IETF Logo Mail Archive

[babel] babel-dtls: verifying "authentication"

"STARK, BARBARA H" <bs7652@att.com> Wed, 09 January 2019 21:42 UTC

Return-Path: <bs7652@att.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDB1B12DD85 for <babel@ietfa.amsl.com>; Wed, 9 Jan 2019 13:42:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.601
X-Spam-Level:
X-Spam-Status: No, score=-0.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_DYNAMIC=2, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VAPUoA4-YaDh for <babel@ietfa.amsl.com>; Wed, 9 Jan 2019 13:42:53 -0800 (PST)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9409B130FCB for <babel@ietf.org>; Wed, 9 Jan 2019 13:42:53 -0800 (PST)
Received: from pps.filterd (m0049463.ppops.net [127.0.0.1]) by m0049463.ppops.net-00191d01. (8.16.0.22/8.16.0.22) with SMTP id x09LRWXn014949; Wed, 9 Jan 2019 16:42:52 -0500
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0049463.ppops.net-00191d01. with ESMTP id 2pwqkttxpb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 09 Jan 2019 16:42:52 -0500
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id x09LgpYx029368; Wed, 9 Jan 2019 16:42:51 -0500
Received: from zlp30484.vci.att.com (zlp30484.vci.att.com [135.47.91.179]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id x09LgmbW029337; Wed, 9 Jan 2019 16:42:48 -0500
Received: from zlp30484.vci.att.com (zlp30484.vci.att.com [127.0.0.1]) by zlp30484.vci.att.com (Service) with ESMTP id E4ED54013D37; Wed, 9 Jan 2019 21:42:48 +0000 (GMT)
Received: from GAALPA1MSGHUBAF.ITServices.sbc.com (unknown [130.8.218.155]) by zlp30484.vci.att.com (Service) with ESMTPS id 721CE400037E; Wed, 9 Jan 2019 21:42:48 +0000 (GMT)
Received: from GAALPA1MSGUSRBF.ITServices.sbc.com ([169.254.5.5]) by GAALPA1MSGHUBAF.ITServices.sbc.com ([130.8.218.155]) with mapi id 14.03.0415.000; Wed, 9 Jan 2019 16:42:47 -0500
From: "STARK, BARBARA H" <bs7652@att.com>
To: 'David Schinazi' <dschinazi.ietf@gmail.com>
CC: Babel at IETF <babel@ietf.org>
Thread-Topic: babel-dtls: verifying "authentication"
Thread-Index: AdSoVYQo0/ay4EhYQw+N2cLNVC6kSA==
Date: Wed, 09 Jan 2019 21:42:47 +0000
Message-ID: <2D09D61DDFA73D4C884805CC7865E6114DF8A154@GAALPA1MSGUSRBF.ITServices.sbc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.70.217.171]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-01-09_10:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1901090171
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/To6hyvPFZY6Y_rJZ-zFh9oEPf24>
Subject: [babel] babel-dtls: verifying "authentication"
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jan 2019 21:42:55 -0000

I read the draft and think the last paragraph of 2.1 could do with a little more verbiage as to what "fails to verify the peer's authentication" means, since it's part of a "MUST" normative statement. I also don't think the word "authentication" is used consistently or (in some cases) correctly. I think of "authentication" as a process.

I find "request client authentication" and "verify the peer's authentication" to be odd uses of the word "authentication", and not consistent with my understanding of the word. I would suggest something like "request client certificate" (consistent with the name of the message that is sent) or "request client credentials" for the first phrase. And perhaps "validate the peer's certificate" or "validate the peer's credentials" for the second. Unless you mean something different by "verify" vs. "validate" here. 

Will only X.509 certificate keys be allowed, or will "DH_anon" key exchange be allowed? 

Here are the possible things that are sometimes done as part of certificate validation, that I think this phrase is potentially referring to:
1. Ensure the certificate validDate is not in the past. This check should only be done if the implementation thinks the underlying system has acquired a good current time (i.e., it runs a NTP client and getting the current datetime via NTP has succeeded, or the current datetime has been configured). 
2. Check the certificate's chain of trust for a trusted CA. This would mean there is a configured set of trusted CAs.
3. Check if the certificate has been revoked. This is often not done, but might not be a bad idea the first time the certificate is seen.
4. Check if this identical certificate is included in a store of trusted certificates (either it was previously trusted and stored or the store is configured).
5. Check some aspect of "identity". Is there some characteristic of the peer that is expected to be stable wrt a certificate? For example, would the same certificate always originate from the same MAC address or LL IPv6 address? 
6. If a TOFU (trust on first use) policy is supported, what exactly should be trusted (and what should not be trusted)? I do like allowing for a TOFU policy (if an implementation chooses to support one). If it is allowed, I would suggest something like the cert is TOFU if the IPv6 LL address hasn't been seen before (new neighbor). After that it always has to use the same cert. When changing certs, send old and new cert together for some time, so new cert is associated with trusted old cert.

Presumably, a device might be configured with a new certificate at some point (like when the old one expires). Will the new certificate be considered the same neighbor if the "identity" matches (see item 5 for question on determining identity)? If you get a request for a new DTLS session and already have a session for that "identity" (IPv6 LL address?) with a different certificate, what do you do?

If there is already a DTLS connection using a provided certificate, what do you do if you get a request for a new DTLS session using the same certificate? Tear down the old one?

With all this said. I think it might be enough if the draft had statements like:
"The key exchange mechanism used MUST require use of X.509 certificates." (if this is the intent)
"Certificate validation MUST be done according to internal policy. Characteristics of certificates that MAY be used for validation include the validDate, the Certificate Authority (CA) chain of trust, inclusion in a revocation list, prior determination of trust, and whether the IPv6 link local address is the same as in prior uses of the certificate. A trust on first use (TOFU) model MAY be supported, with policy defined by the implementation. Any TOFU policy MUST, at a minimum, ensure that a given certificate is only ever used from a single IPv6 link local address (neighbor) and fail an unknown certificate used for an IPv6 link local address already associated with a trusted certificate. "
"When new certificates are issued, they SHOULD be sent together with the old certificate prior to the old certificate's expiration or revocation, so it is possible for the new certificate to inherit any trust associated with the old certificate."

Or make certificate validation a SHOULD. ☹
Barbara

v2.23.0 | Report a Bug | By Email