Re: [Emu] Potential Notes in EAP-FAST Documents
Jouni Malinen <j@w1.fi> Wed, 11 February 2009 20:13 UTC
Return-Path: <j@w1.fi>
X-Original-To: emu@core3.amsl.com
Delivered-To: emu@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E94133A6C08; Wed, 11 Feb 2009 12:13:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.846
X-Spam-Level:
X-Spam-Status: No, score=-0.846 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6McVF7TzfjRi; Wed, 11 Feb 2009 12:13:27 -0800 (PST)
Received: from jmalinen.user.openhosting.com (128-177-27-249.ip.openhosting.com [128.177.27.249]) by core3.amsl.com (Postfix) with ESMTP id F1AE13A6B0B; Wed, 11 Feb 2009 12:13:26 -0800 (PST)
Received: from jm (a91-155-82-88.elisa-laajakaista.fi [91.155.82.88]) (authenticated bits=0) by jmalinen.user.openhosting.com (8.13.8/8.13.8) with ESMTP id n1BKDJKO031777 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Feb 2009 15:13:20 -0500
Received: by jm (sSMTP sendmail emulation); Wed, 11 Feb 2009 22:13:20 +0200
Date: Wed, 11 Feb 2009 22:13:20 +0200
From: Jouni Malinen <j@w1.fi>
To: Tim Polk <tim.polk@nist.gov>
Message-ID: <20090211201320.GA22148@jm.kir.nu>
References: <BLU137-W531ACB9BE00127DB8595D993C30@phx.gbl> <808FD6E27AD4884E94820BC333B2DB7727E78F274C@NOK-EUMSG-01.mgdnok.nokia.com> <006c01c98781$5d6b8bf0$1842a3d0$@net> <808FD6E27AD4884E94820BC333B2DB7727E78F2B67@NOK-EUMSG-01.mgdnok.nokia.com> <003201c9880d$e8160780$b8421680$@net> <DF99D1BF-7A3A-41C6-B161-FD609410DE59@nist.gov>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <DF99D1BF-7A3A-41C6-B161-FD609410DE59@nist.gov>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: emu@ietf.org, "iesg@ietf.org IESG" <iesg@ietf.org>
Subject: Re: [Emu] Potential Notes in EAP-FAST Documents
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2009 20:13:28 -0000
On Wed, Feb 11, 2009 at 09:26:14AM -0500, Tim Polk wrote: > Second, I will be offering the following text for IESG notes on both > documents. The > notes clearly state the drawbacks for EAP type code reuse and define an > acceptable > path for future protocol developers. This looks like an appropriate text to add. However, I would request a small clarification on the exact scope of the different EAP-MSCHAPv2 and EAP-GTC behavior. As far as EAP-FAST-MSCHAPv2 vs. EAP-MSCHAPv2 is concerned, I would expect that EAP-FAST-MSCHAPv2 is actually used both for unauthenticated (anonymous) and server-authenticated provisioning while the proposed note seemed to indicate that the different behavior is implied by the use of an anonymous tunnel. See below for suggested changes to resolve this. I'm assuming that the implicit challenges derived from the TLS handshake are not used in the EAP-FAST authentication, i.e., normal authentication would be using something that is closer to EAP-MSCHAPv2, not EAP-FAST-MSCHAPv2. However, I think that even that use of EAP-MSCHAPv2 differs a bit from the way it is used in other protocols, e.g., as far as key derivation is concerned, but this would have been more of a comment for RFC 4851 than these two drafts that are now discussed. Anyway, since the key derivation from inner method is used also during provisioning, it would be useful to specify the exact process used to derive ISK from EAP-FAST-MSCHAPv2 (especially the order of send/recv MS-MPPE keys which seems to differ from the way this is used in PEAPv0 with cryptobinding). > ------ draft-cam-winget-eap-fast-provisioning ----- > The EAP method EAP-FAST-MSCHAPv2 reuses the EAP type code assigned to > EAP-MSCHAPv2 (26) for authentication within an anonymous TLS tunnel. s/an anonymous TLS tunnel/the EAP-FAST tunnel during provisioning/ > In > order to minimize the risk associated with an anonymous tunnel, > changes > to the method were made that are not interoperable with EAP- > MSCHAPv2. This use of "anonymous tunnel" sounds fine. > Since EAP-MSCHAPv2 does not support method-specific version > negotiation, > the use of EAP-FAST-MSCHAPv2 is implied by the use of an anonymous > EAP-FAST tunnel. s/of an anonymous EAP-FAST tunnel/inside the EAP-FAST tunnel during provisioning/ > This behavior may cause problems in > implementations > where the use of unaltered EAP-MSCHAPv2 is needed inside an > anonymous > EAP-FAST tunnel. Since such support requires special case execution > of > a method within a tunnel, it also complicates implementations that > use > the same method code both within and outside of the tunnel > method. That "anonymous" should likely be replaced, too, but I don't have a good proposal for this one. Maybe s/an anonymous/the/ The implementation complexity comes both from different tunneling methods using different versions of EAP-MSCHAPv2 and from the different use within EAP-FAST depending on state (provisioning vs. authentication). > ---- draft-zhou-emu-fast-gtc ------ > Since > EAP-GTC does not support method-specific version negotiation, the > use of > EAP-FAST-GTC is implied when used inside the EAP-FAST tunnel during > authentication. s/ during authentication// I'm not sure whether this "during authentication" was referring to the case where EAP-FAST provisioning is not used (i.e., normal authentication after PAC has been previously provisioned). Anyway, it is probably clearer to just specify that EAP-FAST-GTC is used in all cases inside EAP-FAST tunnel since the draft seems to indicate that this is indeed the case (just note that EAP-FAST-GTC is not allowed in unauthenticated/anonymous provisioning, but it is allowed in server-authenticated provisioning). -- Jouni Malinen PGP id EFC895FA
- Re: [Emu] Potential Notes in EAP-FAST Documents Jari Arkko
- [Emu] Potential Notes in EAP-FAST Documents The IESG
- Re: [Emu] Potential Notes in EAP-FAST Documents Chris Hessing
- Re: [Emu] Potential Notes in EAP-FAST Documents Glen Zorn
- Re: [Emu] Potential Notes in EAP-FAST Documents Dorothy Stanley
- Re: [Emu] Potential Notes in EAP-FAST Documents David Mitton
- Re: [Emu] Potential Notes in EAP-FAST Documents Dan Harkins
- Re: [Emu] Potential Notes in EAP-FAST Documents Hao Zhou (hzhou)
- Re: [Emu] Potential Notes in EAP-FAST Documents Glen Zorn
- Re: [Emu] Potential Notes in EAP-FAST Documents Bernard Aboba
- Re: [Emu] Potential Notes in EAP-FAST Documents Glen Zorn
- Re: [Emu] Potential Notes in EAP-FAST Documents Pasi.Eronen
- Re: [Emu] Potential Notes in EAP-FAST Documents Jari Arkko
- Re: [Emu] Potential Notes in EAP-FAST Documents Dan Harkins
- Re: [Emu] Potential Notes in EAP-FAST Documents Pasi.Eronen
- Re: [Emu] Potential Notes in EAP-FAST Documents Jari Arkko
- Re: [Emu] Potential Notes in EAP-FAST Documents Dan Harkins
- Re: [Emu] Potential Notes in EAP-FAST Documents Glen Zorn
- Re: [Emu] Potential Notes in EAP-FAST Documents Glen Zorn
- Re: [Emu] Potential Notes in EAP-FAST Documents Pasi.Eronen
- Re: [Emu] Potential Notes in EAP-FAST Documents Pasi.Eronen
- Re: [Emu] Potential Notes in EAP-FAST Documents Glen Zorn
- Re: [Emu] Potential Notes in EAP-FAST Documents Dan Harkins
- Re: [Emu] Potential Notes in EAP-FAST Documents Nancy Cam-Winget (ncamwing)
- Re: [Emu] Potential Notes in EAP-FAST Documents Glen Zorn
- Re: [Emu] Potential Notes in EAP-FAST Documents Glen Zorn
- Re: [Emu] Potential Notes in EAP-FAST Documents Yoshihiro Ohba
- Re: [Emu] Potential Notes in EAP-FAST Documents Tim Polk
- Re: [Emu] Potential Notes in EAP-FAST Documents gabriel montenegro
- Re: [Emu] Potential Notes in EAP-FAST Documents Bernard Aboba
- Re: [Emu] Potential Notes in EAP-FAST Documents Jouni Malinen
- Re: [Emu] Potential Notes in EAP-FAST Documents Glen Zorn
- Re: [Emu] Potential Notes in EAP-FAST Documents Hao Zhou (hzhou)
- Re: [Emu] IANA allocation issue in EAP-FAST Docum… Bernard Aboba
- Re: [Emu] IANA allocation issue in EAP-FAST Docum… Glen Zorn
- Re: [Emu] IANA allocation issue in EAP-FAST Docum… Dan Harkins
- Re: [Emu] IANA allocation issue in EAP-FAST Docum… Dan Harkins
- Re: [Emu] Potential Notes in EAP-FAST Documents Jouni Malinen
- Re: [Emu] Potential Notes in EAP-FAST Documents Tim Polk
- Re: [Emu] Potential Notes in EAP-FAST Documents Glen Zorn