Re: [Emu] Issue 61 Clarifying NAI handling during resumption
Alan DeKok <aland@deployingradius.com> Mon, 12 April 2021 11:42 UTC
Return-Path: <aland@deployingradius.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73DA93A1A15 for <emu@ietfa.amsl.com>; Mon, 12 Apr 2021 04:42:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bjDd11Egdjvb for <emu@ietfa.amsl.com>; Mon, 12 Apr 2021 04:42:24 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B323B3A1A13 for <emu@ietf.org>; Mon, 12 Apr 2021 04:42:24 -0700 (PDT)
Received: from [192.168.46.152] (24-52-251-6.cable.teksavvy.com [24.52.251.6]) by mail.networkradius.com (Postfix) with ESMTPSA id 4D31091; Mon, 12 Apr 2021 11:42:22 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <CAOgPGoBqRzOMOEYpHQmKNz-jXqMJLSsGw8kBbwypCPW351hsEg@mail.gmail.com>
Date: Mon, 12 Apr 2021 07:42:20 -0400
Cc: EMU WG <emu@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3423F248-A458-433E-96C2-CD725BA602D3@deployingradius.com>
References: <CAOgPGoBqRzOMOEYpHQmKNz-jXqMJLSsGw8kBbwypCPW351hsEg@mail.gmail.com>
To: Joseph Salowey <joe@salowey.net>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/Q9IyDSPiBE2tVEXP0aMAhPxOYc4>
Subject: Re: [Emu] Issue 61 Clarifying NAI handling during resumption
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Apr 2021 11:42:30 -0000
On Apr 11, 2021, at 11:39 PM, Joseph Salowey <joe@salowey.net> wrote: > Alan's review raised the issue that the text allows for different identities to be used for the initial handshake and subsequent resumption. Instead the proposal is to always use the same NAI for resumption as for the initial handshake. > > I'd like to understand the reason for this concern. It seems like this would make things worse from a privacy perspective unless we also required the NAI to just be @REALM which is the minimum amount of information that can be disclosed and still have the current system work. That was my proposal. The underlying question is: What identity should be used in the EAP-Response Identity packet? This identity should be accessible to the EAP peer, which pretty much rules out any TLS PSK resumption identity. (the OpenSSL APIs don't give any simple way to extract this from the TLS session) This identity should be routable in a roaming system, which also rules out the TLS PSK resumption identity. This identity should not disclose private information, or allow observers to correlate sessions. This means that it should either be consistently empty, but compatible with roaming and therefore "@realm". Or, the identity should be an opaque identifier which changes for each session. However, there is no way in EAP-TLS to negotiate a changing identity. Which means that it will just be an opaque blob invented by the peer, with no meaning to the authenticator. There is one other piece of public information which is unique to the decide: the Ethernet MAC address. This is already visible locally to anyone who can monitor the EAP traffic. And, visible to anyone who can see the upstream RADIUS traffic, as that MAC is placed in Calling-Station-Id. But do we really want to recommend using a MAC address as an EAP identity? What would that gain us? So... we're left with "@realm". Not be because it's the best, but because pretty much everything else is wrong. And, we know @realm works, because it's already been working with EAP for a decade. Alan DeKok.
- [Emu] Issue 61 Clarifying NAI handling during res… Joseph Salowey
- Re: [Emu] Issue 61 Clarifying NAI handling during… Alan DeKok