Re: [Call-home] draft now posted; BoF?
Wes Hardaker <wjhns1@hardakers.net> Thu, 29 September 2005 17:25 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EL2A2-0007XT-1V; Thu, 29 Sep 2005 13:25:34 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EL2A0-0007XO-OG for call-home@megatron.ietf.org; Thu, 29 Sep 2005 13:25:32 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA23708 for <call-home@ietf.org>; Thu, 29 Sep 2005 13:25:29 -0400 (EDT)
Received: from dcn236-43.dcn.davis.ca.us ([168.150.236.43] helo=wes.hardakers.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EL2Hg-00087f-1c for call-home@ietf.org; Thu, 29 Sep 2005 13:33:30 -0400
Received: by wes.hardakers.net (Postfix, from userid 274) id 5612A11D5D1; Thu, 29 Sep 2005 10:25:15 -0700 (PDT)
From: Wes Hardaker <wjhns1@hardakers.net>
To: j.schoenwaelder@iu-bremen.de
Subject: Re: [Call-home] draft now posted; BoF?
Organization: Sparta
References: <4337FBB5.4010701@cisco.com> <20050926210654.GA3067@boskop.local> <43391200.1020806@cisco.com> <sdy85iocsw.fsf@wes.hardakers.net> <20050927143210.GB1586@boskop.local> <sdirwmgp7r.fsf@wes.hardakers.net> <20050927215210.GA4997@boskop.local>
Date: Thu, 29 Sep 2005 10:25:14 -0700
In-Reply-To: <20050927215210.GA4997@boskop.local> (Juergen Schoenwaelder's message of "Tue, 27 Sep 2005 23:52:10 +0200")
Message-ID: <sdmzlvairp.fsf@wes.hardakers.net>
User-Agent: Gnus/5.110003 (No Gnus v0.3) XEmacs/21.4 (Jumbo Shrimp, linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b5d20af10c334b36874c0264b10f59f1
Cc: call-home@ietf.org
X-BeenThere: call-home@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion of issues relating to " call home" functionality and firewall traversal" <call-home.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/call-home>, <mailto:call-home-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/call-home>
List-Post: <mailto:call-home@ietf.org>
List-Help: <mailto:call-home-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/call-home>, <mailto:call-home-request@ietf.org?subject=subscribe>
Sender: call-home-bounces@ietf.org
Errors-To: call-home-bounces@ietf.org
>>>>> On Tue, 27 Sep 2005 23:52:10 +0200, Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de> said: Juergen> On Tue, Sep 27, 2005 at 02:44:56PM -0700, Wes Hardaker wrote: >> I promise you that user/pass credentials are not sent until after the >> user verifies that it's talking to a server it trusts. Asymmetric >> cryptography (X.509, eg) can be used independent of ordering but >> tacking on raw username and password through a negotiated tunnel can >> not. To do anything else would allow for man in the middle. Juergen> Can you translate that into something I can understand? How Juergen> can I mount a man in the middle attack if the client/server Juergen> roles are not determined by who sent the first SYN? Big if here, that you need to make sure is what I'm talking about: authentication of one half using a username/password that is not transformed via some puzzle and hashing function. EG, sending the password in the clear through the tunnel (the tunnel may be protecting the password from eavesdropping but it doesn't protect the other side from learning it if they didn't know it yet... more in a sec). Consider the case where a standard ssh client (user) connects to a ssh server. The first thing the ssh client does is check the information sent by the server, which includes the public key and related information (*): 1) sees if the public key sent by the server for: a) indeed matches a known host key previously seen b) and if that host key was seen from that particular address before c) and if that host key matches the transport you gave it (IE, if you have connected to host1 with address w.x.y.z before and now you're connecting to host2 with the same address (via a CNAME or renaming) ssh will still prompt you with the prompt of "you've never had this combination before because "host2" is new to me even though the transport address and key I've seen before)". 2) checks to see if the host can *prove* that it has the private side of the key by some computational puzzle. To put it in terms of SNMPv3/USM, something I know you grok, it's a similar process to how the agent verifies that the management side has the correct localized key because of how the authentication field is encoded using a hash of the message, the localized engine, and other data that changes from message to message. The protocol doesn't matter here. What matters is that the server has given proof to the client that it not only sent the public half of the key (IE, the identity) but it has also sent proof that it knows the secret half (IE, a cryptographic proof that it has the hidden parts of the material). Only *after* this point is a ssh client willing to ask the user for their password and send it to the server. This of course, assumes as mentioned above, that the password will be sent in the clear (unmodified/hashed/transformed) within the tunnel so that the agent side can look up the credentials via a local password store (a crypted /etc/passwd or md5 sum list or ...) or via a AAA scheme such as radius that requires the server to know the real unmodified password in order to answer the radius challenge. Again, for the third time, this only matters in cases where the password is indeed sent unmodified through the tunnel. But it's important to know that this happens a lot in todays world. Many people still use passwords and don't distribute ssh public keys to all the servers they use. Ok, back to call home. Let's reverse the situation. Let's assume that the server is now initiating the ssh connection. ssh and many other protocols *currently* mandate that the receiving side of the connection present their credentials first. If we truly reverse the connection above this means the management app will have to send the username/password to the agent before the agent has given proof that it's a trusted source to receive that password. What's to prevent any random joe from connecting to the call back transport address and saying "give me your password"? This setup isn't, of course, allowed in SSH or other protocols (TLS/SASL, IKE with EAP, ...) for this reason. The receiving side of that SYN you mentioned must always present their identity and proof of identity first before the connecting side will send user/password information. This is how it should be. What this means for callhome is that public/private keys will need to be used on both sides of the connection anytime call home is used. Or, we'll have to convince the transport (such as ssh) to allow authentication the connecting agent first before the manager sends a username/password. Ideally, we'd always be using asymmetric cryptography (public/private keys) on both sides of every connection. Unfortunately, the world doesn't do the exclusively yet today. We will either have to mandate that it will for CH or modify behavior of the transports today. -- "In the bathtub of history the truth is harder to hold than the soap, and much more difficult to find." -- Terry Pratchett _______________________________________________ Call-home mailing list Call-home@ietf.org https://www1.ietf.org/mailman/listinfo/call-home
- [Call-home] draft now posted; BoF? Eliot Lear
- Re: [Call-home] draft now posted; BoF? Juergen Schoenwaelder
- Re: [Call-home] draft now posted; BoF? Eliot Lear
- RE: [Call-home] draft now posted; BoF? Wijnen, Bert (Bert)
- Re: [Call-home] draft now posted; BoF? Wes Hardaker
- Re: [Call-home] draft now posted; BoF? Wes Hardaker
- Re: [Call-home] draft now posted; BoF? Juergen Schoenwaelder
- Re: [Call-home] draft now posted; BoF? Juergen Schoenwaelder
- Re: [Call-home] draft now posted; BoF? Josh Littlefield
- Re: [Call-home] draft now posted; BoF? David T. Perkins
- Re: [Call-home] draft now posted; BoF? David T. Perkins
- Re: [Call-home] draft now posted; BoF? Juergen Schoenwaelder
- [Call-home] Why not IPsec with IKEv2 + NAT-T? Pekka Nikander
- Re: [Call-home] Why not IPsec with IKEv2 + NAT-T? David T. Perkins
- Re: [Call-home] draft now posted; BoF? Eliot Lear
- Re: [Call-home] Why not IPsec with IKEv2 + NAT-T? Dean Willis
- Re: [Call-home] Why not IPsec with IKEv2 + NAT-T? Pekka Nikander
- Re: [Call-home] Why not IPsec with IKEv2 + NAT-T? Dean Willis
- Re: [Call-home] Why not IPsec with IKEv2 + NAT-T? Eliot Lear
- Re: [Call-home] draft now posted; BoF? Wes Hardaker
- Re: [Call-home] draft now posted; BoF? Juergen Schoenwaelder