IETF Logo Mail Archive

Re: [Emu] Review of draft-ietf-emu-eap-gpsk-08 (1st roundof comments)

Jouni Malinen <j@w1.fi> Wed, 06 August 2008 09:08 UTC

Return-Path: <emu-bounces@ietf.org>
X-Original-To: emu-archive@megatron.ietf.org
Delivered-To: ietfarch-emu-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C2E923A6B79; Wed, 6 Aug 2008 02:08:29 -0700 (PDT)
X-Original-To: emu@core3.amsl.com
Delivered-To: emu@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 915103A6B70 for <emu@core3.amsl.com>; Wed, 6 Aug 2008 02:08:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P8uakdFFWaIe for <emu@core3.amsl.com>; Wed, 6 Aug 2008 02:08:27 -0700 (PDT)
Received: from hostap.isc.org (hostap.isc.org [149.20.54.63]) by core3.amsl.com (Postfix) with ESMTP id CB30A3A6900 for <emu@ietf.org>; Wed, 6 Aug 2008 02:08:27 -0700 (PDT)
Received: from a88-112-102-171.elisa-laajakaista.fi ([88.112.102.171] helo=jm) by hostap.isc.org with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <j@w1.fi>) id 1KQeUL-0006ra-PJ; Wed, 06 Aug 2008 01:35:24 -0700
Received: by jm (sSMTP sendmail emulation); Wed, 6 Aug 2008 12:08:02 +0300
Date: Wed, 06 Aug 2008 12:08:02 +0300
From: Jouni Malinen <j@w1.fi>
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
Message-ID: <20080806090801.GA18172@jm.kir.nu>
References: <47E95784.8060407@cs.umd.edu> <20080802075359.GA5504@jm.kir.nu> <AC1CFD94F59A264488DC2BEC3E890DE506469045@xmb-sjc-225.amer.cisco.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <AC1CFD94F59A264488DC2BEC3E890DE506469045@xmb-sjc-225.amer.cisco.com>
User-Agent: Mutt/1.5.16 (2007-06-09)
X-Spam-Bar: ---
Cc: Pasi.Eronen@nokia.com, emu@ietf.org
Subject: Re: [Emu] Review of draft-ietf-emu-eap-gpsk-08 (1st roundof comments)
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: emu-bounces@ietf.org
Errors-To: emu-bounces@ietf.org

On Tue, Aug 05, 2008 at 12:36:21PM -0700, Joseph Salowey (jsalowey) wrote:
> If we make the change below then we also have to change section 12.9.  I
> think this is a bit problematic since at one point we had consensus to
> address the issues on client state avoidance raised by folks at
> Stanford.  The goal was that the peer could store its nonce on a
> per-server basis rather than on a per-message basis.  Since the peer is
> only going to have shared secrets for a limited number of servers this
> could reduce the amount of state that needed to be kept. 

Hmm.. I don't know whether I would really see much point in client-side
DoS protection for EAP-GPSK, so that part in 12.9 does not matter to me
much. As far as peer implementations are concerned, I don't see any
significant difference in storing (RAND_Peer,CSuite_Sel,RAND_Server) vs.
(RAND_Peer,CSuite_Sel) between GPSK-2 and GPSK-3.

> I don't see the value of matching the RAND_Server on the peer so I would
> modify Jouni's text as follows:
> 
>    "For GPSK-3, a peer MUST silently discard messages where the
>    RAND_Peer or the CSuite_Sel fields do not match
>    those transmitted in GPSK-2.  An EAP peer MUST silently discard any
>    packet whose MAC fails."

I don't see real value in RAND_Server being included in GPSK-3, so in
that sense I'm fine with this.

> The text for section 12.9 the third paragraph needs to be clarified:
> 
>    "The client has to keep state information after receiving the GPSK-1
>    message.  To prevent a replay attack, all the client needs to do is
>    to ensure that the value of RAND_Peer is consistent between GPSK-2
>    and GPSK-3.  Message GPSK-3 contains all the material required to re-
>    compute the keying material.  Thus, if a client chooses to implement
>    this client-side DoS protection mechanism it may manage RAND_Peer and
>    Csuite_Sel on a per-server basis for servers it knows instead of on a
>    per-message basis."  

s/Csuite_Sel/CSuite/Sel/

Doing this per-server sounds restricting to me and would mandate that
there is never going to be two simultaneous EAP-GPSK authentication
sessions going on. Do we really care about storage requirements for 32
octets of extra state when the peer would need to store some state
anyway (38 octets vs. 70 octets)? I would rather optimize the packet
sizes be removing 32 octets from GPSK-3..

Anyway, if there was consensus on this being something worth doing, I
won't be against the text changes you propose here. I think the protocol
would work either way and at this point, my main preference is just to
get EAP-GPSK published rather sooner than later ;-).

-- 
Jouni Malinen                                            PGP id EFC895FA
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email