Clarifications and Extensions to the GSS-API for the Use of Channel Bindings

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in .

The base GSS-API v2, update 1 specification provides a facility for channel binding (see also ), but its treatment was incomplete. The C-bindings of the GSS-API expanded a little on this facility in what should have been a generic way, but was a C-specific way, and still, the treatment of this facility was incomplete. This document clarifies the GSS-API's channel binding facility and generalizes the parts of it that are specified in the C-bindings document but which should have been generic from the first.

Given the publication of RFC5056 we now assert that all new GSS-API mechanisms that support channel binding MUST conform to .

The base GSS-API v2, update 1 specification provides a facility for channel binding. It models channel bindings as an OCTET STRING and leaves it to the GSS-API v2, update 1 C-Bindings specification to specify the structure of the contents of the channel bindings OCTET STRINGs. The C-Bindings specification then defines, in terms of C, what should have been a generic structure for channel bindings. The Kerberos V GSS mechanism also defines a method for encoding GSS channel bindings in a way that is independent of the C-Bindings -- otherwise the mechanism's channel binding facility would not be useable with other language bindings. In other words, the structure of GSS channel bindings given in is actually generic, rather than specific to the C programming language.

Here, then, is a generic re-statement of this structure, in pseudo-ASN.1: The values for the address fields are described in . New language-specific bindings of the GSS-API SHOULD specify a language-specific formulation of this structure. Where a language binding of the GSS-API models channel bindings as OCTET STRINGs (or the language's equivalent), then the implementation MUST assume that the given bindings correspond only to the application-data field of GSS-CHANNEL-BINDINGS as shown above, rather than some encoding of GSS-CHANNEL-BINDINGS. As mentioned above, describes an encoding of the above GSS-CHANNEL-BINDINGS structure, and then hashes that encoding. Other GSS-API mechanisms are free to use that encoding.

There are no IANA considerations in this document.

For general security considerations relating to channel bindings see . Language bindings that use OCTET STRING (or equivalent) for channel bindings will not support the use of network addresses as channel bindings. This should not cause any security problems, as the use of network addresses as channel bindings is not generally secure. However, it is important that "end-point channel bindings" not be modelled as network addresses, otherwise such channel bindings may not be useable with all language bindings of the GSS-API.