[5557] in Kerberos
Re: What is a GSSAPI channel binding?
daemon@ATHENA.MIT.EDU (Michael Shields)
Wed Jul 26 08:40:21 1995
To: kerberos@MIT.EDU
Date: 26 Jul 1995 12:02:36 -0000
From: shields@tembel.org (Michael Shields)
In article <MARC.95Jul25140610@dun-dun-noodles.cam.ov.com>,
Marc Horowitz <marc@cam.ov.com> wrote:
> >> If having addresses in the authenticator is optional in other
> >> protocols, shouldn't this be handled like the per-message QOP option?
>
> I'm not sure I understand your question. The application developer
> doesn't always know what underlying mechanism is in use, so it doesn't
> know if the addresses are needed. So it should always pass in channel
> bindings, and underlying mechanisms can choose to make use of this
> information, or throw it away.
The gss-sample application that comes with Kerberos 5 beta 5, though,
uses no channel bindings, and yet it works. So it's not necessary
to pass the information even if the underlying mechanism needs it.
(If it were, channel bindings could not be optional.)
krb5_gss_accept_sec_context(), in fact, will pull the address from
the channel binding into a krb5_address, but then returns without doing
anything with it (it has local scope). All it seems to do is checksum the
channel binding, not actually use its contents. This is consistent with
the fact that Kerberos tickets and authenticators are already keyed to
particular addresses. So it seems that the gssapi_krb5 library doesn't
actually add any security when you use channel bindings.
But my question was: If other protocols have the ability to choose
at the time data is sent whether it should be channel-bound or not,
shouldn't it be an option to gss_seal() and gss_sign(), instead of being
set at the time a security context is initiated? Or do channel bindings
apply to the token, not to the application data? If this seems unclear,
it's because I'm confused about what a channel binding actually does.
--
Shields.
