INTERNET-DRAFT J. Michener, D. Fritch, M. Gayman Novell, Inc. Expires 9 February 2000 9 August 1999 Multi-Authentication Framework Method for SOCKS V5 Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026 This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups MAY also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and MAY be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ``work in progress.'' The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. To view the entire list of current Internet-Drafts, please check the ``lid abstracts.txt'' listing contained in the Internet-Drafts Shadow directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). Abstract SOCKS V5 [RFC 1928] provides a means to select one from among a number of authentication methods but does not provide any means for utilizing multiple authentication methods to obtain certain desired authentication properties. MAF is a client-initiated but server-managed framework. MAF relies on a trusted Authentication Management Server (AMS) to: 1) Select the authentication methods to be invoked, 2) order the execution of methods at the client, as appropriate, and 3) assign integrity grades to the final, composite authentication after all methods that were invoked have completed. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. Please send comments on this document to the aft@socks.nec.com mailing list. 1. Introduction During an initial SOCKS V5 negotiation, the client and server negotiate an authentication method. The METHOD value to invoke this proposed multi authentication framework (MAF) SHALL be X'08' (this value falls within the IANA assigned range indicated in RFC 1928 and was assigned by IANA to this proposed method in August 1998.) 128-bit (16-byte) UUIDs (Universally Unique Identifiers, as defined in Michener, et al. Expires 9 February 2000 [Page 1] INTERNET-DRAFT MAF for SOCKS V5 August 1999 [1]) are one form of method identifier used in this protocol. GUIDs (Globally Unique Identifiers), such as those generated by development tools from Microsoft, Incorporated, are suitable as UUIDs. Unless otherwise specified, all integer values larger than one byte will appear in the protocol messages in most-significant byte first order, i.e., network order. 2. Sub-negotiation Sub-negotiation, as defined by the SOCKS V5 protocol, begins after the client has selected the MAF method within the SOCKS protocol. All aspects of sub-negotiation are conducted under the control of the server. The client sends an initial MAF version identifier and potential methods list message to the server: |-------+-----+-------+-----------+------------+---------+ | INSTR | VER | FLAGS | NCMETHODS | LENGTH OF | COMPACT | | | | | (n) | METHOD IDS | METHODS | |-------+-----+-------+-----------+------------+---------+ | 1 | 1 | 2 | 1 | 1 (4) | 4 x n | |-------+-----+-------+-----------+------------+---------+ | V +------------------------------------------------------+ | V [ +-----------+------------+---------+ ] +---------| [ | NLMETHODS | LENGTH OF | LONG | ] | END OF | [ | (m) | METHOD IDS | METHODS | ] | METHODS | [ +-----------+------------+---------+ ] . . . +---------| [ | 1 | 1 (16) | 16 x m | ] | 1 (0) | [ +-----------+------------+---------+ ] +---------| The INSTR field is a byte that specifies the operation being performed. The values defined at this time, and their colloquial names (in parentheses, if established), and the direction of the message (client to server, server to client, or either) are: X'FF' Failure and disconnect (Failure), server to client X'00' Success (Done), server to client X'01' MAF methods supported (Can Do or List), client to server X'02' Request additional MAF methods supported (Send More Can Do), server to client X'03' Do, server to client X'04' What next, client to server X'05' Process, either X'06' Acknowledge, either X'07' Process OEM specific (OEM), either To start the sub-negotiation the INSTR field is set to ``MAF methods supported'' (Can Do), X'01'. Michener, et al. Expires 9 February 2000 [Page 2] INTERNET-DRAFT MAF for SOCKS V5 August 1999 The VER field is a byte and is set to the version of the MAF protocol. At this time VER will be X'01'. The FLAGS field is an unsigned 16-bit value. At this time it is set to X'0000'. It provides for future tuning or extensions of the protocol. The MAF method identifiers in this second version of the design have two possible formats: A compact or short format consisting of well known 32 bit (4-byte) unsigned integer values and a long format consisting of 128 bit (16-byte) UUIDs. Compact MAF methods IDs are fixed and unalterable after they have been registered (by the IANA or other authority). UUIDs are fixed and unalterable after they have been generated and then employed to identify a particular vendor's method. Consequentially, MAF methods do not have any version identifications per se and many common version incompatibilities are thus avoided. If a method is later found to be inadequate, the revised compact method identifier SHOULD be registered or a new UUID generated by the vendor and the replacement MAF method module SHOULD be released. A bug found in a released method MAY require a new identifier or MAY retain its former UUID or registered identifier, depending on the nature of the bug and the distribution of the method. NCMETHODS is a byte containing the number of 32-bit compact method IDs in the COMPACT METHODS field that follows the first LENGTH OF METHOD IDS field, which has a fixed value of 4 above. NLMETHODS is the number of 16 byte UUIDs in the LONG METHODS field that follows the second LENGTH OF METHOD IDS field, which has a fixed value of 16 above. A single byte of 0 follows the last long format method ID. The 32-bit compact method IDs are, as stated in the abstract section, in most-significant byte first order and they are not necessarily aligned on 4-byte boundaries in the packet. The byte values in the 16-byte UUIDs are in their standard order as defined by the reference above to the OSF DCE document that describes the algorithm for generating them. If the client has more MAF method IDs, in either compact or long form, that it can send to the server, the client includes the compact method ID X'00000002' anywhere in the list of 32-bit values to notify the server that more IDs are available. It is the prerogative of the server whether or not to ask for the additional method IDs by sending to the client a reply with a value of X'02' in the INSTR field (Send More Can Do) with a value of X'01' in VER. The packet diagrammed above is a specific instance of the general design for this message, which allows the method IDs to be any size from 1 to 255 bytes and allows from 1 to 255 methods of the same length to be grouped together. The three fields bracketed by [ and ] constitute the general structure that can be repeated as needed in the message, with different values. The last byte of 0 (which would be the number of methods in the next grouping) is always present after the last group of method IDs. To simplify the logic of constructing this packet, all method IDs of the same length SHOULD be sent together in the message. In consideration of future method IDs of lengths other than 4 and 16, it Michener, et al. Expires 9 February 2000 [Page 3] INTERNET-DRAFT MAF for SOCKS V5 August 1999 is likely that the length of a method ID will implicitly indicate the identification space of the value, i.e., an ID that is 4 bytes long is a registered compact format ID, an ID of 16 bytes is a long format UUID, etc. Two IDs of the same value (disregarding more significant bytes of zeroes or encoding differences) will likely not identify the same method if they are of different lengths, e.g., a future one byte ID of 0x09 will not be the same as a four byte ID of 0x00000009. Nothing SHOULD be imputed or inferred from the order of the method IDs (either compact or long) in the data sent from the client to the server in this packet. Thus it is allowed that the compact method IDs could follow the UUIDs. Either format of IDs could also be absent from the message. The server MAY select one of the MAF methods identified in either METHODS field (if none of the methods would meet the requirements of authentication policies on the server and the client did not indicate that more method IDs were available, the value of the method selected would be Failure) and send a Do command: |-------+-----+-------+------+--------| | INSTR | VER | FLAGS | MLEN | METHOD | |-------+-----+-------+------+--------| | 1 | 1 | 2 | 1 | MLEN | |-------+-----+-------+------+--------| The INSTR field is set to ``Do'', X'03'. As above, the VER field is set to the version of the MAF protocol. At this time VER is set to X'01' and the FLAGS field is set to X'0000'. The MAF method ID to be performed is entered in the METHOD field. The length of this field in bytes is the value of the single byte MLEN, either 4 for a compact method identifier or 16 for a long identifier. If the server instructs the client to send more method IDs, via the X'02' ``Request additional MAF methods supported'' instruction, the server will use the FLAGS field to specify either a relative list (the client is to send only methods IDs that have not already been sent) or an absolute list (the client is to start sending the method IDs again as the original list, starting with the first method ID it sent). The FLAGS field will be X'0000' for a relative method ID list or X'0001' for an absolute method ID list. The client and the server protocol managers then call the appropriate executable modules, or subroutines, to run the specified authentication method. It is anticipated that each method would be a separate binary, executable file. The mapping of method IDs, in either compact or long form, to the names and paths of the files containing the executable code is an implementation issue and is not addressed here. The exchange between the selected client and server modules will use the following data packet: |-------+-----+-------+------+--------+--------+-------+--------| | INSTR | VER | FLAGS | MLEN | METHOD | PAD | DLEN | DATA | |-------+-----+-------+------+--------+--------+-------+--------| Michener, et al. Expires 9 February 2000 [Page 4] INTERNET-DRAFT MAF for SOCKS V5 August 1999 | 1 | 1 | 2 | 1 | MLEN | 0 to 3 | 4 | DLEN | |-------+-----+-------+------+--------+--------+-------+--------| The INSTR field is set to ``Process'', X'05'. As above, the VER field is set to the version of the MAF protocol. At this time VER is set to X'01' and the FLAGS field is set to X'0000'. The ID of the MAF method being performed is present in the METHOD field. The length of this field in bytes is the value of the single byte MLEN, either 4 for a compact method identifier or 16 for a long identifier. The particular data being processed is sent to the client from server or from the server to the client in the DATA field as a byte array, with the length of the array specified in the DLEN field. The PAD field is 0 to 3 bytes of unspecified values to align the DLEN field to a 4-byte boundary relative to the beginning of the packet. Exchange of data between the method on the client and the method on the server, via ``Process'' packets, continues as long as the two need to run during the particular authentication process. The client and server methods return success or failure to their respective client and server protocol manager modules. In either outcome case, the client sends the following message to the server: |-------+-----+-------| | INSTR | VER | FLAGS | |-------+-----+-------| | 1 | 1 | 2 | |-------+-----+-------| The INSTR field is set to ``What next'', X'04'. At this time VER is set to X'01' and the FLAGS field is set to X'0000'. In the event of failure of an authentication method or of the authentication process, the server MAY instruct the client to close (disconnect) the connection. If the method succeeded, or if it failed and the server does not need to direct the client to close the connection, the server MAY instruct the client to execute another MAF method module. At the end of the process, as determined by policies and controls on the server, the server will send the following in response to ``What next'': |-------+-----+-------+------+--------| | INSTR | VER | FLAGS | MLEN | METHOD | |-------+-----+-------+------+--------| | 1 | 1 | 2 | 1 | MLEN | |-------+-----+-------+------+--------| If the composite authentication process succeeded, the INSTR field will be set to ``Success'', X'00', MLEN to 4, and METHOD to Success, X'00000000'. If the authentication process failed, the INSTR field will be set to ``Failure'', X'FF', MLEN to 4, and METHOD to Failure, X'FFFFFFFF'. In either outcome case, VER is set to X'00' and FLAGS is Michener, et al. Expires 9 February 2000 [Page 5] INTERNET-DRAFT MAF for SOCKS V5 August 1999 set to X'0000'. Upon receipt of either the ``Success'' or ``Failure'' messages by the client, the client will send an acknowledgement to the server. The server will indicate reception of the acknowledge by replying with an acknowledge message as well: |-------+-----+-------| | INSTR | VER | FLAGS | |-------+-----+-------| | 1 | 1 | 2 | |-------+-----+-------| The INSTR field is set to ``Acknowledge'', X'06'. At this time VER is set to X'01' and the FLAGS field is set to X'0000'. The acknowledge message serves to synchronize the MAF protocol client and the server. 3. Process OEM Specific The ``Process OEM specific'' instruction, X'07', provides a mechanism for the client and server MAF protocol managers to exchange data before or after a method has been invoked (when a given method is running on the client and server, the implementers are free to use the data field of the ``Process'' message to implement any form of communication between the client and the server modules.) The server can send an ``OEM'' message only in response to ``What next'', ``Can Do'', or ``OEM'' messages from the client. The client can send an ``OEM'' message to the server before sending a ``Can Do'' or ``What next'' message or in response to a previous ``Process OEM specific'', ``Success'', or ``Failure'' message from the server. When one end sends an ``OEM'' message the other end MUST respond with an ``OEM'' message as an acknowledgment. The acknowledgment message can contain no significant data, if desired. When the exchange of ``OEM'' messages is complete, the protocol managers continue with the standard aspects of MAF. The ``Process OEM specific'' message is composed as follows: |-------+-----+-------+----------+---------+--------+--------+ | INSTR | VER | FLAGS | RESERVED | OEM ID | OEM ID | PAD | | | | | ZEROES | LEN (n) | | BYTES | |-------+-----+-------+----------+---------+--------+--------+ | 1 | 1 | 2 | 3 | 1 | n | 0 to 3 | |-------+-----+-------+----------+---------+--------+--------+ | V +------------------------------------------------------------+ | V +-------+------| | DLEN | DATA | | (m) | | +-------+------| Michener, et al. Expires 9 February 2000 [Page 6] INTERNET-DRAFT MAF for SOCKS V5 August 1999 | 4 | m | +-------+------| The INSTR field is set to ``OEM'', X'07'. As above, the VER field is set to the version of the MAF protocol. At this time VER is set to X'01' and the FLAGS field is set to X'0000'. The RESERVED ZEROES field is for future use or features. The length in bytes of the OEM ID field is entered into the OEM ID LEN field. In this version of MAF, the length will be either 4 for compact OEM IDs or 16 for long OEM IDs that are UUIDs. The particular data being processed is sent from one end to the other in the DATA field as a byte array, with the length of the array specified in the DLEN field. The PAD BYTES field is 0 to 3 bytes of unspecified values to align the DLEN field to a 4-byte boundary relative to the beginning of the packet (for the 4- or 16-byte OEM IDs proposed here, this field is absent.) For an acknowledgment message, DLEN can be zero. If the client or server receives an ``OEM'' message with an OEM ID that it does not recognize or support, it will reply with an ``OEM'' message with the OEM ID set to X'FFFFFFFF' and DLEN set to 0 to so indicate. 3.1 Current Compact OEM IDs X'FFFFFFFF' OEM ID not recognized or supported X'00000000' Internal Test IDs To X'00000003' X'00000004' Reserved X'00000005' To Reserved for proprietary IDs, assigned by X'0000FFFF' Novell X'00010000' and up General IDs, assigned by the IANA 3.2 Current Compact MAF Method IDs X'FFFFFFFF' Failure X'00000000' Success X'00000001' Internal Test Method ID X'00000002' More method IDs are available X'00000003' Reserved X'00000004' Reserved X'00000005' To Reserved for proprietary method IDs, assigned X'0000FFFF' by Novell Michener, et al. Expires 9 February 2000 [Page 7] INTERNET-DRAFT MAF for SOCKS V5 August 1999 X'00010000' and up General MAF authentication method IDs, assigned by the IANA 4. Security Considerations MAF enables the efficient combination of multiple authentication mechanisms (allowing the combination of something the user holds, something the user knows, and something the user is). This allows for the reliable establishment of user identity during the authentication session if the methods are appropriately chosen and appropriately managed. The selection of methods and their management are not addressed by MAF. Improper selection of methods and inappropriate management of the authentication process can invalidate any authentication, including that provided by MAF. If critical data such as long-term passwords or biometric data are exchanged between the client and the server, appropriate steps SHOULD be taken to secure it at the client (so that an attacker cannot acquire this data), to secure it over the communications channel (using encryption), and to secure this data and its processing at the server. Without appropriate security and integrity at each link in the authentication process, the integrity of the authentication cannot be assured. 5. References [RFC 1928] Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., & Jones, L., ``SOCKS Protocol V5'', April 1996. [1] Steven Miller, ``DEC/HP Network Computing Architecture Remote Procedure Call RunTime Extension Specification Version OSF TX1.0.11'', July 23, 1992. 6. Acknowledgements We express our thanks to Tolga Acar, Fred Ghiradelli, Tammy Green, and Hal Henderson for assistance in the development of this document. 7. Authors' Addresses John Michener Novell, Inc. 122 East 1700 South Provo Utah, 84606-6194 Phone: +1 801 861-7000 Fax: +1 801 861-2522 Email: jmichener@novell.com Dan Fritch Novell, Inc. 122 East 1700 South Provo Utah, 84606-6194 Phone: +1 801 861-7000 Michener, et al. Expires 9 February 2000 [Page 8] INTERNET-DRAFT MAF for SOCKS V5 August 1999 Fax: +1 801 861-2522 Email: dfritch@novell.com Mark Gayman Novell, Inc. 122 East 1700 South Provo Utah, 84606-6194 Phone: +1 801 861-7000 Fax: +1 801 861-2522 Email: mgayman@novell.com 8. Full Copyright Statement Copyright (C) The Internet Society (1999). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implmentation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." Michener, et al. Expires 9 February 2000 [Page 9]