IETF Logo Mail Archive

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

Joseph Salowey <joe@salowey.net> Mon, 11 November 2019 22:38 UTC

Return-Path: <joe@salowey.net>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8843120020 for <emu@ietfa.amsl.com>; Mon, 11 Nov 2019 14:38:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DHqNOZlnFn-P for <emu@ietfa.amsl.com>; Mon, 11 Nov 2019 14:38:36 -0800 (PST)
Received: from mail-qk1-x72f.google.com (mail-qk1-x72f.google.com [IPv6:2607:f8b0:4864:20::72f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71A13120122 for <emu@ietf.org>; Mon, 11 Nov 2019 14:38:36 -0800 (PST)
Received: by mail-qk1-x72f.google.com with SMTP id z16so12705324qkg.7 for <emu@ietf.org>; Mon, 11 Nov 2019 14:38:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/vr3B/pryLhh1mtz1WWGaY6IF+ekDqkiI0HopluPq5c=; b=aIX9yZaLE0FHPrBIyj1nu6asBONyjvkfRJXUOD34kgKCeneZ34cTYqgZHpRVcoNVHM iYLskpCPIW2NRHdqORtJxzz5hLzB4NP2v4FUtN6tPWG7oClZLgkta+kXHV1DTJKClV0J s7nnp+s0Iwd572GI1YEtsRwfq2ZTWg44F7TGW0TgDEr+5+72yP1EmibsTL3VHlDAKj7A dG3hxsIsDMAwd/q7iXfWuup3XtAsJT7fAah7aZfydYb+NS6HOqXBoiviHayT1JK9nyXT 18PT16Xp5clgzyfebvHuxz9hiSCe9TITCJGxwtBTqZmcaUawphKDkBa/Mte0EJROhzTO 8rzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/vr3B/pryLhh1mtz1WWGaY6IF+ekDqkiI0HopluPq5c=; b=OQVWeI8KOUaWYyKJuM8GOVbXeciALcmV6ecAUSbLLQHMjomih0YLsE9dDRkl7aj8Yi x1MCwqn2OkKMjrHdygW+KNX8rfYzlApMifsTIpuwThA1r5kpybP/N6Jv5QAkCpeHoA5r q0Bt33/4cQYjcwVg/weJxSvFhwUOc1d9AKJtDA0q1zTSCddrJv3Oe84txGKnx8GiM3kS WqAtfQK/fVLOyduZAxXlHxLGSvWDgPH9vFy6tz+yDbQ3VM+NduxVU9l8HPrcgoBiyqpW pFv1jmOfo/CSBYdR8UiAbO+fvb7Weappf55T817ILPwsxyCtNaCUf+NDJ5KbTNeC5iU+ M1Jw==
X-Gm-Message-State: APjAAAVPgoRWgh5ic9DOGiiGujWeOsFxJtrvUcZENcwxfZUq5JjNafNV pku/yqEx1EQBMJ4yQOIZ2tqaUhtaIgII43+nxiRkQDro
X-Google-Smtp-Source: APXvYqy8ijmMfaQ1bejDs/AA3oZHwAk9hPH3qR1WHcy8V4Op5WII018HgwvWzo1xoyGZK9qKmFqik7ht5kLX7Tnub+0=
X-Received: by 2002:ae9:e201:: with SMTP id c1mr12854889qkc.416.1573511915279; Mon, 11 Nov 2019 14:38:35 -0800 (PST)
MIME-Version: 1.0
References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> <CY4PR1101MB22781AB8C8982ACF99B61544DB8E0@CY4PR1101MB2278.namprd11.prod.outlook.com> <17E08795-4E4E-4507-8384-836020966BCF@deployingradius.com> <634C375D-FBF3-4297-A5C0-E68C903CA34A@ericsson.com> <CAOgPGoBko6N_JebmisoSk_EJ=Hq21sV3xoXjLw4r7D+OFSsdZA@mail.gmail.com> <CC58A292-03D6-4D70-A11F-B8FEE7311E78@cisco.com> <26738.1570791861@dooku.sandelman.ca> <AD799A14-8268-4BAF-8925-3567973C7507@cisco.com> <9501.1570802988@dooku.sandelman.ca> <DCC85780-B079-4AD0-8870-7528270B70D8@cisco.com> <CAOgPGoA0RCY+J5bDOyUiKtFy5Vk=C11yvE8O=rsJPQeS8Fzk0A@mail.gmail.com> <B31BF8C4-6568-49F2-BBD1-BD6AC66D393C@cisco.com> <20826A11-1881-40F9-8C54-82BB90820851@deployingradius.com> <CAOgPGoCAb6hbWfPLLGDXAv80Grxn1vTTxOzLctx4E+R0ZhBvGg@mail.gmail.com> <MN2PR11MB390137BA293101102515A3AFDB780@MN2PR11MB3901.namprd11.prod.outlook.com> <0D21C6F3-DCF7-41FA-BEFB-9408575524A8@deployingradius.com> <CAOgPGoDMkMUCbdY6WL+StR22d2qkq87ycGQbVUncExYW_+-8Tg@mail.gmail.com> <2FF842AE-0FA8-40EA-9A82-672E3068EBAB@deployingradius.com> <MN2PR11MB390100371FD5EF13342AA3E4DB740@MN2PR11MB3901.namprd11.prod.outlook.com> <C6ED9B0C-88D4-42C6-B8FE-47261BE65980@deployingradius.com>
In-Reply-To: <C6ED9B0C-88D4-42C6-B8FE-47261BE65980@deployingradius.com>
From: Joseph Salowey <joe@salowey.net>
Date: Mon, 11 Nov 2019 14:38:23 -0800
Message-ID: <CAOgPGoB=F8ffp6jjxb2dEpo17RJxYa+ip_74ukXQNaLZ7iiMHg@mail.gmail.com>
To: Alan DeKok <aland@deployingradius.com>
Cc: "Owen Friel (ofriel)" <ofriel@cisco.com>, EMU WG <emu@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c2a89d059719cade"
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/Ux6yZkJMB14EqEJW9Nvpt4fuD6c>
Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Nov 2019 22:38:41 -0000

On Mon, Nov 11, 2019 at 11:41 AM Alan DeKok <aland@deployingradius.com>
wrote:

> On Nov 11, 2019, at 12:52 PM, Owen Friel (ofriel) <ofriel@cisco.com>
> wrote:
> >
> > [ofriel]  Is the primary reason they MUST NOT be copied because of
> encoding differences? UTF-8 vs. TLS raw bytes?
>
>   Yes.  EAP Identities are UTF-8 encoded strings.  Non-compliant
> identities will likely result in the packet being dropped.
>
> > On the privacy aspect, as the TLS PSK ID is sent unprotected and
> unencrypted in cleartext in the ClientHello, what information leakage are
> we preventing by not sending that same data in cleartext in the Identity
> Response?
>
>   Not much.  Except that if we send the data in the Identity, it MUST be
> encoded in some format which is acceptable to EAP, RADIUS, etc.
>
>   Further, RFC 8446 says that PSK Identities can be be up to 2^16-1 octets
> in length.  While EAP can carry large identities, RADIUS cannot.  So we're
> left with a practical limitation of ~250 octets for the identity field.
>
>   At that point, it's best to recommend that the EAP Identity carry only
> an anonymous NAI.  That avoids the issue of PSK length and encoding
> entirely.  Further, it means that all uses of EAP-TLS have the same
> recommendation: the Identity is an anonymous NAI.
>
>
[Joe] I agree that its best to only include the anonymous NAI.  Including
more information may cause a problem if the PSK works changes in the future
or if you are copying the original NAI into subsequent transactions.


> > This is a different question to the difference between an extern PSK and
> a resumption PSK. That is implementation specific and not defined in TLS1.3
>
>   i.e. "good luck".  :(
>
>   It's difficult for implementors to do the right thing in such a
> situation.
>
> > [ofriel] I agree some implementation advice would be good here. Should
> this be in EAP, or should we push for a TLS1.3 errata? It's the same advice
> that a standard TLS1.3 server implementor needs. OpenSSL for example
> defines its own resumption format, and provides a callback hook to check
> for extern PSKs, and it looks like OpenSSL lets the application check for
> an extern PSK match first before checking its internal resumption cache:
> https://github.com/openssl/openssl/blob/master/ssl/statem/extensions_srvr.c#L1093.
> But of course that is TLS stack specific. We would need to document
> guidance olong the lines of checking for TLS stack behaviour.
>
>   I think it's best to give guidance in this document.
>
>
[Joe] If its needed then I also think we should include it in the EAP-TLS
document.  It wouldn't be bad to file an errata on TLS 1.3, but I think
this is more of a corner case for them.


>   Alan DeKok.
>
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu
>

v2.23.0 | Report a Bug | By Email