signing-key for AD-KDC-ISSUED

Peter Mogensen apm at one.com
Tue Jun 3 04:29:15 EDT 2014


Hi,

I noticed what seems to be an ambiguity in RFC4120. Regarding 
ad-checksum for AD-KDC-ISSUED it states:

first:
----------
ad-checksum
       A cryptographic checksum computed over the DER encoding of the
       AuthorizationData in the "elements" field, keyed with the session
       key.  Its checksumtype is the mandatory checksum type for the
       encryption type of the session key, and its key usage value is 19.
-----------

then later:
-----------
For KDC-issued elements, this is prevented because the elements are
    signed by the KDC by including a checksum encrypted using the
    server's key (the same key used to encrypt the ticket or a key
    derived from that key).
-----------

This seems to be conflicting. First it says the signing-key is the 
session-key, then it says it's the service-key used to encrypt the ticket.

Using the service-key seems to make more sense and it's also what I can 
see the draft for AD-CAMMAC uses for svc-verifier.

What puzzles me is that the first text seems to have been changed from 
draft-03 to draft-04 for RFC4120. The draft-03 text states:
-----------
   ad-checksum
       A checksum over the elements field using a cryptographic checksum
       method that is identical to the checksum used to protect the
       ticket itself (i.e. using the same hash function and the same
       encryption algorithm used to encrypt the ticket) using the key
       used to protect the ticket, and a key usage value of 19.
-----------

Which of of course is a bit unclear about what exactly is checksummed, 
but on the other hand is consistent about which key is used.

Is this change from draft-03 to draft-04 an error wrt. using the 
session-key?

/Peter

PS:
I can see that the MIT example authdata plugin "greeter" actually uses 
the session-key for making ad-data KDC-ISSUED.



More information about the Kerberos mailing list