IETF Logo Mail Archive

Re: [Emu] Review of draft-ietf-emu-eap-gpsk-08 (1st round of comments)

Charles Clancy <clancy@cs.umd.edu> Tue, 29 July 2008 16:28 UTC

Return-Path: <emu-bounces@ietf.org>
X-Original-To: emu-archive@megatron.ietf.org
Delivered-To: ietfarch-emu-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E767E3A684C; Tue, 29 Jul 2008 09:28:05 -0700 (PDT)
X-Original-To: emu@core3.amsl.com
Delivered-To: emu@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2A8703A681E for <emu@core3.amsl.com>; Tue, 29 Jul 2008 09:28:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_21=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BGpo0vIt20Sm for <emu@core3.amsl.com>; Tue, 29 Jul 2008 09:28:00 -0700 (PDT)
Received: from bacon.cs.umd.edu (server-nat-4.cs.umd.edu [128.8.127.147]) by core3.amsl.com (Postfix) with ESMTP id 1D62A3A67A3 for <emu@ietf.org>; Tue, 29 Jul 2008 09:27:59 -0700 (PDT)
Received: from [172.17.2.122] ([130.129.65.17]) (authenticated bits=0) by bacon.cs.umd.edu (8.13.1/8.14.1) with ESMTP id m6TGS16o007774 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 29 Jul 2008 12:28:03 -0400
Message-ID: <488F4512.7040706@cs.umd.edu>
Date: Tue, 29 Jul 2008 12:28:02 -0400
From: Charles Clancy <clancy@cs.umd.edu>
User-Agent: Thunderbird 2.0.0.14 (X11/20080505)
MIME-Version: 1.0
To: Pasi.Eronen@nokia.com
References: <47E95784.8060407@cs.umd.edu> <486501B9.1060601@cs.umd.edu> <1696498986EFEC4D9153717DA325CB720112AAB1@vaebe104.NOE.Nokia.com> <486F8C8E.5030207@gmx.net> <1696498986EFEC4D9153717DA325CB72012C1584@vaebe104.NOE.Nokia.com> <488F020D.9090801@umd.edu> <1696498986EFEC4D9153717DA325CB72013BAB71@vaebe104.NOE.Nokia.com>
In-Reply-To: <1696498986EFEC4D9153717DA325CB72013BAB71@vaebe104.NOE.Nokia.com>
X-CSD-MailScanner-Information: Please email staff@cs.umd.edu for more information
X-CSD-MailScanner: Found to be clean
X-CSD-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-50, required 5, autolearn=not spam, ALL_TRUSTED -50.00)
X-CSD-MailScanner-From: clancy@cs.umd.edu
Cc: emu@ietf.org
Subject: Re: [Emu] Review of draft-ietf-emu-eap-gpsk-08 (1st round of comments)
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: emu-bounces@ietf.org
Errors-To: emu-bounces@ietf.org

Pasi,

This state-minimization approach was proposed by the Stanford security 
review.  In earlier versions of the draft, CSuite_Sel and RAND_Server 
were not included in GPSK-3, and were not verified.  I'm not sure why 
the language you referenced below got updated after they were added to 
GPSK-3.

All -- Does anyone in the WG object to this change?

--
t. charles clancy, ph.d.                 eng.umd.edu/~tcc
electrical & computer engineering, university of maryland


Pasi.Eronen@nokia.com wrote:
> Charles,
> 
> Thanks for the update! There's one change I'm slightly worried 
> about:
> 
> Version -10:
>    For GPSK-3, a peer MUST silently discard messages where the
>    RAND_Peer, the RAND_Server, or the CSuite_Sel fields do match 
>    those transmitted in GPSK-2.
> 
> Version -11:
>    For GPSK-3, a peer MUST silently discard messages where the 
>    RAND_Peer field does match the value transmitted in GPSK-2. 
> 
> I guess the security analysis of GPSK was performed assuming
> the peer does check RAND_Server and CSuite_Sel? 
> 
> While I can't come up with any attack even if this check is
> omitted (e.g., RAND_Server and CSuite_Sel are still included 
> in MK derivation), is the whole WG comfortable with this change?
> (I didn't see any discussion about this topic yet.)
> 
> Best regards,
> Pasi
> 
>> -----Original Message-----
>> From: ext Charles Clancy [mailto:tcc@umd.edu] 
>> Sent: 29 July, 2008 14:42
>> To: Eronen Pasi (Nokia-NRC/Helsinki)
>> Cc: Hannes.Tschofenig@gmx.net; clancy@cs.umd.edu; emu@ietf.org
>> Subject: Re: Review of draft-ietf-emu-eap-gpsk-08 (1st round 
>> of comments)
>>
>> Pasi,
>>
>> I've submitted an update that addresses the ASCII text garbling, PL 
>> encoding, packet validation inconsistencies, and IANA policies.  All 
>> that remains is the key/MAC-length issue.
>>
>> --
>> t. charles clancy, ph.d.                 eng.umd.edu/~tcc
>> electrical & computer engineering, university of maryland
>>
>>
>> Pasi.Eronen@nokia.com wrote:
>>> Hannes Tschofenig wrote:
>>>
>>>>> As Dan Harkins already pointed out, NIST 800-38B does define CMAC 
>>>>> for 256-bit AES, with 256-bit key and 128-bit output.
>>>>>
>>>>> So hardcoding this assumption in EAP-GPSK seems to limit 
>> the future
>>>>> algorithm agility somewhat -- is the WG sure this is an acceptable
>>>>> limitation?
>>>>>
>>>>> (If this limitation is kept, I'd suggest mentioning in Section 2
>>>>> that "KS" is not only the key size, but also MAC output length.)
>>>> This seems to require a separate discussion on the list.
>>> Ok -- please let me know once you think the discussion has
>>> concluded.
>>>
>>>>> The text (Section 5) should probably say something about non-ASCII
>>>>> characters, especially since NAIs can contain them (and IETF
>>>>> policies usually require dealing with non-ASCII in strings handled
>>>>> by ordinary users -- RFC4306/4279 are probably mostly for admins).
>>>>>
>>>>> Maybe "SHOULD support non-ASCII", with pointer to detailed 
>>>>> instructions in Section 2.4 of RFC 4282?
>>>> Fixed.
>>> It seems this update got garbled somehow -- at least I have some
>>> difficulties in parsing the new text:
>>>
>>>    Thus the management interface SHOULD support non-ASCII to allow
>>>    entering values for the ID_Peer and ID_Server as ASCII strings up
>>>    to 254 octets in length.
>>>
>>>>> S4, how is PL encoded when input to KDF? (1 octet, 2 octets?)
>>>>    
>>>> 2 octets.
>>> The text in Section 4 should say so.
>>>
>>>>> S12.9: the text about minimal state (only RAND_Peer) seems
>>>>> inconsistent with S10, which requires discarding GPSK-3 if the
>>>>> RAND_Server and CSuite_Sel fields are not the same as in GPSK-2.  
>>>>> To make that comparison, it seems you need to store the 
>> values after
>>>>> sending GPSK-2?
>>>>   
>>>> I added text on this issue. I am not fully sure whether it resolves
>>>> the aspect entirely though.
>>> Not really -- the text in Section 12.9 seems to say that doing
>>> the comparison (of RAND_Server and CSuite_Sel) can be omitted,
>>> but it's a MUST in Section 10. These two sections need to be
>>> consistent.
>>>  
>>>>> >From idnits: 
>>>>> Obsolete normative reference: RFC 2434 (Obsoleted by RFC 5226)
>>>> Ok.
>>> The names of the pre-defined IANA policies were also 
>> slightly changed,
>>> so Section 13 needs some small updates.
>>>
>>> Best regards,
>>> Pasi
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email