Re: [Emu] Review of draft-ietf-emu-eap-gpsk-08 (1st round of comments)
Charles Clancy <clancy@cs.umd.edu> Tue, 29 July 2008 16:28 UTC
Return-Path: <emu-bounces@ietf.org>
X-Original-To: emu-archive@megatron.ietf.org
Delivered-To: ietfarch-emu-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E767E3A684C; Tue, 29 Jul 2008 09:28:05 -0700 (PDT)
X-Original-To: emu@core3.amsl.com
Delivered-To: emu@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2A8703A681E for <emu@core3.amsl.com>; Tue, 29 Jul 2008 09:28:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_21=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BGpo0vIt20Sm for <emu@core3.amsl.com>; Tue, 29 Jul 2008 09:28:00 -0700 (PDT)
Received: from bacon.cs.umd.edu (server-nat-4.cs.umd.edu [128.8.127.147]) by core3.amsl.com (Postfix) with ESMTP id 1D62A3A67A3 for <emu@ietf.org>; Tue, 29 Jul 2008 09:27:59 -0700 (PDT)
Received: from [172.17.2.122] ([130.129.65.17]) (authenticated bits=0) by bacon.cs.umd.edu (8.13.1/8.14.1) with ESMTP id m6TGS16o007774 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 29 Jul 2008 12:28:03 -0400
Message-ID: <488F4512.7040706@cs.umd.edu>
Date: Tue, 29 Jul 2008 12:28:02 -0400
From: Charles Clancy <clancy@cs.umd.edu>
User-Agent: Thunderbird 2.0.0.14 (X11/20080505)
MIME-Version: 1.0
To: Pasi.Eronen@nokia.com
References: <47E95784.8060407@cs.umd.edu> <486501B9.1060601@cs.umd.edu> <1696498986EFEC4D9153717DA325CB720112AAB1@vaebe104.NOE.Nokia.com> <486F8C8E.5030207@gmx.net> <1696498986EFEC4D9153717DA325CB72012C1584@vaebe104.NOE.Nokia.com> <488F020D.9090801@umd.edu> <1696498986EFEC4D9153717DA325CB72013BAB71@vaebe104.NOE.Nokia.com>
In-Reply-To: <1696498986EFEC4D9153717DA325CB72013BAB71@vaebe104.NOE.Nokia.com>
X-CSD-MailScanner-Information: Please email staff@cs.umd.edu for more information
X-CSD-MailScanner: Found to be clean
X-CSD-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-50, required 5, autolearn=not spam, ALL_TRUSTED -50.00)
X-CSD-MailScanner-From: clancy@cs.umd.edu
Cc: emu@ietf.org
Subject: Re: [Emu] Review of draft-ietf-emu-eap-gpsk-08 (1st round of comments)
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: emu-bounces@ietf.org
Errors-To: emu-bounces@ietf.org
Pasi, This state-minimization approach was proposed by the Stanford security review. In earlier versions of the draft, CSuite_Sel and RAND_Server were not included in GPSK-3, and were not verified. I'm not sure why the language you referenced below got updated after they were added to GPSK-3. All -- Does anyone in the WG object to this change? -- t. charles clancy, ph.d. eng.umd.edu/~tcc electrical & computer engineering, university of maryland Pasi.Eronen@nokia.com wrote: > Charles, > > Thanks for the update! There's one change I'm slightly worried > about: > > Version -10: > For GPSK-3, a peer MUST silently discard messages where the > RAND_Peer, the RAND_Server, or the CSuite_Sel fields do match > those transmitted in GPSK-2. > > Version -11: > For GPSK-3, a peer MUST silently discard messages where the > RAND_Peer field does match the value transmitted in GPSK-2. > > I guess the security analysis of GPSK was performed assuming > the peer does check RAND_Server and CSuite_Sel? > > While I can't come up with any attack even if this check is > omitted (e.g., RAND_Server and CSuite_Sel are still included > in MK derivation), is the whole WG comfortable with this change? > (I didn't see any discussion about this topic yet.) > > Best regards, > Pasi > >> -----Original Message----- >> From: ext Charles Clancy [mailto:tcc@umd.edu] >> Sent: 29 July, 2008 14:42 >> To: Eronen Pasi (Nokia-NRC/Helsinki) >> Cc: Hannes.Tschofenig@gmx.net; clancy@cs.umd.edu; emu@ietf.org >> Subject: Re: Review of draft-ietf-emu-eap-gpsk-08 (1st round >> of comments) >> >> Pasi, >> >> I've submitted an update that addresses the ASCII text garbling, PL >> encoding, packet validation inconsistencies, and IANA policies. All >> that remains is the key/MAC-length issue. >> >> -- >> t. charles clancy, ph.d. eng.umd.edu/~tcc >> electrical & computer engineering, university of maryland >> >> >> Pasi.Eronen@nokia.com wrote: >>> Hannes Tschofenig wrote: >>> >>>>> As Dan Harkins already pointed out, NIST 800-38B does define CMAC >>>>> for 256-bit AES, with 256-bit key and 128-bit output. >>>>> >>>>> So hardcoding this assumption in EAP-GPSK seems to limit >> the future >>>>> algorithm agility somewhat -- is the WG sure this is an acceptable >>>>> limitation? >>>>> >>>>> (If this limitation is kept, I'd suggest mentioning in Section 2 >>>>> that "KS" is not only the key size, but also MAC output length.) >>>> This seems to require a separate discussion on the list. >>> Ok -- please let me know once you think the discussion has >>> concluded. >>> >>>>> The text (Section 5) should probably say something about non-ASCII >>>>> characters, especially since NAIs can contain them (and IETF >>>>> policies usually require dealing with non-ASCII in strings handled >>>>> by ordinary users -- RFC4306/4279 are probably mostly for admins). >>>>> >>>>> Maybe "SHOULD support non-ASCII", with pointer to detailed >>>>> instructions in Section 2.4 of RFC 4282? >>>> Fixed. >>> It seems this update got garbled somehow -- at least I have some >>> difficulties in parsing the new text: >>> >>> Thus the management interface SHOULD support non-ASCII to allow >>> entering values for the ID_Peer and ID_Server as ASCII strings up >>> to 254 octets in length. >>> >>>>> S4, how is PL encoded when input to KDF? (1 octet, 2 octets?) >>>> >>>> 2 octets. >>> The text in Section 4 should say so. >>> >>>>> S12.9: the text about minimal state (only RAND_Peer) seems >>>>> inconsistent with S10, which requires discarding GPSK-3 if the >>>>> RAND_Server and CSuite_Sel fields are not the same as in GPSK-2. >>>>> To make that comparison, it seems you need to store the >> values after >>>>> sending GPSK-2? >>>> >>>> I added text on this issue. I am not fully sure whether it resolves >>>> the aspect entirely though. >>> Not really -- the text in Section 12.9 seems to say that doing >>> the comparison (of RAND_Server and CSuite_Sel) can be omitted, >>> but it's a MUST in Section 10. These two sections need to be >>> consistent. >>> >>>>> >From idnits: >>>>> Obsolete normative reference: RFC 2434 (Obsoleted by RFC 5226) >>>> Ok. >>> The names of the pre-defined IANA policies were also >> slightly changed, >>> so Section 13 needs some small updates. >>> >>> Best regards, >>> Pasi _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
- Re: [Emu] Review of draft-ietf-emu-eap-gpsk-08 (1… Charles Clancy
- Re: [Emu] Review of draft-ietf-emu-eap-gpsk-08 (1… Dan Harkins
- Re: [Emu] Review of draft-ietf-emu-eap-gpsk-08 (1… Pasi.Eronen
- Re: [Emu] Review of draft-ietf-emu-eap-gpsk-08 (1… Hannes Tschofenig
- Re: [Emu] Review of draft-ietf-emu-eap-gpsk-08 (1… Pasi.Eronen
- Re: [Emu] Review of draft-ietf-emu-eap-gpsk-08 (1… Pasi.Eronen
- Re: [Emu] Review of draft-ietf-emu-eap-gpsk-08 (1… Charles Clancy
- Re: [Emu] Review of draft-ietf-emu-eap-gpsk-08 (1… Jouni Malinen
- Re: [Emu] Review of draft-ietf-emu-eap-gpsk-08 (1… Joseph Salowey (jsalowey)
- Re: [Emu] Review of draft-ietf-emu-eap-gpsk-08 (1… Jouni Malinen