[Ecrit] Review of draft-schulzrinne-ecrit-unauthenticated-access-07.txt
"Bernard Aboba" <bernard_aboba@hotmail.com> Mon, 22 March 2010 17:28 UTC
Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: ecrit@core3.amsl.com
Delivered-To: ecrit@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1607E3A69B5; Mon, 22 Mar 2010 10:28:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.259
X-Spam-Level:
X-Spam-Status: No, score=0.259 tagged_above=-999 required=5 tests=[AWL=-0.873, BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2z9Tdf8EXulR; Mon, 22 Mar 2010 10:28:24 -0700 (PDT)
Received: from blu0-omc3-s37.blu0.hotmail.com (blu0-omc3-s37.blu0.hotmail.com [65.55.116.112]) by core3.amsl.com (Postfix) with ESMTP id A12053A6945; Mon, 22 Mar 2010 10:28:23 -0700 (PDT)
Received: from BLU137-DS5 ([65.55.116.74]) by blu0-omc3-s37.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 22 Mar 2010 10:28:41 -0700
X-Originating-IP: [130.129.27.170]
X-Originating-Email: [bernard_aboba@hotmail.com]
Message-ID: <BLU137-DS5389EC3A6E15E30476D4893270@phx.gbl>
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: ecrit@ietf.org, emu@ietf.org
Date: Mon, 22 Mar 2010 10:29:11 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01CAC9AA.834AEF70"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcrJ5S9V+44Ade6BSs+9gZS1IXfNYg==
Content-Language: en-us
X-OriginalArrivalTime: 22 Mar 2010 17:28:41.0088 (UTC) FILETIME=[1D5E1800:01CAC9E5]
Subject: [Ecrit] Review of draft-schulzrinne-ecrit-unauthenticated-access-07.txt
X-BeenThere: ecrit@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <ecrit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ecrit>
List-Post: <mailto:ecrit@ietf.org>
List-Help: <mailto:ecrit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Mar 2010 17:28:36 -0000
Looking over -07, it does not appear that the review comments on -06 were addressed. In addition, the presentation to ECRIT today referred to "no objections" to use of a decorated NAI to signal emergency usage. It's not clear to me why this is necessary (e.g. why use of an "emergency" user name wouldn't work), or whether the implications for deployment are understood, given that decoration may require specialized proxy handling and potential changes to AAA servers. By referring to use of non-existent domains (e.g. emergency.com) and a requirement for new EAP methods, and now adding a decorated NAI requirement, this draft is creating unnecessary barriers to gaining network access for the purposes of making an emergency call. I'd suggest that the document rethink the approach, and focus on enabling unauthenticated emergency access with as few changes to existing standards as possible. -----Original Message----- Joe Salowey said: "I agree with Bernard's comments on section 6 of this draft. I would like to emphasize the following: - I'm a bit concerned about using an EAP method type to indicate emergency authentication. The EAP method type should be orthogonal to whether emergency access is requested or not. Combining the two will cause and artificial linkages between the two and likely cause problems down the road. For this reason I am strongly against options 2.a and 2.c in section 6.2. - In section 6.3, I don't think that anonymous cipher suites or publically known shared keys are a good idea. In general, a server authenticated method using public key certificates can be used. If the client is in an emergency it can forgo certificate validation to get access. If it knows the trust root then it can validate it." -----Original Message----- From: ecrit-bounces at ietf.org [mailto:ecrit-bounces at ietf.org] On Behalf Of Bernard Aboba Sent: Tuesday, November 10, 2009 5:41 PM To: 'ECRIT' Subject: [Ecrit] Comments on Section 6 of draft-schulzrinne-ecrit-unauthenticated-access Section 6 " signaling allows an IEEE 802.1X to occur without exchanging cryptogrpahic keys" [BA] Not sure what this is saying. In IEEE 802.1X-2004, there is no encryption supported. However, EAP is still run. This can include methods that don't generate keys (e.g. EAP-MD5). But the issue here is client unauthenticated access, not key generation, right? Section 6.1 " In general, link layer emergency indications provide good integration into the actual network access procedure regarding the enabling of means to recognize and prioritize an emergency service request from an end host at a very early stage of the network attachment procedure. However, support in end hosts for such methods cannot be considered to be commonly available." [BA] I'm not sure what this is referring to. If it's referring to QoS, those mechanisms are independent of emergency indications (e.g. WFA WMM). If it's talking about higher layer emergency service prioritization, that's also independent of the lower layer. So what exactly is a host expected to do at the lower layer to distinguish an emergency call? Section 6.2 "In normal operation, EAP related information will only be recognized in the NAS. Any entity residing between end host and NAS should not be expected to understand/parse EAP messages." [BA] The EAP architecture requires the NAS to be EAP-method agnostic if it's acting as a pass-through. So even the NAS can't be depended upon to understand/parse EAP methods. But why would it need to? " 1.b) Emergency NAI: The NAI comes with a realm or username part indicating emergency (e.g. 'emergency at emergency.com'). An advantage of this method for NAA cases is that no new requirements are put on the involved signaling procedures. Only the identity used for network entry is impacted. Potential disadvantages include that different methods to indicate emergency for NAA cases and standard emergency network attachments may be required. Also, modifying the NAI itself (the username at realm part) may conflict with network selection and network entry procedures, depending on the actual access network." [BA] There are two distinct ideas being presented here. One is to define an emergency user name (e.g. "emergency"); another is to define an emergency domain (e.g. "emergency.com"). The former concept may make sense, but the latter one is dangerous since existing systems not including the emergency realm in their routing tables may just return an error. So the question is what realm should be used, if any. The problem with including any realm is that it assumes realm reachability. If reachability doesn't exist, then the host will get an error. If there is no realm, then the local realm needs to recognize the emergency username, and utilize an appropriate EAP method that allows client unauthenticated access. > " 2) Emergency EAP method An emergency indication can be given by using a dedicated EAP method that is reserved for emergency network attachment only." [BA] Why is a dedicated EAP method needed for emergency access? EMU WG has already discussed this and come up with mechanisms that would allow client unauthenticated access from any TLS-based method (e.g. server side either doesn't ask for a client cert, or accepts the client not providing one). That mechanism is supported in RFC 5216, and can also be applied to existing methods such as EAP FAST, EAP TTLSv0, PEAP, etc. In effect, the only real constraint here is that a local network advertising support for emergency calling needs to support one or more of these methods. " 2.a) Existing EAP method with new type: An existing EAP method may be used. EAP methods themselves typically do not support emergency indication. One option would be to pick a common EAP method like EAP-TLS and allocate a new method type for the same method that is exclusively reserved to emergency use. Such EAP method should be chosen in a way that the same method can support NAA cases as well as standard emergency network attachment." > Given that RFC 5216 already supports client-unauthenticated anonymous access (see Sections 2.1.4 and 2.2), why is it necessary to request allocation of a new method type? " 2.b) Existing EAP method: Same as 2a), but without assigning a new EAP method type for emergency. In this case some implicit indication must be used. For example, in cases where EAP-TLS is used in network attachment in combination with client certificates, the absence of a client certificate could be interpreted by the network as a request for emergency network attachment." > [BA] The combination of an emergency NAI *and* the absence of a client certificate would be considered a request for emergency attachment. If an NAI corresponding to an existing account is used, then normal policies will apply (which would probably require authenticated access). " 2.c) Emergency EAP method: A new EAP method could be defined that is specifically designed for emergency network entry in NAA cases. Most likely, such EAP method would not be usable for standard emergency network attachment with an existing subscription. Such dedicated emergency EAP method should be key-generating in compliance with RFC3748 <http://tools.ietf.org/html/rfc3748 to enable the regular air interface security methods even in unauthenticated operation." [BA] Since any TLS-based method can potentially support client- unauthenticated access, it's not clear to me that there is a good case for creating yet another method. Section 6.3 " Therefore, for network attachment that is by default based on EAP authentication it is desirable also for NAA network attachment to use a key-generating EAP method (that provides an MSK key to the authenticator to bootstrap further key derivation for protecting the wireless link)." [BA] Where key generation is required (e.g. WPA/WPA2 enterprise) you don't really have a choice. " 2) Null authentication: an EAP method is performed. However, no credentials specific to either the server or the device or subscription are used as part of the authentication exchange. An example for this would be an EAP-TLS exchange with using the TLS_DH_anon (anonymous) ciphersuite. Alternatively, a publicly available static key for emergency access could be used. In the latter case, the device would need to be provisioned with the appropriate emergency key for the IAP/ISP in advance." [BA] WPA/WPA2 enterprise mode and PSK mode are distinct; PSK mode only uses the 4-way handshake, not EAP. " 3) Device authentication: This case extends the server-only authentication case. If the device is configured with a device certificate and the IAP/ISP EAP server can rely on a trusted root allowing the EAP server to verify the device certificate, at least the device identity (e.g. the MAC address) can be authenticated by the IAP/ISP in NAA cases. An example for this are WiMAX devices that are shipped with device certificates issued under the global WiMAX device public-key infrastructure. To perform unauthenticated emergency calls, if allowed by the IAP/ISP, such devices perform EAP- TLS based network attachment with client authentication based on the device certificate." > IEEE 802.1ar might also be an example of this.
- [Ecrit] Review of draft-schulzrinne-ecrit-unauthe… Bernard Aboba
- Re: [Ecrit] [Emu] Review ofdraft-schulzrinne-ecri… Kroeselberg, Dirk (NSN - DE/Munich)