GSS-API based Authentication and Key Establishment in TLS - PowerPoint PPT Presentation

About This Presentation
Title:

GSS-API based Authentication and Key Establishment in TLS

Description:

GSS-API based Authentication and Key Establishment in TLS. Stefan Santesson. Microsoft ... Allow primary Kerberos over a generic GSS-API based exchange ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 6
Provided by: stefansa
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: GSS-API based Authentication and Key Establishment in TLS


1
GSS-API based Authentication and Key
Establishment in TLS
  • Stefan Santesson
  • Microsoft

2
Current status
  • Subject presented at last IETF
  • First individual draft submitted
  • http//www.ietf.org/internet-drafts/draft-santesso
    n-tls-gssapi-01.txt
  • Discussion on TLS list raised concerns

3
Design goals
  • Replacing RFC 2712
  • Allow primary Kerberos over a generic GSS-API
    based exchange
  • Obtain channel binding between authentication and
    the encrypted channel.
  • Allow certificate less TLS
  • Transparency for applications using TLS as means
    of client authentication.
  • Protocol efficiency

4
Protocol design
  • Alternative design proposals discussed
  • Proposal by Pasi places GSS-negotiation after the
    TLS handshake.
  • Channel binding performed after completed channel
    setup
  • Does not provide certificate less TLS
  • Does provide encryption protection of the GSS
    exchange
  • Problem for applications requiring client
    authentication to be obtained through the TLS
    handshake

5
Way forward
  • Openness toward different technical solutions
    that provide adequate functionality in a way that
    the community can accept
  • Recognition of the importance of enbaling
    alternative authentication methods over TLS
  • Acceptance by the TLS working group to work on an
    appropriate solution using current draft as a
    starting point for the work.
Write a Comment
User Comments (0)
About PowerShow.com