RFC 4121 & acceptor subkey use in MIC token generation
Nico Williams
nico at cryptonector.com
Thu Oct 26 16:30:40 EDT 2023
On Thu, Oct 26, 2023 at 03:22:17PM -0500, Nico Williams wrote:
> On Thu, Oct 26, 2023 at 03:58:57PM -0400, Jeffrey Hutzelman wrote:
> > On Thu, Oct 26, 2023 at 3:41 PM Nico Williams <nico at cryptonector.com> wrote:
> > > So what can you do? Well, you could build an online kerberized CA that
> > > vends short-lived OpenSSH-style certificates, then use that for SSH.
> >
> > OpenSSH apparently does not support X.509 certificates because they believe
> > there is too much complexity. This is roughly the same problem we had with
> > getting GSS support into OpenSSH -- they are afraid of security technology
> > they didn't invent.
>
> For GSS-KEYEX they have a point: that the CNAME chasing behavior of
> Kerberos libraries is problematic. [...]
Also, they can run GSS and PKI code privsep'ed, though they'd need a way
to do that on the client side too (on OpenBSD they have pledge(2) for
that, but that's not portable).
For PKIX they could just have used Heimdal's ASN.1 compiler, and fuzz
the crap out of it (we do), and that would probably have been better
than building a new certificate system.
Though ideally we should be using memory-safe languages for all of this
and leave C in the dust. That's just a long, slow slog though.
Nico
--
More information about the Kerberos
mailing list