[EAPEXT] RE: EAP Extensions Work
"Walker, Jesse" <jesse.walker@intel.com> Fri, 02 June 2006 21:58 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FmHf9-0005nl-Ji; Fri, 02 Jun 2006 17:58:35 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FmHf8-0005ng-7F for eapext@ietf.org; Fri, 02 Jun 2006 17:58:34 -0400
Received: from mga02.intel.com ([134.134.136.20] helo=orsmga101-1.jf.intel.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FmHf6-0001mz-MJ for eapext@ietf.org; Fri, 02 Jun 2006 17:58:34 -0400
Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga101-1.jf.intel.com with ESMTP; 02 Jun 2006 14:58:29 -0700
Received: from orsmsx331.jf.intel.com (HELO orsmsx331.amr.corp.intel.com) ([192.168.65.56]) by orsmga001.jf.intel.com with ESMTP; 02 Jun 2006 14:56:27 -0700
X-IronPort-AV: i="4.05,205,1146466800"; d="scan'208"; a="45095102:sNHT17073834155"
Received: from orsmsx416.amr.corp.intel.com ([10.22.226.46]) by orsmsx331.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211); Fri, 2 Jun 2006 14:56:27 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 02 Jun 2006 14:56:26 -0700
Message-ID: <102A51607473A4449F0D3E2EF6FFCAD6391263@orsmsx416.amr.corp.intel.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: EAP Extensions Work
thread-index: AcaF/8GytlC2Jf6rSmOvoB7xGQY4sgASxFVA
From: "Walker, Jesse" <jesse.walker@intel.com>
To: "Narayanan, Vidya" <vidyan@qualcomm.com>, "Blumenthal, Uri" <uri.blumenthal@intel.com>, "Iyer, Prakash" <prakash.iyer@intel.com>
X-OriginalArrivalTime: 02 Jun 2006 21:56:27.0293 (UTC) FILETIME=[65CBACD0:01C6868F]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b2809b6f39decc6de467dcf252f42af1
Cc: eapext@ietf.org
Subject: [EAPEXT] RE: EAP Extensions Work
X-BeenThere: eapext@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: EAP Extensions <eapext.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/eapext>, <mailto:eapext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/eapext>
List-Post: <mailto:eapext@ietf.org>
List-Help: <mailto:eapext-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/eapext>, <mailto:eapext-request@ietf.org?subject=subscribe>
Errors-To: eapext-bounces@ietf.org
Vidya, As per your request, here are some comments on the EAPEXT charter: 1. The second paragraph begins: ...for fast EAP re-authentication... Is there a better word than "fast?" When the server is remote, there may be nothing fast about the operation. And is it really re-authentication? In all of the designs I am aware of, the MSK and EMSK are ephemeral state used for authorization, not authentication; this ephemeral state used for authorization is a by-product of authentication. I would be happy with ...for reauthorization... instead. I would make the same kind of change throughout the charter. 2. The second paragraph concludes with: Channel binding ensures that the peer and the server have the same understanding about the network access server (NAS), including its identity, advertised capabilities and services. This has zero utility from a security perspective. The peer has no knowledge that the NAS is valid, but EAP provides it with a security relationship with the server. Similarly, the NAS has no knowledge that the peer is valid, but EAP presumes a security relationship between the NAS and the server. The one and only party in any position to attest to the NAS that the peer is valid is the server. Similarly, the one and only party that is in any position to vouch for the identity of the NAS to the peer is the server. So, this should read: Channel binding will be (re)defined to allow the server to attest to the peer identity to the NAS and to the NAS identity to the peer, plus (pick your favorite attributes here). People are likely to push back and say something like "No, Jesse, you don't understand. The NAS can be in a foreign domain and unknown to the NAS." In response I will say that no security relationship between the NAS and the peer is possible in such a case, because, since the server is explicitly assumed to not know anything about security posture of the NAS, it has absolutely no business distributing a key based on the peer's EMSK to the NAS. Distributing one of the peer's keys to the NAS presupposes a relationship between the NAS and the server that assures the server that the NAS is controlled by a known good guy instead of by Hackers-R-Us, i.e., that exposure of the peer's key to the NAS does not compromise the key. It also presupposes a channel between the NAS and the server that will not expose the key to any other party. People will complain about the word "any," but their complaint does not change the assumption made by EAP. There is an implication here that "defining and scoping channel binding as defined in the EAP keying framework" may not be the correct goal. If channel bindings is defined to support attestation by the server of the peer and the NAS identities to the NAS and the peer, then this is indeed correct. If channel bindings is not defined to support attestation of the NAS and peer identities to the peer and NAS, then it might be better to write "defining or extending channel binding as defined in the EAP keying framework." I think more discussion will be necessary to understand whether the channel bindings concept support the attestation needs, so the charter should not preclude the working group from doing work required to make security work. 3. Bullet 2 of the charter says Specification of EMSK usage. This specification will define the derivation of root keys from the EMSK for specific purposes. Since it is infeasible (and undesirable) to specify every possible usage, what is meant is probably more along the lines of Specification of rules governing EMSK usage. This specification will define guidelines governing the derivation of keys from the EMSK for specific applications. And why is Bullet 3 different from Bullet 2? Maybe I don't understand what Bullet 2 is really about. 4. Bullet 4 of the charter is a complete mystery to me. This Bullet alludes to three applications of the EMSK derivation, but does not provide even a summary motivation as to why these are important applications to consume the other work or why the EAPEXT Working Group is the appropriate home for this work. Yes, you're right; I should read the motivation document, but I think that experience amply shows there is a problem if the motivation for doing work is not immediately obvious from the charter. It is not at all evident why any of these three applications should fall within this group. Hopefully some of this will be helpful to you. Thanks. -- Jesse > -----Original Message----- > From: Narayanan, Vidya [mailto:vidyan@qualcomm.com] > Sent: Thursday, June 01, 2006 9:48 PM > To: Blumenthal, Uri; Walker, Jesse; Iyer, Prakash > Cc: Dondeti, Lakshminath > Subject: EAP Extensions Work > > Jesse, Prakash, Uri, > You may have seen the email that we had sent out on the creation of a > mailing list to discuss next steps on EAP keying (on the IETF mailing > list). We would very much like to get your input on the charter that we > have put together as next steps in this space. We would greatly > appreciate if you could share your thoughts on the list so that we can > have some technical decisions with input from people knowledgeable in > this space. > > You can subsrcibe to the list via > https://www1.ietf.org/mailman/listinfo/eapext. > > The charter and motivation can be found at: > > http://www.geocities.com/hellovidya/EAPExt_charter.txt > http://www.geocities.com/hellovidya/EAPExt_motivation.txt > > Thanks in advance for taking the time to provide any comments. > > Regards, > Vidya _______________________________________________ EAPEXT mailing list EAPEXT@ietf.org https://www1.ietf.org/mailman/listinfo/eapext
- [EAPEXT] RE: EAP Extensions Work Walker, Jesse
- [EAPEXT] RE: EAP Extensions Work Narayanan, Vidya