PKINIT and TD-DH-PARAMETERS in KRB-ERROR

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

PKINIT and TD-DH-PARAMETERS in KRB-ERROR

Larry Zhu

Folks, shall we add the following into security considerations?

   Kerberos error messages are not integrity protected, as a result, the
   domain parameters sent by the KDC as TD-DH-PARAMETERS can be tampered
   with by an attacker so that the set of domain parameters selected
   could be either weaker or not mutually preferred.  Local policy can
   configure sets of domain parameters acceptable locally, or disallow
   the negotiation of DH domain parameters.

I took this mostly out of the pkinit-ecc ID.

-- larry

Reply | Threaded
Open this post in threaded view
|

Re: PKINIT and TD-DH-PARAMETERS in KRB-ERROR

Love Hörnquist Åstrand

"Liqiang(Larry) Zhu" <[hidden email]> writes:

> Folks, shall we add the following into security considerations?
>
>    Kerberos error messages are not integrity protected, as a result, the
>    domain parameters sent by the KDC as TD-DH-PARAMETERS can be tampered
>    with by an attacker so that the set of domain parameters selected
>    could be either weaker or not mutually preferred.  Local policy can
>    configure sets of domain parameters acceptable locally, or disallow
>    the negotiation of DH domain parameters.
>
> I took this mostly out of the pkinit-ecc ID.
I find it strange that the PK-INIT error PA-DATA isn't protected using the
certificate of the KDC.

Love


attachment0 (487 bytes) Download Attachment