Re: [Emu] WGLC completed for for draft-ietf-emu-eap-tls13-05
Jouni Malinen <j@w1.fi> Sat, 13 July 2019 14:21 UTC
Return-Path: <j@w1.fi>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8B7A120045 for <emu@ietfa.amsl.com>; Sat, 13 Jul 2019 07:21:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id up6aLWmwm3yn for <emu@ietfa.amsl.com>; Sat, 13 Jul 2019 07:21:34 -0700 (PDT)
Received: from li674-96.members.linode.com (mail.w1.fi [212.71.239.96]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A063A120026 for <emu@ietf.org>; Sat, 13 Jul 2019 07:21:34 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by li674-96.members.linode.com (Postfix) with ESMTP id 408D811B51; Sat, 13 Jul 2019 14:21:31 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at w1.fi
Received: from li674-96.members.linode.com ([127.0.0.1]) by localhost (mail.w1.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RmBlwLfo_Mtj; Sat, 13 Jul 2019 14:21:29 +0000 (UTC)
Received: by jm (sSMTP sendmail emulation); Sat, 13 Jul 2019 17:21:27 +0300
Date: Sat, 13 Jul 2019 17:21:27 +0300
From: Jouni Malinen <j@w1.fi>
To: Alan DeKok <aland@deployingradius.com>
Cc: Joseph Salowey <joe@salowey.net>, EMU WG <emu@ietf.org>
Message-ID: <20190713142127.GA32230@w1.fi>
References: <CAOgPGoCB7VOzjo+ckDhNiApa6ozCDr3zfj6pMVG3ZRfV4RP6mQ@mail.gmail.com> <20190712210819.GA26853@w1.fi> <05B92C31-6CFB-4DFD-BCBD-EE5F3472D7B2@deployingradius.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <05B92C31-6CFB-4DFD-BCBD-EE5F3472D7B2@deployingradius.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/PgGjhmafbbSJCcQctDsFw7AvNmU>
Subject: Re: [Emu] WGLC completed for for draft-ietf-emu-eap-tls13-05
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Jul 2019 14:21:37 -0000
On Sat, Jul 13, 2019 at 08:59:04AM +0200, Alan DeKok wrote: > On Jul 12, 2019, at 11:08 PM, Jouni Malinen <j@w1.fi> wrote: > > It would seem to make sense to me to allow the EAP-TLS 1.3 server to > > send out either an empty plaintext or a one octet plaintext to avoid > > this issue in a straightforward manner. > > We may also want to later perform additional signalling at that phase of the authentication. As such, it may be good to say: > > * a one octet plaintext of 0x00 should be sent > * on reception, any data received should be ignored > * non-zero octets, or more than one octet MAY indicate future extensions I'm not sure how I'd feel about EAP-TLS extension that uses actual application data when we have EAP-TEAP available for cases that need additional data to be exchanged in the tunnel. Anyway, this combination of server sending one octet (0x00) and peer decrypting the application data but ignoring its length and contents is what I ended up implementing now. This seems to work fine for the case where NewSessionTicket message(s) are used. I did see some issues when OpenSSL 1.1.1 when disabling sending of session tickets, though. The current draft indicates that the empty Application Data payload would be send out in the same EAP packet with the server's Finished message, i.e., before the server having authenticated the peer. And this would be done without the peer having used TLS early data (which is explicitly disallowed in the draft). That combination did not work with my experiments since OpenSSL was rejecting the SSL_write() operation after the server having written own Finished message, but before having received the Finished message from the peer. The OpenSSL documentation seemed to imply that SSL_write_early_data() could be used by the server _if_ the client first sent early data.. At least in my tests, OpenSSL rejected that call without early data from the client. I may have missed some other part of the OpenSSL API where the server could have sent out the Application Data message to the unauthenticated peer (if someone knows how to do that, please do let me know), but regardless, this design of the EAP-TLS v1.3 server depending on a mechanism that need actual application data (even if empty or known one octet value) to be sent before having completed authentication of the TLS client feels like something that can result in implementation complexities with various TLS libraries. Forcing a new session ticket to be sent out is a way to work around this, but I'm not sure I'd call this ideal. -- Jouni Malinen PGP id EFC895FA
- [Emu] WGLC completed for for draft-ietf-emu-eap-t… Joseph Salowey
- Re: [Emu] WGLC completed for for draft-ietf-emu-e… Mohit Sethi M
- Re: [Emu] WGLC completed for for draft-ietf-emu-e… Jouni Malinen
- Re: [Emu] WGLC completed for for draft-ietf-emu-e… Alan DeKok
- Re: [Emu] WGLC completed for for draft-ietf-emu-e… Jouni Malinen
- Re: [Emu] WGLC completed for for draft-ietf-emu-e… Alan DeKok
- Re: [Emu] WGLC completed for for draft-ietf-emu-e… John Mattsson
- Re: [Emu] WGLC completed for for draft-ietf-emu-e… John Mattsson
- Re: [Emu] WGLC completed for for draft-ietf-emu-e… Jouni Malinen
- Re: [Emu] WGLC completed for for draft-ietf-emu-e… Jim Schaad
- Re: [Emu] WGLC completed for for draft-ietf-emu-e… Alan DeKok
- Re: [Emu] WGLC completed for for draft-ietf-emu-e… John Mattsson