Re: [Emu] EAP-TLS 1.3 Section 2.2 text
Oleg Pekar <oleg.pekar.2017@gmail.com> Wed, 19 May 2021 12:37 UTC
Return-Path: <oleg.pekar.2017@gmail.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DE033A0BFF for <emu@ietfa.amsl.com>; Wed, 19 May 2021 05:37:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level:
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lE_i3s3gUcQj for <emu@ietfa.amsl.com>; Wed, 19 May 2021 05:37:52 -0700 (PDT)
Received: from mail-il1-x12b.google.com (mail-il1-x12b.google.com [IPv6:2607:f8b0:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 450653A09DF for <emu@ietf.org>; Wed, 19 May 2021 05:37:52 -0700 (PDT)
Received: by mail-il1-x12b.google.com with SMTP id l15so444196ilh.1 for <emu@ietf.org>; Wed, 19 May 2021 05:37:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=nBQYWJ0FoxhJA2gYbb3jn33YE7AIftJBsgs/RoMmF2k=; b=Buzn9fF1rms49IY4+YbY5OJmMnAvXcuGRbe3NyyB9i38Jg4TN8WBNTUJbzYjjFgavf iXAaUUC1Ho6AknOMS3D0kRIGYkK8jffJB1XJaZMoy6wzamSMuWy/kan4h9X6UvofqBaD Kxq+nq6NI9e6SBgAjwn5aDs6EWUsWAJVUFQtDQnYiKEgfDPiNjxAzibI06KOTEO7OXty DDE7KsrJmawr7pimVsonAjDFdpr9AbvYXqw6Gnwv/1X0TLRZwfpJkAa6cnhxKK0kbzpN 3Yewp0OG3vXkniBOB0mdZf/HSqS3JFw2cReUqXHWxa5hAudlcuNqh6qGgMrnXfEuRTFC Dtyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=nBQYWJ0FoxhJA2gYbb3jn33YE7AIftJBsgs/RoMmF2k=; b=kRw2+rwYjZNNXzne/rOJaV8LQ226IgftTIDY1xcezxS/19RKxYp6SwrY5Jdez3TIbN 0HwayaNSZ3/Pg6MQuOpqzRqWm8xOCHPNrmNC3/OFnRUQHxRciuCPHCqmJmpj91sZ/owi p/Xu9GQ5knn10sd/hD/WEdJnzKBbuJ1MISz24+nGUR+/1rkxaez238DO+XQEIrQuqZ0Z olnaiqz8Wiqas7hqJabeJoqb+byCKx+kOZzNFGUmwH0dw0ymxk+B27wMkLzxvWn9rNJP Cp8nfYfvrB+nhc9svM7yEEi8ytVkVRc2t0gObhWMUeRGhHvrL3pZonIVVs3sATzVcoKb NsdA==
X-Gm-Message-State: AOAM531bvT+ZCPxsyDLZCUfraQgH0vwkV/CsM/jYiOcPzvmmyziJucNO Hq9KVEVgZ0MrjnWhIMyzPH1Hy1OZPv3Kz2aWd8U=
X-Google-Smtp-Source: ABdhPJzOJTOhjpdIwBETIF1tv9d2RcFnl/FfoBnxdWSB6EIPY1vHj2DJrBKe3N7pqKqj4LCmD+mGCuH8x3Om2TTp7jM=
X-Received: by 2002:a92:cd85:: with SMTP id r5mr10500562ilb.294.1621427870886; Wed, 19 May 2021 05:37:50 -0700 (PDT)
MIME-Version: 1.0
References: <CAOgPGoBDcbDxGB3_Qy_xXymhnxrfMaOPNP545eMh8XLvU6OX+A@mail.gmail.com> <92D9824F-82C2-440F-807F-7B4799DCF1B6@deployingradius.com> <CAOgPGoAd3CcaqPYd0aYXBDtCmv32T8hpGH+6ysEn7Pi9M+FSiw@mail.gmail.com> <4698EFD4-83B5-4B77-93E8-0E12FE8BC2DD@vigilsec.com> <CABXxEz-Jzfd4_8=bx8DquchkQVj8Hf07m0U8tYWO9-rFtBjqBw@mail.gmail.com>
In-Reply-To: <CABXxEz-Jzfd4_8=bx8DquchkQVj8Hf07m0U8tYWO9-rFtBjqBw@mail.gmail.com>
From: Oleg Pekar <oleg.pekar.2017@gmail.com>
Date: Wed, 19 May 2021 15:37:39 +0300
Message-ID: <CABXxEz9th6-JOgHKqEC5W7XQoi3NKUN3_8F3O_14k6nAdwmgRQ@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>, EMU WG <emu@ietf.org>, Joe Salowey <joe@salowey.net>
Cc: stpeter@mozilla.com
Content-Type: multipart/alternative; boundary="00000000000045f0ba05c2ae18ba"
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/pO73yfIAMUOGX_P6BFmgb86dpxw>
Subject: Re: [Emu] EAP-TLS 1.3 Section 2.2 text
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 May 2021 12:37:58 -0000
+Peter After thinking a bit more about it - for the sake of the client implementation clarity, would it be better if we provide the strict algorithm for server identity check or maybe reference RFC 6125. On Mon, May 17, 2021 at 11:58 PM Oleg Pekar <oleg.pekar.2017@gmail.com> wrote: > To section: 2.2. Identity Verification > > 1) > If server name matching is not used, then peers may end up trusting > servers for EAP authentication that are not intended to be EAP > servers for the network. > > -- comment: > What is meant by "EAP server for the network"? > > 2) > EAP peer implementations SHOULD allow users to configuring a unique trust > root (CA certificate) > > -- comment: > Should say "a unique trusted root" in conformance with the other > occurrence. > > 3) > To facilitate SAN matching, EAP Server > certificates can include the same name in the list of SANs for each > certificate that represents the EAP-TLS servers. > > -- comment: > Could you please clarify the idea of adding the same name to SAN of > multiple certificates, since some EAP-TLS server certificates are just > generic certificates and their SAN DNS and IP fields may contain the unique > value per server instance. > > Regards, > Oleg > > On Mon, May 17, 2021 at 7:06 PM Russ Housley <housley@vigilsec.com> wrote: > >> Nit: RFC 5280 (see Section 4.2.1.6) talks about the subject alternative >> name extension, which as an ASN.1 definition for SubjectAltName. So, >> please do not refer to subjectAlternativeName. >> >> Russ >> >> >> On May 15, 2021, at 8:21 PM, Joseph Salowey <joe@salowey.net> wrote: >> >> I proposed a PR#72 >> <https://github.com/emu-wg/draft-ietf-emu-eap-tls13/pull/72> based on >> this suggestion. The resulting text for the section is below. Please >> review to see if it is OK. >> >> Thanks, >> >> Joe >> >> 2.2. Identity Verification >> >> This section updates Section 2.2 of [RFC5216]. >> >> The EAP peer identity provided in the EAP-Response/Identity is not >> authenticated by EAP-TLS. Unauthenticated information SHALL NOT be >> used for accounting purposes or to give authorization. The >> authenticator and the EAP-TLS server MAY examine the identity >> presented in EAP-Response/Identity for purposes such as routing and >> EAP method selection. EAP-TLS servers MAY reject conversations if >> the identity does not match their policy. Note that this also >> applies to resumption, see Sections 2.1.3, 5.6, and 5.7. >> >> The EAP server identity in the TLS server certificate is typically a >> fully qualified domain name (FQDN). EAP peer implementations SHOULD >> allow users to configure a unique trust root (CA certificate) and a >> server name to authenticate the server certificate and match the >> subjectAlternativeName (SAN) extension in the server certificate with >> the configured server name. EAP-TLS deployments will often use more >> than one EAP server. In this case each EAP server may have a >> different certificate. To facilitate SAN matching, EAP Server >> certificates can include the same name in the list of SANs for each >> certificate that represents the EAP-TLS servers. EAP-TLS peers >> SHOULD allow for the configuration of multiple EAP server names since >> deployments may choose to use multiple EAP servers each with their >> own certificate. If server name matching is not used, then peers may >> end up trusting servers for EAP authentication that are not intended >> to be EAP servers for the network. If name matching is not used with >> a public root CA, then effectively any server can obtain a >> certificate which will be trusted for EAP authentication by the Peer. >> >> >> The process of configuring a root CA certificate and a server name is >> non-trivial and therefore automated methods of provisioning are >> RECOMMENDED. For example, the eduroam federation [RFC7593] provides >> a Configuration Assistant Tool (CAT) to automate the configuration >> process. In the absence of a trusted root CA certificate (user >> configured or system-wide), EAP peers MAY implement a trust on first >> use (TOFU) mechanism where the peer trusts and stores the server >> certificate during the first connection attempt. The EAP peer >> ensures that the server presents the same stored certificate on >> subsequent interactions. Use of a TOFU mechanism does not allow for >> the server certificate to change without out-of-band validation of >> the certificate and is therefore not suitable for many deployments >> including ones where multiple EAP servers are deployed for high >> availability. >> >> >> On Mon, May 10, 2021 at 5:11 AM Alan DeKok <aland@deployingradius.com> >> wrote: >> >>> On May 9, 2021, at 9:16 PM, Joseph Salowey <joe@salowey.net> wrote: >>> > [Joe] This is a good question. There are multiple ways this could be >>> addressed. All servers should have one of their list of SANs that matches >>> the name used for EAP servers. Another option is for supplicants to allow >>> for the configuration of multiple certificates or allow for a wild card >>> match. >>> >>> FWIW, wpa_supplicant has a list of allowed host names for SAN. I >>> don't think it allows wildcards. >>> >>> > How about this text addition: >>> > >>> > "EAP-TLS deployments will often use more than one EAP server. In this >>> case each EAP server may have a different certificate. To facilitate the >>> SAN matching, EAP Server certificates can include the same name in the list >>> of SANs for each certificate that represents the EAP-TLS servers. EAP-TLS >>> peers SHOULD allow for the configuration of multiple EAP server names since >>> deployments may choose to use multiple EAP servers each with their own >>> certificate." >>> >>> That's good. >>> >>> > [Joe] Is your comment about HA and the TOFU mechanism? I'm not really >>> sure how the TOFU mechanism is supposed to work and be secure. Perhaps we >>> should remove the TOFU mechanism text or state that it does not work well >>> in all HA configurations (where different servers use different >>> certificates) >>> >>> Perhaps just state that it does not work well in HA configurations. >>> >>> I don't think TOFU can be secure here. >>> >>> Alan DeKok. >>> >>> _______________________________________________ >> Emu mailing list >> Emu@ietf.org >> https://www.ietf.org/mailman/listinfo/emu >> >> >> _______________________________________________ >> Emu mailing list >> Emu@ietf.org >> https://www.ietf.org/mailman/listinfo/emu >> >
- [Emu] EAP-TLS 1.3 Section 2.2 text Joseph Salowey
- Re: [Emu] EAP-TLS 1.3 Section 2.2 text Alan DeKok
- Re: [Emu] EAP-TLS 1.3 Section 2.2 text Joseph Salowey
- Re: [Emu] EAP-TLS 1.3 Section 2.2 text Alan DeKok
- Re: [Emu] EAP-TLS 1.3 Section 2.2 text Eliot Lear
- Re: [Emu] EAP-TLS 1.3 Section 2.2 text Russ Housley
- Re: [Emu] EAP-TLS 1.3 Section 2.2 text Oleg Pekar
- Re: [Emu] EAP-TLS 1.3 Section 2.2 text Oleg Pekar
- Re: [Emu] EAP-TLS 1.3 Section 2.2 text Alan DeKok
- Re: [Emu] EAP-TLS 1.3 Section 2.2 text Joseph Salowey
- Re: [Emu] EAP-TLS 1.3 Section 2.2 text Joseph Salowey
- Re: [Emu] EAP-TLS 1.3 Section 2.2 text Alan DeKok
- Re: [Emu] EAP-TLS 1.3 Section 2.2 text Heikki Vatiainen
- Re: [Emu] EAP-TLS 1.3 Section 2.2 text Oleg Pekar
- Re: [Emu] EAP-TLS 1.3 Section 2.2 text John Mattsson