IETF Logo Mail Archive

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

John Mattsson <john.mattsson@ericsson.com> Wed, 18 September 2019 13:21 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F045E12009E; Wed, 18 Sep 2019 06:21:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ga8pVKDBWzKc; Wed, 18 Sep 2019 06:21:07 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50083.outbound.protection.outlook.com [40.107.5.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0567120088; Wed, 18 Sep 2019 06:21:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=P2BoeB36cgbAfbdiGOdAReKXme6Z5wCC55F+5REFFXx6LspyFxM4AE9tucWVgMTN67MqVtW8SWDOXkklbOAa6xKbUANZHKMTw0rxgFEnIk39WgddNcUGzjeLnQgFLp++rE366I4yC9lxwnPVA8k0pdwH0oYh0HPBXg/FCENIx5Tx60ecjYS7DMEfHcK7MBIi44REhnuxA3+cjEUej/zzzzq8xHtTwqDb4NglJhe4PfkIy/wxg7Cw1DA/q21d6pO05dFjoddoKEZq4R2WTqhYenl6g62DOQcxOhFp7S3ZSYlo75ZDtbReEi3Btvb8u+moEMcrT2IShABLpiT13TmbzA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n67Oy77EB+pOlouvJvlMrFmOgzT1gB2YaGK4/XEWMcQ=; b=hD4BcQRjXS4rzlaujLnzLbh5CSh84e7uC5LL/WB/NUEe7iZ2OceH1lgJtnoCoN8jH4yNiJAy/Awus0p7xSIK6bxfMo5Y5q6nBdRv0w7eQ37O/Ptw4OL3c3dyvhc1QQUk7ifiI3sa1jjoGwemAYWX3kQX4uceWzzp1JXJvlM3qzb1zerNoG5Z/UFY2mUU361tMoZhWfkQjC8M4b0lvfmJJj0/Yr+GvjPOJPKa1EagYOs551Av9ggISlG7D/K2xZB9sQqB2KZJhF/tH3OcaAUgpDdwku44UHJAX35xJ1JjLJpS82gvfpwm5fE5uiHR9ezhRhkkV3T8Kc2AQ1ApxUtf5g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n67Oy77EB+pOlouvJvlMrFmOgzT1gB2YaGK4/XEWMcQ=; b=RzqUS1Pwry1sUUdq3cq9rO/QH2XeD2PFNXUdfBgY17tD0suGdcAy/D9slzBDYwroYUS4HvJjjcqGHhXpeGWREM8igJ8YwzG/hzWQ7eyIzSkqp9m8R+Je6c1OxaVe0+YxpoWX+ZUzcnplde2F/IVHqK2z1RA5RHWmH+piWCQt/8s=
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.165.153) by HE1PR07MB3227.eurprd07.prod.outlook.com (10.170.247.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.10; Wed, 18 Sep 2019 13:21:04 +0000
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef%6]) with mapi id 15.20.2284.009; Wed, 18 Sep 2019 13:21:03 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Alan DeKok <aland@deployingradius.com>, "Owen Friel (ofriel)" <ofriel@cisco.com>
CC: "draft-ietf-emu-eap-tls13@ietf.org" <draft-ietf-emu-eap-tls13@ietf.org>, EMU WG <emu@ietf.org>
Thread-Topic: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13
Thread-Index: AdVKJoKyKr1G5+9hQuKLAEK5rLYqPgfSdnOQAABeFAAABkCJgP//55mA//bAJjCAEoZ6AIAAJXeA
Date: Wed, 18 Sep 2019 13:21:03 +0000
Message-ID: <1FD26215-86AF-4C64-83ED-AB1D67D1937B@ericsson.com>
References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> <CY4PR1101MB22781AB8C8982ACF99B61544DB8E0@CY4PR1101MB2278.namprd11.prod.outlook.com> <DAE24683-2B66-40F1-AFC6-77250113B204@deployingradius.com>
In-Reply-To: <DAE24683-2B66-40F1-AFC6-77250113B204@deployingradius.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1d.0.190908
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [192.176.1.87]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8cdb98e3-4c06-4e00-a48d-08d73c3b0e78
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:HE1PR07MB3227;
x-ms-traffictypediagnostic: HE1PR07MB3227:
x-microsoft-antispam-prvs: <HE1PR07MB32275992F3995E0368F4C32B898E0@HE1PR07MB3227.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-forefront-prvs: 01644DCF4A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(13464003)(51444003)(189003)(199004)(66446008)(26005)(6506007)(64756008)(66556008)(5660300002)(66476007)(76116006)(6512007)(66946007)(25786009)(58126008)(54906003)(4326008)(14454004)(498600001)(102836004)(110136005)(76176011)(99286004)(66066001)(36756003)(33656002)(71200400001)(71190400001)(6246003)(6116002)(256004)(8676002)(229853002)(6486002)(81166006)(81156014)(53546011)(3846002)(305945005)(86362001)(7736002)(11346002)(486006)(8936002)(2906002)(2616005)(476003)(446003)(44832011)(6436002)(186003); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3227; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 41lCdSibZ2KKHhdDo5i9gLQNdGEPWKvVpVs+mD54Z+fldNhPsQErcsyEFnAj7FShkKh3DZm7fbuEvv6kaPYVoO0wTJ3KYs0w6Xh5yffuF3corB6keySebxtinh/PF8vdere16DMfCp7Hf9IX79JjF/lbTGmUdCzINTJW6+pDf5DGovlyBmsGSOVa8cFnEfgeiNRJP8Uny3Jpdj3fznheQN2hGeO+vzXdG7DglYBMRfSCaTC0BBqmWYd0KqYx/w3wwuFf5T/069GpbahzHWuVxQCbKawtwG/swlADr22ALHy5y0DsIuEiyXE1figFHhSY9iy8k5o+VezHr13KV6051l/Y7N62UaB/37PJ/50R0p2d3ead3b5cQ7WEiD0v7VxPVq18e6rZL82UTNz7ejBML0XwLicrDB/rg31PpAtCTaM=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <EE8FA8162E2DB44997DA950DA8E618DE@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8cdb98e3-4c06-4e00-a48d-08d73c3b0e78
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Sep 2019 13:21:03.8839 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: exVpv9da6N6Gj90iwYt6I8WGOAjH1hX7fn13ptS9qcrIxb6eHwPVY35JtSXNuIWdgoYEcE8RZQa5/NFLrqeryh5+hKPOk/TDiDn2+BE4KFo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3227
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/39C2RrZu8Ad97UFieo7LAtldiis>
Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Sep 2019 13:21:10 -0000

If I understand you correctly Alan, your implementation would have different databases (one resumption DB and one external PSK DB) and you do not want to do two database lookups. The format of the PSKidentities is free for the deployment to decide upon and the resumption PSKs can be completely be determined by the EAP-TLS implementation. Your implementation could for example put a message authentication code inside the PSK identity. The MAC would be calculated with a symmetric key the EAP server has randomly generated by itself. I think that would solve your problem.

I do not see how an attacker could do anything..... an attacker can definitely reuse any PSK identity, but would not have the corresponding PSK and the ClientHello would therefore not be accepted. The worst thing an attacker could do is to replay a ClientHello, then the handshake would fail then the EAP server verifies the Finished message.

I don't see why this would be more of a problem in EAP-TLS with TLS 1.3 that in any other application of EAP-TLS.

/John

-----Original Message-----
From: Alan DeKok <aland@deployingradius.com>
Date: Wednesday, 18 September 2019 at 15:07
To: "Owen Friel (ofriel)" <ofriel@cisco.com>
Cc: John Mattsson <john.mattsson@ericsson.com>, "draft-ietf-emu-eap-tls13@ietf.org" <draft-ietf-emu-eap-tls13@ietf.org>, EMU WG <emu@ietf.org>
Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

    On Sep 18, 2019, at 8:45 AM, Owen Friel (ofriel) <ofriel@cisco.com> wrote:
    > 
    >> 
    >>  Which means that if PSK was allowed, the server can't look at the packets to
    >> distinguish resumption from "raw" PSK.  Instead, the server has to look at it's
    >> resumption cache which may be in a DB.
    > 
    > The server can use the PskIdentity in the PreSharedKeyExtension to differentiate between an offline PSK used for authentication vs. a PSK established via NewSessionTicket.
    
      Please define "use".  As an implementor, I can't implement "my code USES a field".  I need to know what the code *does* with it.
    
      How does the code differentiate between PSK identities?  Are the identity formats different?  If so, how and why?
    
      What prevents a malicious attacker from "using" a format which matches an identity coming from NewSessionTicket?
    
      My understanding is that the code *cannot* make any decisions simply by looking at the PSK identity field.  Instead, it has to look at the resumption cache to see if a given PSK matches a cached one.  Or maybe the code looks in a DB to see if the given PSK is a real "end-user" PSK in the DB.
    
      Simply waving your hands and saying it "uses" a field is unhelpful.  Please give substantive feedback and/or advice about what the code *does*.
    
      Alan DeKok.

v2.23.0 | Report a Bug | By Email