IETF Logo Mail Archive

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

Mohit Sethi M <mohit.m.sethi@ericsson.com> Thu, 10 October 2019 10:38 UTC

Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBD74120BD5; Thu, 10 Oct 2019 03:38:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TBOB9rmdJzI2; Thu, 10 Oct 2019 03:38:21 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10054.outbound.protection.outlook.com [40.107.1.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 793DF120A1F; Thu, 10 Oct 2019 03:38:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R6OWAYkdH1jNxLJ+N059lx4QwfyGrHZK0/5qDwlDepuHs0ClxmIW3nq63x97zShfwzcALlDPLIx2XRrShF96KbMer346tGHK1oI/UR0QNQPdz2sZSm6wGyG2i4+fXluZRY050KtWqbnkmPYwypkhiJNu8IQ2rXYwGMcMPhnIlCs9Nf2F6jcmjLySY4TqjRiEzFoVjB8aH9pR/AjDFGA1zHQJ0QddTP7DcGfCjZw81hozEHJPo75sWNt72WxrsMcdIe0+xJV2U4QhBiWFe+FRRZP2foXq6WjkwsGeLuWfOVSa1Kih3l77kASGMcVvc9Hd4mD2CpOH/JZUqqIlzI0hcw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XWSUIBgfUyOZnNL5ST38+uXEdRtY+k7zQmI8kTkqaS0=; b=KSx6BkPYlDTGHDQ5+WCgM0cdJKKjc98Y9gwmJfZE/dfd87+pFXet6IuaBJb7Fv4CHR40GqYXqQG+JyGmIwhTG8D3eYpzULyqvUBqRuTx+9IpLrfN5VQeApDU58+joTgkVigk0ZL5YQEbZn0xIr80obdSuOTDZTuceH2Qt7y9zVTi4wYkT1ohzg+05JOirmz5ealBReGAK3Tos0fx/c/T9ld33ZWCusGLslxKWkal796QkVKhdo8Yw9j3up2Hwq0pWNY770nXFxt0bXVzaB9ViZYAjT+woD6dWcuhR7i+Cwnhg4wJ6Exz9vEi4I2m//Std0qrAidXp874Pd7JcHRU2w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XWSUIBgfUyOZnNL5ST38+uXEdRtY+k7zQmI8kTkqaS0=; b=pDwf4mH9hKRijizuPB1dlfo5xifVzWIcxeBQGw1yWYle20ve62gC2SywsDGQ5CnPngDrfrYPHva+kFrLjDwbYTWDtgajLi5gpBNO0W0Cd96sZGTPeGEeIbXvyx4y24khWigYYT6qSbFJPnYdhCX73GLbdUKnACDOenhCMeuFPCU=
Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com (10.168.98.146) by HE1PR0701MB2569.eurprd07.prod.outlook.com (10.168.188.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.13; Thu, 10 Oct 2019 10:38:17 +0000
Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::f073:9f5c:2438:ea1f]) by HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::f073:9f5c:2438:ea1f%6]) with mapi id 15.20.2347.016; Thu, 10 Oct 2019 10:38:17 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: Eliot Lear <lear@cisco.com>, Mohit Sethi M <mohit.m.sethi@ericsson.com>
CC: "draft-ietf-emu-eap-tls13@ietf.org" <draft-ietf-emu-eap-tls13@ietf.org>, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, EMU WG <emu@ietf.org>
Thread-Topic: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13
Thread-Index: AQHVf0AHYrfy88y1MEa4KtYtC+eMdKdTmpSAgAAUkQA=
Date: Thu, 10 Oct 2019 10:38:17 +0000
Message-ID: <4cae26b8-0c95-93c0-17d9-69fae608cb4c@ericsson.com>
References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> <CY4PR1101MB22781AB8C8982ACF99B61544DB8E0@CY4PR1101MB2278.namprd11.prod.outlook.com> <17E08795-4E4E-4507-8384-836020966BCF@deployingradius.com> <634C375D-FBF3-4297-A5C0-E68C903CA34A@ericsson.com> <CAOgPGoBko6N_JebmisoSk_EJ=Hq21sV3xoXjLw4r7D+OFSsdZA@mail.gmail.com> <CC58A292-03D6-4D70-A11F-B8FEE7311E78@cisco.com> <40D7307B-E302-4379-9013-C8B300A09050@ericsson.com> <eff1a203-9c3c-ebcb-bbcf-5fb8d18aa4b5@ericsson.com> <113A9EAB-093A-43F9-A48E-8276EF1EE096@cisco.com>
In-Reply-To: <113A9EAB-093A-43F9-A48E-8276EF1EE096@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com;
x-originating-ip: [82.203.253.29]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7d761a35-a847-47b7-5f1a-08d74d6df646
x-ms-traffictypediagnostic: HE1PR0701MB2569:|HE1PR0701MB2569:
x-ms-exchange-purlcount: 4
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <HE1PR0701MB2569DE3969570F2B27AC790CD0940@HE1PR0701MB2569.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 018632C080
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(346002)(376002)(366004)(136003)(396003)(13464003)(199004)(189003)(606006)(54906003)(6512007)(316002)(3846002)(2616005)(36756003)(486006)(476003)(966005)(14454004)(6246003)(110136005)(478600001)(58126008)(236005)(25786009)(4326008)(5660300002)(71190400001)(6116002)(71200400001)(81166006)(76116006)(66446008)(256004)(6506007)(26005)(6306002)(31686004)(14444005)(102836004)(66556008)(66946007)(64756008)(186003)(2906002)(8676002)(81156014)(8936002)(76176011)(66476007)(54896002)(31696002)(446003)(11346002)(229853002)(66066001)(99286004)(6436002)(65956001)(86362001)(65806001)(6486002)(7736002)(53546011); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2569; H:HE1PR0701MB2905.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: jwzRF5vFSwt7RnUqxM53AV4dZE8NnUX29Rvy+Ro1i5cCBmy2YvxQq4bj/SRsFqaoTRNR81s0HDQXufpj82pZ1yx2KYzqV+dHk7tmf3T+a3Cr+n1nKKKEFK1FRuVreUTvN2dTOqiIx92rmadseAJ77Sv+ZzrEonpwxZP3B2lmf9xnD9IHrRctV7gT+YopecBvneo0aVs5cImncrt6z8oV51qlFBkNfOnD8hFj4k+6cOTAI5CPTjR+QDw1Ti3b2uzfkNAJ6Bcc2mWqNLzl06WPNFQYXI8Y6dO8N99IDyMWOwyXdvHp4dfYCSJ/S0TothN7GS+X50fBC4H+dUVg+QWSF70zddB5P8Ygh6UE8D/CooN7nHZcNToXJ873RswtfCUJgcDEswiqWeWPE3KdFTZQsE5Zw/ULA/Nl4AoYjEgcQfJT0/9DPj5D0lN2Hi0Lt7mriVn08yRmooW/+XHN+3ByIg==
Content-Type: multipart/alternative; boundary="_000_4cae26b80c9593c017d969fae608cb4cericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7d761a35-a847-47b7-5f1a-08d74d6df646
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2019 10:38:17.3226 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1VyVKUud6LYoBYYcAKIvcD1FADL5ASi2y1yPxv21Tb9rngPJMEWtxMcPNrKqMoiSWpm9JS8R813ENoC+/9Qk5PMTsKwLVZw5LMX3KEcG+EM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2569
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/WKWClZJNVXyieLhG1fXpwyHLZsw>
Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2019 10:38:24 -0000

Hi Elliot,

PSK and certificates have different security properties. That being said, both are needed.

As I stated earlier: a modern EAP method with PSK is needed and TLS-PSK is the right choice. I am happy to have it in the current draft-ietf-emu-eap-tls13<https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-07> draft if that is what the general consensus is.

--Mohit

On 10/10/19 12:24 PM, Eliot Lear wrote:
Hi Mohit,

On 10 Oct 2019, at 09:55, Mohit Sethi M <mohit.m.sethi@ericsson.com<mailto:mohit.m.sethi@ericsson.com>> wrote:

@Elliot: I understand your discomfort with constraining TLS 1.3. But there is clearl precedent. The original EAP-TLS specification in RFC 5216 (https://tools.ietf.org/html/rfc5216) has no mention of PSKs.

*Architecturally* I am angling toward code impact.  Is there a fundamental issue with TLS-PSK or is it just EAP-TLS-PSK?  This is a matter of how one would want to address the problem in OpenSSL/GNUTLS/TinySSL/WolfSSL and what the calling interfaces should be.

I want to stress again: whether it’s PSK or public key is conceptually not that different here.  There is some potential theft protection in public key mechanisms, but only if a real TEE is used.  We’re not seeing that as much as we would like yet, but it may make sense to aim in that direction.

Thus one potential outcome of this discussion is: PSK is just bad, and never use it, regardless of EAP or other.  Another potential outcome is the opposite.  And then there are some states in between.

Eliot

--Mohit

On 10/10/19 10:44 AM, John Mattsson wrote:
Hi Eliot,

I agree that the question boils down to IoT. There are currently a lot of IoT systems using PSK, and many of them will likely want to stay on PSK, rather than migrating to RPK. Using a protocol with PFS is nowadays recommended practice. EAP-PSK does not provide PFS, and EAP-PWD is not suitable for IoT. I strongly think we need an EAP method with PSK + PFS for IoT, and the easiest way to achieve that seems to be EAP-TLS-PSK.

Cheers,
John

From: Eliot Lear <lear@cisco.com><mailto:lear@cisco.com>
Date: Thursday, 10 October 2019 at 09:14
To: Joseph Salowey <joe@salowey.net><mailto:joe@salowey.net>
Cc: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org><mailto:john.mattsson=40ericsson.com@dmarc.ietf.org>, "draft-ietf-emu-eap-tls13@ietf.org"<mailto:draft-ietf-emu-eap-tls13@ietf.org> <draft-ietf-emu-eap-tls13@ietf.org><mailto:draft-ietf-emu-eap-tls13@ietf.org>, EMU WG <emu@ietf.org><mailto:emu@ietf.org>
Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13
Resent from: <alias-bounces@ietf.org><mailto:alias-bounces@ietf.org>
Resent to: John Mattsson <john.mattsson@ericsson.com><mailto:john.mattsson@ericsson.com>, <mohit@piuha.net><mailto:mohit@piuha.net>
Resent date: Thu, 10 Oct 2019 00:14:49 -0700 (PDT)

Hi Joe,


On 7 Oct 2019, at 02:42, Joseph Salowey <joe@salowey.net<mailto:joe@salowey.net>> wrote:

There is a TLS working group draft on importing external PSKs for use with TLS - https://tools.ietf.org/html/draft-ietf-tls-external-psk-importer-01.  This draft can mitigate some of the issues with using external PSKs.

My suggesting is to leave the draft as is and deal with external PSKs as an update to EAP-TLS 1.3 or as a separate method.


Before we nail this down, it seems like we need to have a discussion about how best to onboard wired IoT devices in particular from an on-prem view.  The issue here is that EAP-TLS-PSK is useful for that purpose, as we discussed.  Now there is nothing particularly special about PSK and we could run with a naked public key pair as well in 1.3, but we have to choose something.  The fundamental question is what does a manufacturer stamp into the device and what is placed on a label.  We have a running example of DPP doing this for wireless with public key code, but that doesn’t get us to proper onboarding for wired – the signaling just isn’t there.

Also, maybe it’s me, but I remain uncomfortable about this group constraining TLS 1.3.

Eliot



Is the current published version up to date with the rest of the comments?

Thanks,

Joe

On Fri, Sep 20, 2019 at 3:42 AM John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org<mailto:40ericsson.com@dmarc.ietf.org>> wrote:
Hi Alan,

I added references to RFC 8446 Section 8.1, and 8.2, and 4.2.11. Agree that they are good to point out.

I am not sure about the other suggestions, I am hesitant to discuss anything detailed about TLS 1.3 that does not have a specific connection to EAP-TLS or are useful for users of EAP-TLS. My feeling is that adding some extension, but not other would be even more confusing. The diagrams are there to show the message flows, which have a strong connection to the EAP state machine. For other details I think implementors have to read RFC 8466.

/John

-----Original Message-----
From: Alan DeKok <aland@deployingradius.com<mailto:aland@deployingradius.com>>
Date: Wednesday, 18 September 2019 at 15:21
To: "draft-ietf-emu-eap-tls13@ietf.org<mailto:draft-ietf-emu-eap-tls13@ietf.org>" <draft-ietf-emu-eap-tls13@ietf.org<mailto:draft-ietf-emu-eap-tls13@ietf.org>>, EMU WG <emu@ietf.org<mailto:emu@ietf.org>>
Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13
Resent from: <alias-bounces@ietf.org<mailto:alias-bounces@ietf.org>>
Resent to: John Mattsson <john.mattsson@ericsson.com<mailto:john.mattsson@ericsson.com>>, <mohit@piuha.net<mailto:mohit@piuha.net>>
Resent date: Wednesday, 18 September 2019 at 15:21

      Just re-reading the text on PSK, I noticed a few things.  The text in Section 2.1.2 talks about PSK, the session ticket, and a "key_share" extension.   The accompanying diagram doesn't include any of those.  I suggest updating the diagram to include them.

      As a related note, if the PSK *is* in the resumption cache, but the key is wrong, the cache entry should not be discarded.  Otherwise an attacker can disable caching for *all* users.  This issue could be clearer in this document.

      Perhaps it would be useful to add a short note in Section 5 about security of resumption.  It should reference RFC 8446 Section 8.1, and 8.2, which discuss this issue.  Also, Section 4.2.11 of that document has an "Implementor's note:" which is important.

      Alan DeKok.



_______________________________________________
Emu mailing list
Emu@ietf.org<mailto:Emu@ietf.org>
https://www.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org<mailto:Emu@ietf.org>
https://www.ietf.org/mailman/listinfo/emu






_______________________________________________
Emu mailing list
Emu@ietf.org<mailto:Emu@ietf.org>
https://www.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email