Re: [Emu] review of draft-ietf-emu-eaptunnel-req-04

["Dan Harkins" <dharkins@lounge.org>]

  Hi Katrin,

On Wed, March 3, 2010 12:31 pm, Hoeper Katrin-QWKN37 wrote:
> Dan,
>
> OK, I understand that the tunnel provides all these other feats.
>
> But why can't the server authenticate during the tunnel protocol? I
> still don't understand the use case for mutually anonymous tunnels.

  Because it doesn't have the right credential.

> If the server has a certificate why can't it send it to the peer before
> or during the tunnel establishment?

  If the server has a certificate then sending it to the peer
would not really solve any problem. The peer would still need to
have a reason to trust it and we're back to the problem of putting
a trusted certificate in some certificate store. A global PKI to
solve all of our certificate issues still has not materialized.

> If the peer and server share a secret, than this could be used to
> establish the tunnel.

  If the peer and server share a secret they could use one of the PSK
ciphersuites for TLS but those are susceptible to a dictionary attack
and are therefore inappropriate.

  The tunnel is being established with EAP-TLS so we are limited to
TLS ciphersuites and the authentication they provide. If a TLS ciphersuite
was appropriate always and everywhere then we would not need any other
EAP methods, we'd just do EAP-TLS. But that is not the case. Also it is
a requirement to tunnel additional EAP methods inside the tunnel so
obviously there are EAP methods that provide something that a TLS
ciphersuite does not.

> What I am saying is what kind of server authentication credentials could
> be used inside an anonymous tunnel that could not be used to
> authenticate the server in the tunnel protocol? (given that privacy is
> not the issue)

  A low-entropy password that can easily be remembered and entered by a
human with low probability of error.

  Dan.