It does answer my question, Ben. This begs the question why the collision of session keys is suddenly a problem in the ACE context when it wasn't a problem so far. Something must have changed.
Ciao Hannes -----Original Message----- From: Benjamin Kaduk [mailto:[email protected]] Sent: 26 June 2018 17:00 To: Hannes Tschofenig Cc: Mike Jones; Jim Schaad; [email protected]; [email protected] Subject: Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02 On Tue, Jun 26, 2018 at 08:53:57AM +0000, Hannes Tschofenig wrote: > Ben, > > I was wondering whether the situation is any different in Kerberos. If the > KDC creates tickets with a session key included then it needs to make sure > that it does not create the same symmetric key for different usages. > The key in the Kerberos ticket is similar to the PoP key in our discussion. > > Are we aware of key collision in Kerberos? I don't believe key collision is an issue in Kerberos. Long-term keys (which are not what we're talking about here) are identified by a principal name, encryption type, and version number. Session keys that are contained within tickets (and returned to the client in the KDC-REP) are random, so even if we are only using the birthday bound we're still in pretty good shape. The modern enctypes tend to use subsession keys generated by the client and/or server as well as the KDC-generated session key, which provides further binding to the current session. Does that answer your question? -Ben IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
