Internet DRAFT - draft-ietf-krb-wg-sha1

draft-ietf-krb-wg-sha1



INTERNET DRAFT                                                K. Raeburn
Kerberos Working Group                                               MIT
Document: draft-ietf-krb-wg-sha1-00.txt                 October 18, 2004
                                                  expires April 18, 2005


                  Unkeyed SHA-1 Checksum Specification
                             for Kerberos 5


Status of this Memo
   By submitting this Internet-Draft, I certify that any applicable
   patent or other IPR claims of which I am aware have been disclosed,
   or will be disclosed, and any of which I become aware will be
   disclosed, in accordance with RFC 3668.


   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.


   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than a "work in progress."


   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html


   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html


Copyright Notice


   Copyright (C) The Internet Society (2004).  All Rights Reserved.


Abstract


   The Kerberos cryptosystem specification requires a profile detailing
   several operations for a new checksum type for ensuring the integrity
   of data in Kerberos and related protocol exchanges.  This document
   specifies the use of a simple unkeyed checksum type based on SHA-1.









Raeburn                                                         [Page 1]
INTERNET DRAFT                                              October 2004



1. Introduction


   The Kerberos cryptosystem specification requires a profile detailing
   several operations for a new checksum type for ensuring the integrity
   of data in Kerberos and related protocol exchanges.  This document
   specifies the use of a simple unkeyed checksum type based on SHA-1.


   (...to be expanded on a bit, describe PKINIT use...)


2. Checksum Definition


   The SHA-1 Kerberos checksum type calculates a checksum using the
   SHA-1 hash algorithm.  This algorithm takes as input a message of
   arbitrary length, and produces as output a 160-bit (20 octet) hash
   value.


   Any general specification of a Kerberos checksum value to be computed
   must include the encryption key and a key usage value [KCRYPTO].
   Both of these values are ignored for the SHA-1 checksum type, thus
   this checksum algorithm may be used with any encryption key type.


   The parameters for the Kerberos checksum profile for this type are
   thus:



                                   sha1
               ----------------------------------------------
               associated cryptosystem   any


               get_mic                   sha1(msg)


               verify_mic                get_mic and compare



   The sha1 checksum algorithm is assigned a checksum type number of 14.


3. Security Considerations


   Unkeyed checksum types should be used with caution, in limited
   circumstances where the lack of a key does not provide an avenue for
   an attacker to compromise the integrity of the data being conveyed.
   Even when encrypted, the use of unkeyed checksums may allow some
   forms of attack; this is discussed in the Security Considerations
   section of [KCRYPTO].


   The use of unkeyed checksums for integrity protection should be done
   with great care.





Raeburn                                                         [Page 2]
INTERNET DRAFT                                              October 2004



4. IANA Considerations


   The Kerberos checksum type values 10 and 14 have both been reserved
   for "sha1 (unkeyed)" per [KCRYPTO], the latter with intent to use it
   with this specification, and the former on the basis of speculation
   that some implementation might have used that value for the same
   purpose.


   XXX...mention PKINIT above as the intended use?


   IANA is directed to assign the Kerberos checksum type value 14 to
   "sha1" with a reference to this document.


   As no supporting information has been found regarding any existing
   experimental use of or specification for Kerberos checksum type 10,
   IANA is directed to delete that registry entry, leaving the value
   available for future assignment.


Normative References


   [KCRYPTO]
      Raeburn, K., "Encryption and Checksum Specifications for Kerberos
      5", draft-ietf-krb-wg-crypto-07.txt, February 2004.
   [SHA1]
      NIST, "Secure Hash Standard", FIPS PUB 180-1, April 1995.


Informative References


   [KRB]
      Neuman, C., Yu, T., Hartman, S., and K. Raeburn, "The Kerberos
      Network Authentication Service (V5)", draft-ietf-krb-wg-kerberos-
      clarifications-07.txt, September 2004.
   [PKINIT]
      Tung, B., Neuman, C., Hur, M., Medvinsky, A., Medvinsky, S., Wray,
      J., and J. Trostle, "Public Key Cryptography for Initial
      Authentication in Kerberos", draft-ietf-cat-kerberos-pk-
      init-20.txt, July 2004.


Author's Address


   Kenneth Raeburn
   Massachusetts Institute of Technology
   77 Massachusetts Avenue
   Cambridge, MA 02139
   raeburn@mit.edu







Raeburn                                                         [Page 3]
INTERNET DRAFT                                              October 2004



Full Copyright Statement


   Copyright (C) The Internet Society 2004.  This document is subject to
   the rights, licenses and restrictions contained in BCP 78, and except
   as set forth therein, the authors retain all their rights.


Disclaimer


   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.




































Raeburn                                                         [Page 4]