IETF Logo Mail Archive

Re: [Emu] EAP-AKA' and Re: WG adoption call for draft-arkko-eap-aka-pfs

Jari Arkko <jari.arkko@piuha.net> Wed, 03 April 2019 15:47 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C50E120148 for <emu@ietfa.amsl.com>; Wed, 3 Apr 2019 08:47:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WJOo1r939eXG for <emu@ietfa.amsl.com>; Wed, 3 Apr 2019 08:47:03 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by ietfa.amsl.com (Postfix) with ESMTP id D7FCB12010F for <emu@ietf.org>; Wed, 3 Apr 2019 08:46:59 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 0024166013A; Wed, 3 Apr 2019 18:46:56 +0300 (EEST)
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hLg6UVvV3zRm; Wed, 3 Apr 2019 18:46:53 +0300 (EEST)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2001:14b8:1829::130]) by p130.piuha.net (Postfix) with ESMTPS id D1BC0660118; Wed, 3 Apr 2019 18:46:53 +0300 (EEST)
From: Jari Arkko <jari.arkko@piuha.net>
Message-Id: <A956E871-00DD-4FD7-A6EB-7E350BA19070@piuha.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6DD0220E-964C-4764-9657-43834C17C6AB"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Wed, 03 Apr 2019 18:46:53 +0300
In-Reply-To: <20357.1553893062@dooku.sandelman.ca>
Cc: emu@ietf.org
To: Michael Richardson <mcr+ietf@sandelman.ca>
References: <CAOgPGoBGZWbyHYybnMUbKG77Mei3yBOS1HyS4Uso1HKgxq1VNg@mail.gmail.com> <20357.1553893062@dooku.sandelman.ca>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/YT68Ny9B2Xso6tMVM78JPjnMInc>
Subject: Re: [Emu] EAP-AKA' and Re: WG adoption call for draft-arkko-eap-aka-pfs
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2019 15:47:10 -0000

Michael,

Thanks for your comments.

A couple of responses: with regards to deployment, there’s some amount of EAP SIM/AKA deployment, but until now it hasn’t been for the primary mobile network access. It was only used for Wireless LANs when you have a SIM card. Nevertheless, both protocols are very widely implemented and very likely available on your phone. Future usage is a guess, of course. 5G has two mandatory-to-implement authentication approaches for mobile networks: the traditional, native AKA and EAP (which defaults to EAP-AKA’). That is a much bigger potential for usage. An optimistic future is where the use of EAP in this context grows, and we use it to evolve the authentication so that improvements can be more easily and frequently added. A less optimistic future is one where we don’t really change the protocols to defend against new attacks, e.g., pervasive monitoring. I don’t know which future will actually happen but I’m willing to work towards the better one :-)

With regards to IMSI catchers, John already responded.

And about the difficult-to-read sentences… I can work on that. Thanks for the feedback.

With regards to the AT_KDF text that you quoted, that’s not new, it was part of RFC 5448, but can surely be improved. But the basic idea is that if the server proposes KDFs A, B, and C, then if A is acceptable to the peer, it will just do it. If A wants something else then it needs to propose it by responding to the server by sending the AT_KDF attribute back. If it sends A then obviously something is wrong, that should not happen and the server will refuse to do that. The peer needs to send either B or C, and then the server will use the chosen one in the next round of messages.

With regards to new versions and putting things in one or multiple documents, my opinion is that 5448 clarifications deserve to be done separately from significant new functionality such as the PFS. If we do complete the PFS work and the IETF feels like stating it is required to implement, we can state that at that time. But, I think now is too early.

With regards to AT_BIDDING, it is on purpose there only to prevent bidding down from EAP-AKA’ to EAP-AKA. And again unchanged from RFC 5448 (the diffs are here btw: http://www.arkko.com/ietf/eap/draft-ietf-emu-rfc5448bis-from-rfc5448.diff.html <http://www.arkko.com/ietf/eap/draft-ietf-emu-rfc5448bis-from-rfc5448.diff.html>). It is true that one could (probably) design a more general facility to protect against bidding down attacks in EAP more generally. Again, that feels like a separate and fairly significant piece of work. The specific EAP-AKA/EAP-AKA’ case solves an important subclass of the general problem, though, and has been around for a long time.

Jari

v2.23.0 | Report a Bug | By Email