Win2000 and BIND GSS-TSIG Interoperability?

Wed Mar 8 17:33:23 UTC 2000

Hello,

To address David's concern about interoperability with Microsoft's GSS
implementation:  Microsoft has demonstrated interoperability between the
Windows 2000 Kerberos implementation and other Kerberos implementations,
such as Cybersafe.  I have attached links to interop information at the end
of this message.

We believe it is possible to build a GSS-TSIG implementation on a
non-Windows 2000 platform that will interoperate with Microsoft's GSS-TSIG
implementation.  We are willing to assist any vendor that wishes to build
one.

To answer David's other specific questions:

> a) Will Microsoft implement TSIG HMAC-MD5 in Windows 2000?

No, TSIG HMAC-MD5 was not implemented in Windows 2000.  We are evaluating
TSIG HMAC-MD5 for a future version of Windows.  However, TSIG HMAC-MD5
assumes either manual distribution of secret keys, or a TKEY exchange that
is protected by SIG(0).  Customers have indicated to me that GSS-TSIG (which
uses built-in Windows security and solves the secret key distribution
problem in a way that requires no additional management) is preferable over
a manual distribution of keys.  SIG(0) requires DNSSEC, which brings us to
the next question...

> b) Will Microsoft implement DNSSEC in Windows 2000?

No, DNSSEC was not implemented in Windows 2000.  We are evaluating DNSSEC
for a future version of Windows.  Like most PKI, DNSSEC is a complex system
to both implement and deploy.  We are concerned about the burden it may
place on our customers in terms of CPU usage for PK crypto, bandwidth usage
from KEY/SIG data in DNS responses, and the operational requirements of key
management.  We will continue to participate in the DNSEXT working group,
and continue to evaluate the viability of DNSSEC.  Note that without DNSSEC
we will not have SIG(0), which makes TSIG HMAC-MD5 less attractive due to
the manual key exchange requirement.

> c) Will Microsoft implement either Secure Update or Simple Secure Update
in Windows 2000?

No, secure update (RFC 2137) and simple secure update were not implemented
in Windows 2000.  We are continuing to track and evaluate the simple secure
update draft.

David, please forgive the delay in my reply.

Cheers,
- Stuart

Microsoft whitepaper on Windows 2000 Kerberos interop:
http://www.microsoft.com/windows2000/library/howitworks/security/kerbint.asp
Cybersafe whitepaper on Windows 2000 Kerberos interop:
http://www.cybersafe.com/PDFs/Window2000CyberSafeInteroperability.PDF
Microsoft press release on successful Kerberos interop deployment by a real
customer:
http://www.microsoft.com/PressPass/press/2000/Jan00/CyberSafePR.asp
For information on DNS Internet-Drafts and RFCs, see the DNSEXT working
group homepage:
http://www.ietf.org/html.charters/dnsext-charter.html
For information on GSS-TSIG:
http://www.ietf.org/internet-drafts/draft-skwan-gss-tsig-05.txt

-----Original Message-----
From: David R. Conrad [mailto:David.Conrad at nominum.com]
Sent: Sunday, March 05, 2000 1:23 AM
To: Scott Morizot
Cc: bind-users at isc.org
Subject: Re: Win2000 and BIND GSS-TSIG Interoperability?

Scott,

Sorry for the slow reply, I'm on travel right now.

> I recall past discussions
> on this list where some at the ISC had indicated that
> Microsoft had released insufficient details about
> their GSS extensions to TSIG to allow interoperability
> for secure dynamic updates to be built into BIND.

We have been unable to determine whether or not it is possible to implement
Microsoft's GSS-TSIG DNS extension that does not require the use of
Microsoft's version of Kerberos to be a "first class citizen" in Microsoft's
DNS architecture.  From the numerous press reports (e.g.,
http://dailynews.yahoo.com/h/zd/20000228/tc/20000228169.html), it doesn't
look
too good.

> And further, that Microsoft had not responded to
> inquiries by the ISC on the topic.  

On May 10, 1999, Stuart sent a note to bind-workers at isc.org saying
"Microsoft
may be willing
to assist in some capacity".  I responded to that note saying I would
interested in discussing how we could work together.  I do not believe there
was any response (that is, I don't have any record of a response, but it was
a
while back and I might have deleted it).  At the Orlando IETF (while Stuart
was kicking my butt in the video games there :-)), we discussed it briefly
and
due to miscommunication, I gather Stuart thought we wanted them to pay a
very
large amount of money to do the implementation (what I was actually asking
for
was for Microsoft to join with other organizations to form a consortium to
sponsor ISC in developing a DNS protocol test suite).  On November 5, 1999
Stuart sent me a note as a result of an article published in "Directions on
Microsoft" discussing the question of securing DNS updates.  In the ensuing
discussion, I asked Stuart the following questions:

 a) Will Microsoft implement TSIG HMAC-MD5 in Windows 2000?
 b) Will Microsoft implement DNSSEC in Windows 2000?
 c) Will Microsoft implement either Secure Update or Simple Secure Update in
    Windows 2000?

which were never answered (I'd note in passing that HMAC-MD5 is the
_mandatory_ TSIG algorithm).  I also stated the following:

...
    My interest is primarily in seeing the people are able to use dynamic 
    update securely.  GSS-TSIG like TSIG HMAC-MD5 and DNSSEC/{simple,}secure

    upate are merely tools to that end and I would like to see them all 
    (well, maybe not 2137 :-)) implemented as they all have advantages and 
    disadvantages.  I will reiterate the message I sent to you previously:

        Subject: Re: GSS TSIG in BIND?
        Date: Mon, 10 May 1999 12:45:51 -0700
        From: "David R. Conrad" <drc at isc.org>
        Organization: Internet Software Consortium
        To: Stuart Kwan <skwan at microsoft.com>

        Stuart,

        > If anyone is interested in adding GSS-TSIG to BIND, Microsoft 
        > may be willing to assist in some capacity.  

        I would be happy to discuss this in more detail if you'd like 
        to get the GSS-TSIG into mainline BIND (v9) code...

        Regards,
        -drc

    The offer is still open.
...

In subsequent mail, I offered to go up to Redmond (at my expense) to discuss
how ISC and Microsoft could work together.  Stuart indicated that wouldn't
be
necessary and that if we couldn't resolve the issue via e-mail or conference
call that they'd fly me up to Redmond.  I responded that would be fine, but
subsequently there was no communication.

> I was wondering if Microsoft actually is releasing
> sufficient detail for interoperability to be added
> to BIND or if it's just more smoke and mirrors?

It is unknown at this point in time as we have focused on implementing the
DNS
related working group standards and drafts.  From what we can tell, the
actual
implementation of GSS-TSIG itself shouldn't be that difficult provided you
have a GSS-API implementation lying around.  The big question is whether or
not the non-Microsoft implementations of GSS-API can interoperate with
Microsoft's Kerberos server in doing GSS-TSIG secured dynamic updates. 

ISC is _still_ interested in working with Microsoft and/or anyone else to
get
an interoperable implementation of GSS-TSIG into BIND version 9.

Rgds,
-drc
Executive Director, ISC

P.S. Feel free to forward to NTBugtraq as I'm not on that list.