IETF Logo Mail Archive

Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls13

John Mattsson <john.mattsson@ericsson.com> Wed, 11 March 2020 08:01 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13C843A146A for <emu@ietfa.amsl.com>; Wed, 11 Mar 2020 01:01:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1NE1fS4eUVsk for <emu@ietfa.amsl.com>; Wed, 11 Mar 2020 01:01:20 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2044.outbound.protection.outlook.com [40.107.22.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A656B3A1464 for <emu@ietf.org>; Wed, 11 Mar 2020 01:01:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lvbMo3jcq8j7Fzej3f1YdiLERmJpUcEgRoMKfA3GMBzBf7loqxrDPA2lSJzud+m785NK0nIpxNhfYtwP8PkI5T5GrFwahi0INQwGLGEMCAcqmTFWl8LNo4p6VkTf96CWr0M7XwueZfn5Xy7qR1T+jI/EB/h+tYwRtCEky1+tw/cFBgDsOH5uHuoe55GpJUGKBuzVx5dNTGm6cLfwUxzuKQYEXI7eO9616X+PVZcbfu/o5EaS/RnsQ+IXRuRe41IR9f7IyS39EzvVRR4TOV18NqR1WqEUvH+jdOwqrP+k2PeJvVWyTj1qOLYlqyr0GKtKoEuym/F9p7pbKJo3vVbYvw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=++F6TFTjWpwRLNkA3jkRHW2GpFooFdJiXQ3hgg3xXVc=; b=B3HnNchmvM5n23Lbnmz/n23VBTCSMAzVTZQBzYylZNtzn02yjuajoqxuuk3J1Vl90966WNU4WSDNaH7zRFp2S6bImsWy3v98pe2fg0ZL67KcERv3Ltm91brP26IQVn658BkjO6UzuSjV+S1QD59JEMHkWa+wTpZvnf4G/djzo3KFZHuKWTz/dKSezfzJSp5EnrGiCnWcFkkXJl+6niykEXzwly6ERRV9q++RuNXHUQ3y/P9tXPMzd/E6/srtTdYA+vwJ6gDIyJOz0uBfAlatjI0nayi5P//GKJwlcRVUkEyCbRDDxQ8dbVthWldnqGJ38OjIjT7ums4EVL7wmnwPCQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=++F6TFTjWpwRLNkA3jkRHW2GpFooFdJiXQ3hgg3xXVc=; b=GWyfmxu/4C9U8XUx5kpTk/bTTWa5JpYZGU+xOIZnZbXobSCZfBVyJ7yoymeuZEcg1LuIeMdEDIpjJ5JLuJ/FDSDXkGdWDmI25fYqzCggLdZ7mZJfZNEweXJKVoDyUts9HqpdNUtq8gtgdYSABth49jib0y0Ozh/2KgFmyIG5sBY=
Received: from AM6PR07MB4134.eurprd07.prod.outlook.com (52.134.114.155) by AM6PR07MB4805.eurprd07.prod.outlook.com (20.177.190.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.10; Wed, 11 Mar 2020 08:01:17 +0000
Received: from AM6PR07MB4134.eurprd07.prod.outlook.com ([fe80::501f:822f:f9b5:eb71]) by AM6PR07MB4134.eurprd07.prod.outlook.com ([fe80::501f:822f:f9b5:eb71%7]) with mapi id 15.20.2814.007; Wed, 11 Mar 2020 08:01:17 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Russ Housley <housley@vigilsec.com>, Mohit Sethi M <mohit.m.sethi@ericsson.com>
CC: EMU WG <emu@ietf.org>
Thread-Topic: [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls13
Thread-Index: AQHVyjcAcGNFmr3DXk2wF06j2he/eahAbzsAgAHuqICAAAO7AIAAEfaAgAD/PAA=
Date: Wed, 11 Mar 2020 08:01:17 +0000
Message-ID: <88D20B98-179F-4B28-B758-1D7459F3BED1@ericsson.com>
References: <MN2PR11MB39011F2754371931D1CFF0CCDB780@MN2PR11MB3901.namprd11.prod.outlook.com> <FC4CD2F5-B5E2-4FFB-B81F-A67DC55CD24E@deployingradius.com> <3113156B-EB01-4BBA-B51A-38883656E457@vigilsec.com> <89644402-9B35-401A-92E1-062962B69BC0@ericsson.com> <54BA1048-104B-4CB6-8CF6-D23F463BE382@vigilsec.com> <7f5af3b2-8218-5e4a-d56f-605ab326f55d@ericsson.com> <C3634494-7D3F-49AC-8796-4B1E03FC3B75@vigilsec.com>
In-Reply-To: <C3634494-7D3F-49AC-8796-4B1E03FC3B75@vigilsec.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.22.0.200209
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [82.214.46.143]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a7da2743-3dbb-4c3b-fec1-08d7c59260ba
x-ms-traffictypediagnostic: AM6PR07MB4805:|AM6PR07MB4805:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM6PR07MB48057D58179B44739EC8C77C89FC0@AM6PR07MB4805.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0339F89554
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(346002)(39860400002)(136003)(366004)(396003)(199004)(86362001)(33656002)(26005)(6636002)(81166006)(8936002)(81156014)(71200400001)(8676002)(966005)(6512007)(6486002)(36756003)(6506007)(2616005)(53546011)(5660300002)(66946007)(64756008)(478600001)(316002)(66556008)(4326008)(76116006)(66476007)(66446008)(91956017)(44832011)(186003)(110136005)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR07MB4805; H:AM6PR07MB4134.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: x8sYAJvnxC5Dyj7DRVoS0ZGRLk8SWx1Z3xM3c33/DaolGCmWbgM8NuniY4emuNfDIfNwG+0fDiZiZrug26qHd4W0ZFeRhqSWaCGZZdpS8UMJuG33adp6PyH4rpSbiABzOqCayDlDRQJsnSfwNxLPsPIHGjQIIO4A4HvpEGIGhoPZljMRH2S+N0aWPuHgibDTfybCzxM8Wm2qTD4tMY1i1ZjK1mp9X38j3llCv/9UdUZc2hrBLqnxF3bwGAkinA2Yo4NTXjiv4X2L4nLdQ37Qt+oBFnOjA8dyWQrEf2g4AMjyEDUjv/z1P+YqI5w1vaIl7jfs5N/I/wJHeMCwZYRcchb6HgBT7T4EPAxTkVmWS9QRUrNkvK/qzB47mIQht1VnSwHw1nSaL2yG53O8qQBKzUgM5MH5863x9p+PHnDeTFYgfco3Dxw2dFOGYdeKCyOvJSkJW8xNaSDVAv38lX2vJSPrn9z5cuxeiRnfgyZoMmJkWxoNiBjBqhk3GTa2q379WDylEroLZipWejpTO3N6VA==
x-ms-exchange-antispam-messagedata: b+ScJt+sch76Li8x/F80CDYcfIIfN2YgQR2749LcZKEgshF+bsipbjD5UU4CCh7OEze4INCpUl6uhikd5kqnKxOA328R9e4Uq7ikV2Qjf9XLSIP0lRO8Cap1NW0OudrnVjpLXz9XIr77DB+lQcckKg==
Content-Type: text/plain; charset="utf-8"
Content-ID: <999A565A361E1F4B851A5A0DED2D2430@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a7da2743-3dbb-4c3b-fec1-08d7c59260ba
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Mar 2020 08:01:17.3869 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: +2YiIqCnksMNUWUtaygLHNT2T3YeptMSn28Hl6PaQFu/gfl/K0sukYkEvTn9oBYMSVx3CSaPGp8Q5VdO9xcPt2K5vROG2/igdnKp/yLvYls=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB4805
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/Bc1fDqNSxZd5YprGrbqKttatxg4>
Subject: Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls13
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2020 08:01:22 -0000

Hi,

Russ Housley wrote:
 >> I do not understand the reason for Bernard's objection.  I looked at the minutes, and I do not find any rationale there.  Can you help?

If I remember correctly, Bernard stated that the indroduction of PSK could weaken the implementation and violate the security proofs of EAP-TLS. I don't really agree with Bernard, but I am fine with resticting the type code 0x0D to certificates only. I am not sure any proofs with TLS 1.1 would apply to TLS 1.3 anyway as TLS 1.3 is basically a new protocol, reusing encoding and IANA registers from the old version. 

Given that the EAP-TLS Type-Code 0x0D is decicated to Certificates, I am not sure the approach to dedicate a new type code for PSK authentication is the correct choice.

psk_ke
psk_dhe_ke
tls_cert_with_extern_psk+psk_dhe_ke

are just three of many authentication methods that may not fit in type code 0x0D. Earlier versions of TLS have supported many more authentication methods 

KRB5
anon
SRP
ECCPWD

And just looking at the TLS WG documents, there are several future authentication methods for TLS 1.3 likely in the future.

https://datatracker.ietf.org/doc/draft-wang-tls-raw-public-key-with-ibc/
https://datatracker.ietf.org/doc/draft-tschofenig-tls-cwt/
https://datatracker.ietf.org/doc/draft-vanrein-tls-kdh/

I do not think the EAP group should forbid any TLS 1.3 authentication method unless there is valid reasons to do so. Instead of the current suggestion:

0x0D     EAP-TLS (cert and nothing else)
0xTBD    EAP-TLS-PSK (psk and psk+something else)

I think a better way to structure things would be:

0x0D     EAP-TLS (cert and nothing else)
0xTBD    EAP-TLS-FULL (everything that TLS 1.3 supports)

I sympatise with earlier comments in the group that EAP should mostly be a transport for TLS and that the decisions of which authentication methods to support should be taken by the TLS WG.

Cheers,
John

-----Original Message-----
From: Russ Housley <housley@vigilsec.com>
Date: Tuesday, 10 March 2020 at 18:48
To: Mohit Sethi M <mohit.m.sethi@ericsson.com>
Cc: John Mattsson <john.mattsson@ericsson.com>, EMU WG <emu@ietf.org>
Subject: Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls13

    Thanks for the pointer.
    
    I am fine with the proposed way forward.
    
    Russ
    
    
    > On Mar 10, 2020, at 12:43 PM, Mohit Sethi M <mohit.m.sethi@ericsson.com> wrote:
    > 
    > Hi Russ,
    > 
    > You can listen here: https://youtu.be/YJLG4JUftqI?t=1144
    > 
    > We plan to support it in EAP-TLS-PSK instead: 
    > https://tools.ietf.org/html/draft-mattsson-emu-eap-tls-psk-00. We have 
    > already added a reference to draft-ietf-tls-tls13-cert-with-extern-psk 
    > and plan to use it. I think using an external PSK any ways requires 
    > ironing out some issues like what is the relationship between NAI and 
    > the PSK identity? And do we allow user-configured PSK identities/PSKs etc.?
    > 
    > Would it be reasonable if we specify the usage of 
    > draft-ietf-tls-tls13-cert-with-extern-psk in EAP-TLS-PSK instead?
    > 
    > --Mohit
    > 
    > On 3/10/20 6:30 PM, Russ Housley wrote:
    >> I do not understand the reason for Bernard's objection.  I looked at the minutes, and I do not find any rationale there.  Can you help?
    >> 
    >> Russ
    >> 
    >> 
    >>> On Mar 9, 2020, at 5:59 AM, John Mattsson <john.mattsson@ericsson.com> wrote:
    >>> 
    >>> Hi Russ,
    >>> 
    >>> Sorry for the late reply. I actually brought up your draft [ID-ietf-tls-tls13-cert-with-extern-psk] during my EMU presentation at IETF 106 as something that should probably be in EAP-TLS. Bernard Aboba then expressed a very strong opinion that [ID-ietf-tls-tls13-cert-with-extern-psk] should absolutely not be included in the EAP-TLS Type-Code 0x0D. After this the WG decided as a way forward to specify EAP-TLS with PSK authentication in a new draft.
    >>> 
    >>> Given these strong opinions from Bernard Aboba, and the wish to publish draft-ietf-emu-eap-tls13 soon. I think the best way forward would be specify the use of [ID-ietf-tls-tls13-cert-with-extern-psk] in the same new draft as EAP-TLS with PSK authentication. Does that sound like an acceptable way forward?
    >>> 
    >>> Cheers,
    >>> John
    >>> 
    >>> -----Original Message-----
    >>> From: Russ Housley <housley@vigilsec.com>
    >>> Date: Monday, 13 January 2020 at 18:29
    >>> To: John Mattsson <john.mattsson@ericsson.com>
    >>> Cc: EMU WG <emu@ietf.org>
    >>> Subject: Late WGLC Comment on draft-ietf-emu-eap-tls13
    >>> 
    >>>    John:
    >>> 
    >>>    Section 2.1.1 says:
    >>> 
    >>>       Pre-Shared Key (PSK) authentication SHALL NOT be used except
    >>>       for resumption.
    >>> 
    >>>    I would rather this say:
    >>> 
    >>>       Pre-Shared Key (PSK) authentication SHALL NOT be used except
    >>>       for resumption or in conjunction with the "tls_cert_with_extern_psk"
    >>>       extension [ID-ietf-tls-tls13-cert-with-extern-psk].
    >>> 
    >>>    Russ
    >>> 
    >>> 
    >>> 
    >> _______________________________________________
    >> Emu mailing list
    >> Emu@ietf.org
    >> https://www.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email