Re: [abfab] Comments on draft-linus-abfab-ephemeral-keying-00
Linus Nordberg <linus@nordberg.se> Mon, 24 February 2014 16:41 UTC
Return-Path: <linus@nordberg.se>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6DA21A0208 for <abfab@ietfa.amsl.com>; Mon, 24 Feb 2014 08:41:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.601
X-Spam-Level:
X-Spam-Status: No, score=0.601 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_SE=0.35, RP_MATCHES_RCVD=-0.547, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bWJgrWCg8knz for <abfab@ietfa.amsl.com>; Mon, 24 Feb 2014 08:41:45 -0800 (PST)
Received: from smtp.nordberg.se (smtp.nordberg.se [193.10.5.87]) by ietfa.amsl.com (Postfix) with ESMTP id 162281A01E9 for <abfab@ietf.org>; Mon, 24 Feb 2014 08:41:44 -0800 (PST)
Received: from amnesia.nordberg.se (afo2.torproject.afo-tm.org [62.210.129.149]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.nordberg.se (Postfix) with ESMTPSA id D3F5911550; Mon, 24 Feb 2014 17:41:41 +0100 (CET)
From: Linus Nordberg <linus@nordberg.se>
To: Jim Schaad <ietf@augustcellars.com>
References: <07af01cf2cdd$761361d0$623a2570$@augustcellars.com>
Date: Mon, 24 Feb 2014 17:41:13 +0000
In-Reply-To: <07af01cf2cdd$761361d0$623a2570$@augustcellars.com> (Jim Schaad's message of "Tue, 18 Feb 2014 11:13:09 -0800")
Message-ID: <87vbw4pfwm.fsf@nordberg.se>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: http://mailarchive.ietf.org/arch/msg/abfab/6FoTupPnlsjsdSXGm1mL2zuZj9Q
Cc: draft-linus-abfab-ephemeral-keying@tools.ietf.org, abfab@ietf.org
Subject: Re: [abfab] Comments on draft-linus-abfab-ephemeral-keying-00
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab/>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2014 16:41:47 -0000
Jim, thanks for the comments and sorry for the delay. Things have improved for me since last week w.r.t. responsiveness. "Jim Schaad" <ietf@augustcellars.com> wrote Tue, 18 Feb 2014 11:13:09 -0800: | Section 2. - I am not sure if you are trying to restrict to the conversation | between the initiator and the acceptor based on the fact that you are | throwing in RADIUS. There is no RADIUS spoken here. I agree that this is confusing. Restricting to traffic between initiator and acceptor is not enough in this section even if the suggested solution is limited to adding additional encryption to that stretch. Changing section 2. to read --8<---------------cut here---------------start------------->8--- This section describes the information available to a passive observer of an {{I-D.ietf-abfab-arch}} authentication, working from the lowest layers of the protocol stack upwards. --8<---------------cut here---------------end--------------->8--- | Section 2.1 - para #2 - The first sentence is just wrong. No matter what | type of RADIUS you are using, intermediates always have access to the EAP | MSK. The difference between RADIUS/UDP and RADIUS/TLS or RADIUS/DTLS is the | question of how much passive intermediaries are going to be able to see | based on the use of a long term shared secret. True indeed, slip up. Fixed in upcoming -01. What does the list think of the use of RADIUS rather than AAA here? Should we be more generic? | Section 2.2 - Passive observers may also be able to fingerprint the client | based on TLS restart information. What does "TLS restart" mean in this context? Do you mean a RadSec client re-establishing a torn down connection? Or maybe TLS renegotiation? Or, most probably, something third that I'm not familiar with? | Section 2.3 - This should include exposing the realm of the user (or the | full user name in bad implementations). Do you refer to the "Mechanism Name", as described in RFC7055 section 3.1. or is user realm (and possibly name) carried somewhere else? | You say | | [ maybe expand on how TEAP [draft-ietf-emu-eap-tunnel-method | <http://tools.ietf.org/html/draft-ietf-emu-eap-tunnel-method> ] could | solve the problem of AAA proxies learning the MSK, impersonating the | RP ] | | I would be very interested in seeing how you think there could possibly be a | solution in this space. I can't see one. I will have to attend to this later. | There probably needs to be a nod to using an application level tunnel as | well. While I think that it might be nice to have this in the GSS-EAP | layer, we cannot ignore this as an option. Good idea.
- [abfab] Comments on draft-linus-abfab-ephemeral-k… Jim Schaad
- Re: [abfab] Comments on draft-linus-abfab-ephemer… Linus Nordberg
- Re: [abfab] Comments on draft-linus-abfab-ephemer… Jim Schaad
- Re: [abfab] Comments on draft-linus-abfab-ephemer… Linus Nordberg