GSS-API and libkrb5 behavior for Anonymous tickets

Sam Hartman hartmans at MIT.EDU
Tue Nov 3 12:37:47 EST 2009

>>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:

    Greg> Finally: it's my understanding (though I haven't read the
    Greg> anonymous pkinit spec) that it is valid to do anonymous
    Greg> pkinit to a realm you can't verify the certificate of, and
    Greg> that this may be valuable in obtaining a FAST armor
    Greg> ticket--with the proviso that your armor is then vulnerable
    Greg> to a man-in-the-middle attack.  It sounds like your
    Greg> implementation is not going to allow that case at first, but
    Greg> the interface should keep that case in mind as a future
    Greg> possibility.

I agree the libkrb5 interface should keep that in mind.  I'm not sure
this matches the GSS-API model well enough to support there.

In particular, take a look at the requirements in
draft-ietf-krb-wg-anon-10 for the anonymous KDC case.  The text seems
to place a fairly strong requirement that you verify the KDC before
using the ticket.  So, I'm not sure it would be permitted to use it in
a normal ap exchange.  If we ignore that, then it would perhaps be
permissible to use such a ticket in gss-api with the mutual
authentication flag cleared, although you would get very different
security guarantees than you typically do with Kerberos especially if
you use per-message protection.  I'm not sure if that's OK or not.

More information about the krbdev mailing list