Re: [abfab] AD review of draft-ietf-abfab-arch-09
Sam Hartman <hartmans@painless-security.com> Mon, 16 December 2013 16:48 UTC
Return-Path: <hartmans@painless-security.com>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46EE01AE062 for <abfab@ietfa.amsl.com>; Mon, 16 Dec 2013 08:48:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.438
X-Spam-Level:
X-Spam-Status: No, score=-2.438 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.538] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GXAFR9eGhQgD for <abfab@ietfa.amsl.com>; Mon, 16 Dec 2013 08:48:30 -0800 (PST)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id C6FDF1ADF50 for <abfab@ietf.org>; Mon, 16 Dec 2013 08:48:30 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 8D0D0205DB; Mon, 16 Dec 2013 11:47:06 -0500 (EST)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SX4fcZfvMG_A; Mon, 16 Dec 2013 11:47:06 -0500 (EST)
Received: from carter-zimmerman.suchdamage.org (unknown [10.1.10.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Mon, 16 Dec 2013 11:47:06 -0500 (EST)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id CC9A082862; Mon, 16 Dec 2013 11:48:28 -0500 (EST)
From: Sam Hartman <hartmans@painless-security.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <52AF2A4C.5000304@cs.tcd.ie>
Date: Mon, 16 Dec 2013 11:48:28 -0500
In-Reply-To: <52AF2A4C.5000304@cs.tcd.ie> (Stephen Farrell's message of "Mon, 16 Dec 2013 16:29:00 +0000")
Message-ID: <tsl1u1cvj1f.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: "<abfab@ietf.org>" <abfab@ietf.org>
Subject: Re: [abfab] AD review of draft-ietf-abfab-arch-09
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab/>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Dec 2013 16:48:33 -0000
>>>>> "Stephen" == Stephen Farrell <stephen.farrell@cs.tcd.ie> writes: Stephen> (1) Am I reading this right? 4.2.2 says: "The EAP MSK is Stephen> transported between the IdP and the RP over the AAA Stephen> infrastructure, for example through RADIUS headers. This Stephen> is a particularly important privacy consideration, as any Stephen> AAA Proxy that has access to the EAP MSK is able to decrypt Stephen> and eavesdrop on any traffic encrypted using that EAP MSK Stephen> (i.e. all communications between the Client and IdP)." Does Stephen> that mean that if a client authenticates with a password Stephen> say, then that password could be read after the fact by any Stephen> RP or AAA proxy involved in the transaction. Wouldn't that Stephen> be unacceptable, if e.g. the equivalent of web-bugs or Stephen> trackers could be inserted into a UI so as to get Stephen> first-shot before a user has authenticated? And that seems Stephen> to contradict step 7 in 1.4 unless those messages also go Stephen> via the RP, which is not shown in the diagram in 1.4. What Stephen> am I missing? Fortunately, I think you're reading this slightly wrong. Learning the MSK is not sufficient to snoop on traffic between the peer/client and IDP. Only on traffic between the peer/client AND RP. The issue is that if the peer-client use the MSK to encrypt traffic say using the GSS per-message services or the GSS PRF, that an attacker who learns the MSK can decrypt that traffic. They should not (and with EAP methods that are typically used are believed to be unable to) learn keys needed to observe the authentication conversation between peer/client and IDP. honestly, I consider proxies being able to observe session traffic to be quite bad from a perpass standpoint, thus my interest in adding DH between client/peer and RP.
- [abfab] AD review of draft-ietf-abfab-arch-09 Stephen Farrell
- Re: [abfab] AD review of draft-ietf-abfab-arch-09 Sam Hartman
- Re: [abfab] AD review of draft-ietf-abfab-arch-09 Stephen Farrell
- Re: [abfab] AD review of draft-ietf-abfab-arch-09 Sam Hartman
- Re: [abfab] AD review of draft-ietf-abfab-arch-09 Stephen Farrell
- Re: [abfab] AD review of draft-ietf-abfab-arch-09 Jim Schaad
- Re: [abfab] AD review of draft-ietf-abfab-arch-09 Stephen Farrell
- Re: [abfab] AD review of draft-ietf-abfab-arch-09 Sam Hartman
- Re: [abfab] AD review of draft-ietf-abfab-arch-09 Stephen Farrell