may be server client(6), -- may be client invalid(7), -- entry is invalid require-preauth(8), -- must use preauth change-pw(9), -- change password service require-hwauth(10), -- must use hwauth ok-as-delegate(11), -- as in TicketFlags user-to-user(12), -- may use user-to-user auth immutable(13) -- may not be deleted } But those are clearly associated with the pricipal. > > >> * Is the auxilliary key data (I was thinking about AES >>requirements) appropriate? >> >> > >We need something like that, but I'm not sure how to store it. All >the KDC would care about would be the octet string form, but that's >not what the admin system is going to care about. > > The admin system will have to understand how to encode the auxilliary data. This is essentially the same discussion we had about policy recently. Isn't a typed blob all you can hope to do in a general schema/model? > > >> * What exactly goes into password policy? >> >> > >Good question. I'll try to get to looking over the LDAP password >policy stuff soon, for some ideas. > > Good! >Some random thoughts: > >I think there would be at least two categories of password-related >policies: (1) when is a password change needed (including "now"); (2) >what new passwords are allowed. I don't know if they'd be entirely >independent; "you chose a short password, so you're going to have to >change it again tomorrow." "When is a password change permitted" >needs to be covered, but probably would fit in one of those two >categories. > >Non-password policies and other info: > > - require preauth? what kind? handle for auxiliary data for preauth > system, which might or might not be associated with key version > numbers. (srp: probably associated with key and kvno; smart card: > not associated) > > - can initial tickets be issued for this principal? (probably not > for many random service principals, in many environments) boolean? > > - can service tickets be issued for this principal? (probably not > for most user principals with relatively weak keys) boolean? > > - supported encryption types for service principals, since Kerberos > doesn't allow the client and server to negotiate. MIT currently > overloads the set of service keys for this purpose, but they really > should be separate. > > Are these general enough to warrant specification in the model? Maybe... >Principal aliases? > > Very good! >(Sorry for the rambling, I'm trying to head home shortly, and just >want to get some of this down so I don't forget it. Let me know if >I'm diving into too low a level of detail for the stuff we want.) > > No, great stuff. Cheers Leif From leifj at it.su.se Wed Jun 25 03:05:08 2003 From: leifj at it.su.se (Leif Johansson) Date: Wed, 25 Jun 2003 09:05:08 +0200 Subject: [Kdc-info] rsn Message-ID: <3EF949A4.3030508@it.su.se> I have almost finished a first draft of the kdc-info document based on the UML-design. I missed the 00 cutoff but I'd rather have something more substantial for this list. I'll post the draft here in a day or two. Cheers Leif From hartmans at MIT.EDU Wed Jun 25 18:41:27 2003 From: hartmans at MIT.EDU (Sam Hartman) Date: Wed, 25 Jun 2003 18:41:27 -0400 Subject: [Kdc-info] rsn In-Reply-To: <3EF949A4.3030508@it.su.se> (Leif Johansson's message of "Wed, 25 Jun 2003 09:05:08 +0200") References: <3EF949A4.3030508@it.su.se> Message-ID: >>>>> "Leif" == Leif Johansson writes: Leif> I have almost finished a first draft of the kdc-info Leif> document based on the UML-design. I missed the 00 cutoff but Leif> I'd rather have something more substantial for this Leif> list. I'll post the draft here in a day or two. Leif> Cheers Leif You may want to copy the main working group list on the draft. We probably also want to have agenda time to discuss. From leifj at it.su.se Thu Jun 26 02:20:56 2003 From: leifj at it.su.se (Leif Johansson) Date: Thu, 26 Jun 2003 08:20:56 +0200 Subject: [Kdc-info] rsn In-Reply-To: References: <3EF949A4.3030508@it.su.se> Message-ID: <3EFA90C8.7000703@it.su.se> Sam Hartman wrote: >>>>>>"Leif" == Leif Johansson writes: >>>>>> >>>>>> > > Leif> I have almost finished a first draft of the kdc-info > Leif> document based on the UML-design. I missed the 00 cutoff but > Leif> I'd rather have something more substantial for this > Leif> list. I'll post the draft here in a day or two. > > Leif> Cheers Leif > >You may want to copy the main working group list on the draft. We >probably also want to have agenda time to discuss. > > > I'll do that. How many of the usual suspects will be in Wienna? I'd like to schedule a hallway meeting on the information model. Cheers Leif From Morteza.Ansari at sun.com Thu Jun 26 03:14:33 2003 From: Morteza.Ansari at sun.com (Morteza Ansari) Date: Thu, 26 Jun 2003 00:14:33 -0700 Subject: [Kdc-info] rsn References: <3EF949A4.3030508@it.su.se> <3EFA90C8.7000703@it.su.se> Message-ID: <3EFA9D59.F4976320@sun.com> Leif Johansson wrote: > > Sam Hartman wrote: > > >>>>>>"Leif" == Leif Johansson writes: > >>>>>> > >>>>>> > > > > Leif> I have almost finished a first draft of the kdc-info > > Leif> document based on the UML-design. I missed the 00 cutoff but > > Leif> I'd rather have something more substantial for this > > Leif> list. I'll post the draft here in a day or two. > > > > Leif> Cheers Leif > > > >You may want to copy the main working group list on the draft. We > >probably also want to have agenda time to discuss. > > > > > > > I'll do that. How many of the usual suspects will be in Wienna? I'd like to > schedule a hallway meeting on the information model. I will be there. Cheers, Morteza From hahnt at us.ibm.com Thu Jun 26 08:00:04 2003 From: hahnt at us.ibm.com (Timothy Hahn) Date: Thu, 26 Jun 2003 08:00:04 -0400 Subject: [Kdc-info] rsn In-Reply-To: <3EFA90C8.7000703@it.su.se> Message-ID: Hi all, FYI - I will not be in Vienna. Regards, Tim Hahn Internet: hahnt at us.ibm.com Internal: Timothy Hahn/Durham/IBM at IBMUS phone: 919.224.1565 tie-line: 8/687.1565 fax: 919.224.2540 Leif Johansson Sent by: kdc-info-bounces at mit.edu 06/26/2003 02:20 AM To: Sam Hartman cc: kdc-info at mit.edu Subject: Re: [Kdc-info] rsn Sam Hartman wrote: >>>>>>"Leif" == Leif Johansson writes: >>>>>> >>>>>> > > Leif> I have almost finished a first draft of the kdc-info > Leif> document based on the UML-design. I missed the 00 cutoff but > Leif> I'd rather have something more substantial for this > Leif> list. I'll post the draft here in a day or two. > > Leif> Cheers Leif > >You may want to copy the main working group list on the draft. We >probably also want to have agenda time to discuss. > > > I'll do that. How many of the usual suspects will be in Wienna? I'd like to schedule a hallway meeting on the information model. Cheers Leif _______________________________________________ kdc-info mailing list kdc-info at mit.edu http://mailman.mit.edu/mailman/listinfo/kdc-info -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mit.edu/pipermail/kdc-info/attachments/20030626/8bdd26c3/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5190 bytes Desc: S/MIME Cryptographic Signature Url : http://mailman.mit.edu/pipermail/kdc-info/attachments/20030626/8bdd26c3/attachment.bin From wyllys.ingersoll at sun.com Thu Jun 26 08:49:04 2003 From: wyllys.ingersoll at sun.com (Wyllys Ingersoll) Date: Thu, 26 Jun 2003 08:49:04 -0400 Subject: [Kdc-info] rsn In-Reply-To: <3EFA90C8.7000703@it.su.se> References: <3EF949A4.3030508@it.su.se> <3EFA90C8.7000703@it.su.se> Message-ID: <3EFAEBC0.2050004@sun.com> I will be there. -Wyllys Leif Johansson wrote: > Sam Hartman wrote: > >>>>>>> "Leif" == Leif Johansson writes: >>>>>>> >> >> >> Leif> I have almost finished a first draft of the kdc-info >> Leif> document based on the UML-design. I missed the 00 cutoff but >> Leif> I'd rather have something more substantial for this >> Leif> list. I'll post the draft here in a day or two. >> >> Leif> Cheers Leif >> >> You may want to copy the main working group list on the draft. We >> probably also want to have agenda time to discuss. >> >> >> > I'll do that. How many of the usual suspects will be in Wienna? I'd like to > schedule a hallway meeting on the information model. > > Cheers Leif > > _______________________________________________ > kdc-info mailing list > kdc-info at mit.edu > http://mailman.mit.edu/mailman/listinfo/kdc-info From lukeh at PADL.COM Thu Jun 26 14:18:13 2003 From: lukeh at PADL.COM (Luke Howard) Date: Fri, 27 Jun 2003 04:18:13 +1000 Subject: [Kdc-info] rsn Message-ID: <200306261818.EAA53438@au.padl.com> I will be... -- Luke >From: Timothy Hahn >Subject: Re: [Kdc-info] rsn >To: kdc-info at mit.edu >Date: Thu, 26 Jun 2003 08:00:04 -0400 > >[Attachment: a1, multipart/signed] > >Hi all, > >FYI - I will not be in Vienna. > >Regards, >Tim Hahn > >Internet: hahnt at us.ibm.com >Internal: Timothy Hahn/Durham/IBM at IBMUS >phone: 919.224.1565 tie-line: 8/687.1565 >fax: 919.224.2540 > > > > > Leif Johansson >Sent by: kdc-info-bounces at mit.edu > >06/26/2003 02:20 AM > To: Sam Hartman > cc: kdc-info at mit.edu > Subject: Re: [Kdc-info] rsn > > >Sam Hartman wrote: > >>>>>>>"Leif" == Leif Johansson writes: >>>>>>> >>>>>>> >> >> Leif> I have almost finished a first draft of the kdc-info >> Leif> document based on the UML-design. I missed the 00 cutoff but >> Leif> I'd rather have something more substantial for this >> Leif> list. I'll post the draft here in a day or two. >> >> Leif> Cheers Leif >> >>You may want to copy the main working group list on the draft. We >>probably also want to have agenda time to discuss. >> >> >> >I'll do that. How many of the usual suspects will be in Wienna? I'd like to >schedule a hallway meeting on the information model. > > Cheers Leif > >_______________________________________________ >kdc-info mailing list >kdc-info at mit.edu >http://mailman.mit.edu/mailman/listinfo/kdc-info > > >_______________________________________________ >kdc-info mailing list >kdc-info at mit.edu >http://mailman.mit.edu/mailman/listinfo/kdc-info > -- Luke Howard | PADL Software Pty Ltd | www.padl.com From leifj at it.su.se Thu Jun 26 14:19:12 2003 From: leifj at it.su.se (Leif Johansson) Date: Thu, 26 Jun 2003 20:19:12 +0200 Subject: [Kdc-info] rsn In-Reply-To: <200306261818.EAA53438@au.padl.com> References: <200306261818.EAA53438@au.padl.com> Message-ID: <3EFB3920.1040000@it.su.se> Luke Howard wrote: >I will be... > > > It will be nice to meet you finally :-) From bob.joslin at hp.com Thu Jun 26 15:41:36 2003 From: bob.joslin at hp.com (Bob Joslin) Date: Thu, 26 Jun 2003 12:41:36 -0700 Subject: [Kdc-info] rsn In-Reply-To: Message-ID: <000601c33c1a$f5009c20$a6820d0f@cup.hp.com> I'm afraid I won't be able to make it, but I may have another representative. Bob Joslin -----Original Message----- From: kdc-info-bounces at mit.edu [mailto:kdc-info-bounces at mit.edu] On Behalf Of Leif Johansson Sent: Wednesday, June 25, 2003 11:21 PM To: Sam Hartman Cc: kdc-info at mit.edu Subject: Re: [Kdc-info] rsn Sam Hartman wrote: >>>>>>"Leif" == Leif Johansson writes: >>>>>> >>>>>> > > Leif> I have almost finished a first draft of the kdc-info > Leif> document based on the UML-design. I missed the 00 cutoff but > Leif> I'd rather have something more substantial for this > Leif> list. I'll post the draft here in a day or two. > > Leif> Cheers Leif > >You may want to copy the main working group list on the draft. We >probably also want to have agenda time to discuss. > > > I'll do that. How many of the usual suspects will be in Wienna? I'd like to schedule a hallway meeting on the information model. Cheers Leif _______________________________________________ kdc-info mailing list kdc-info at mit.edu http://mailman.mit.edu/mailman/listinfo/kdc-info From donnas at us.ibm.com Mon Jun 30 15:28:52 2003 From: donnas at us.ibm.com (Donna Skibbie) Date: Mon, 30 Jun 2003 14:28:52 -0500 Subject: [Kdc-info] rsn Message-ID: I will not be able to come to the Vienna meeting. Donna Skibbie, Distributed Systems Architect IBM Corporation; 11400 Burnet Road; Austin, TX 78758 USA Tel.: +1(512)838-3896 T/L 678; Fax: 8597 donnas at us.ibm.com Sent by: kdc-info-bounces at mit.edu To: kdc-info at mit.edu cc: Subject: [Kdc-info] rsn I have almost finished a first draft of the kdc-info document based on the UML-design. I missed the 00 cutoff but I'd rather have something more substantial for this list. I'll post the draft here in a day or two. Cheers Leif _______________________________________________ kdc-info mailing list kdc-info at mit.edu http://mailman.mit.edu/mailman/listinfo/kdc-info -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mit.edu/pipermail/kdc-info/attachments/20030630/b7f3abcc/attachment.htm