Re: [Emu] review of draft-ietf-emu-eaptunnel-req-04
"Hoeper Katrin-QWKN37" <khoeper@motorola.com> Tue, 02 March 2010 15:04 UTC
Return-Path: <khoeper@motorola.com>
X-Original-To: emu@core3.amsl.com
Delivered-To: emu@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 10D1C28C0F0 for <emu@core3.amsl.com>; Tue, 2 Mar 2010 07:04:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y4EBFDN-YcVM for <emu@core3.amsl.com>; Tue, 2 Mar 2010 07:04:11 -0800 (PST)
Received: from mail55.messagelabs.com (mail55.messagelabs.com [216.82.241.163]) by core3.amsl.com (Postfix) with ESMTP id 3A1D53A86D7 for <emu@ietf.org>; Tue, 2 Mar 2010 07:04:11 -0800 (PST)
X-VirusChecked: Checked
X-Env-Sender: khoeper@motorola.com
X-Msg-Ref: server-5.tower-55.messagelabs.com!1267542250!35543084!1
X-StarScan-Version: 6.2.4; banners=-,-,-
X-Originating-IP: [129.188.136.8]
Received: (qmail 18613 invoked from network); 2 Mar 2010 15:04:10 -0000
Received: from motgate8.mot.com (HELO motgate8.mot.com) (129.188.136.8) by server-5.tower-55.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 2 Mar 2010 15:04:10 -0000
Received: from il06exr04.mot.com (il06exr04.mot.com [129.188.137.134]) by motgate8.mot.com (8.14.3/8.14.3) with ESMTP id o22F4AZa016218 for <emu@ietf.org>; Tue, 2 Mar 2010 08:04:10 -0700 (MST)
Received: from il06vts03.mot.com (il06vts03.mot.com [129.188.137.143]) by il06exr04.mot.com (8.13.1/Vontu) with SMTP id o22F49bE026554 for <emu@ietf.org>; Tue, 2 Mar 2010 09:04:09 -0600 (CST)
Received: from de01exm68.ds.mot.com (de01exm68.am.mot.com [10.176.8.24]) by il06exr04.mot.com (8.13.1/8.13.0) with ESMTP id o22F49FM026549 for <emu@ietf.org>; Tue, 2 Mar 2010 09:04:09 -0600 (CST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 02 Mar 2010 10:03:48 -0500
Message-ID: <3A241A6B234BE948B8B474D261FEBC2F07239D21@de01exm68.ds.mot.com>
In-Reply-To: <AC1CFD94F59A264488DC2BEC3E890DE509BD34A6@xmb-sjc-225.amer.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Emu] review of draft-ietf-emu-eaptunnel-req-04
Thread-Index: Acpx/5pl5f2PEsgBR5+f9MJTw+3UhhHkgJ9QACGms7A=
References: <70e5fb878f73a83d4ba7702e4dc46132.squirrel@www.trepanning.net> <AC1CFD94F59A264488DC2BEC3E890DE509BD34A6@xmb-sjc-225.amer.cisco.com>
From: Hoeper Katrin-QWKN37 <khoeper@motorola.com>
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>, Dan Harkins <dharkins@lounge.org>, emu@ietf.org
X-CFilter-Loop: Reflected
Subject: Re: [Emu] review of draft-ietf-emu-eaptunnel-req-04
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2010 15:04:13 -0000
Dan, The current text allows server-side only authentication for the tunnel, i.e. the peer can remain anonymous during that phase and only transmit its credential inside the tunnel. This enables peer privacy. I think what you are talking about is mutually anonymous tunnels, i.e. both peer and server remain anonymous during the tunnel establishment. These types of tunnels are prone to man-in-the-middle attacks in which the privacy of both tunnel endpoints is compromised. I don't see any value of those anonymous tunnels. In fact they are not secure. I strongly oppose to allowing these tunnels and believe that the current text about this topic should be kept as is. Best regards, Katrin PS: Details on the mentioned MitM attacks are in http://portal.acm.org/citation.cfm?id=1577285 > -----Original Message----- > From: emu-bounces@ietf.org [mailto:emu-bounces@ietf.org] On Behalf Of > Joseph Salowey (jsalowey) > Sent: Monday, March 01, 2010 11:53 PM > To: Dan Harkins; emu@ietf.org > Subject: Re: [Emu] review of draft-ietf-emu-eaptunnel-req-04 > > Thanks Dan, > > I haven't seen any responses on the list yet so I provided some inline > below. > > > -----Original Message----- > > From: emu-bounces@ietf.org [mailto:emu-bounces@ietf.org] On Behalf Of > Dan > > Harkins > > Sent: Monday, November 30, 2009 12:57 PM > > To: emu@ietf.org > > Subject: [Emu] review of draft-ietf-emu-eaptunnel-req-04 > > > > > > Hello, > > > > I made some of these comments at the mic in Hiroshima but was > > asked to submit them to the list. > > > > - I get the feeling that this document is being written to > > ensure some end-game and not simply as a protocol requirements > > document. > > > > I mentioned that it would be nice if the tunneled method > > described a way to establish an EAP-TLS -style connection, > > either anonymous or server-side-auth-only, and then allow > > for subsequent authentication using another EAP method (or > > using specific TLVs for some password authentication) or > > EAP methods chained together by the tunnel. Pasi said that > > is the intention but it sure doesn't seem that way. > > > [Joe] Currently the scope of the work does not include anonymous > authentication. I think this could be follow-on work to the tunnel > method. I don't think the current document should prohibit anonymous > cipher suites from being used in follow-on specifications. See the > response to 4.2.1.1.3 for some suggested text. > > > - section 3.4 states that the tunnel method MUST ensure "that > > peer identity is not disclosed to the authenticator and any > > other intermediaries before the server that terminates the > > tunnel method." > > > > EAP is supposed to be a 2 party protocol that, for optimization, > > can have functionality split between a pass-thru authenticator > > and a EAP method-terminating server. But it seems wrong to > > put forth the optimization as if it's a requirement for the > > tunnel method. > > > > Please change this to something like "the identity of the peer > > used for authentication purposes MUST NOT be obtainable by any > > entity other than the EAP server terminating the tunnel method." > > > [Joe] OK > > > - 3.6 seems somewhat pointless. "The tunnel method SHOULD support > > carrying of NEA protocols" and "these protocols may be required > > to be carried in an EAP method." > > > > Since the tunneled EAP method can tunnel EAP methods then this > > "requirement" should just naturally flow out of another > requirement. > > Please remove section 3.6. > > > [Joe] While, it is true that carrying NEA protocols should be met by > either the extensibility or carrying EAP method requirements, I believe > that NEA use case is pertinent to the tunnel method work and should be > mentioned somewhere in the document. What is the harm in mentioning it > here? > > > - 3.7 describes "credentials [that] may only partially authenticate > > the identity of the peer". > > > > Huh? What kind of credentials are these? Please describe these > > credentials. > > > [Joe] OK > > > Additionally, "the tunnel may be used to communicate additional > > data". > > > > This is so vague as to be meaningless. A nonce could satisfy > > this "requirement", and so could 8 bits of RESERVED-- set to zero > > before transmitting and ignored upon receipt-- for that matter. > > Please remove this. > > > [Joe] Removed > > > - 3.8 mentions a use of "extensibility is support for authentication > > frameworks other than EAP." > > > > That seems like a huge stretch of the work we are chartered to do. > > I suggest that line be removed. > > > [Joe] Alan had a similar comment that this text is confusing. The > suggest text is: > " Another use for extensibility is support for alternate authentication > frameworks within the tunnel." > > > > > - 4.1.2 is inappropriate. It is not the purpose of a document > describing > > the requirements for a protocol to direct the working group how to > > evaluate potential protocols against those requirements. > > > > When I brought this up in Hiroshima a response was (I paraphrase), > > "that the working group had consensus to use existing work and so > > this is just a restatement of that consensus." Which raises > another > > interesting point without addressing my comment. That other point > is > > that if there is working group consensus then it is not necessary > to > > have section 4.1.2 then. The fact that 4.1.2 is in the document > leads > > one to believe that perhaps there is a fear that such support > might > > have evaporated. > > > > The working group does not need to be constrained in its decision- > > making process. The process is defined and understood and it is > > inappropriate for a _protocol requirements document_ to say, "hey > > remember way back when a sample of active participants seemed to > > agree on a vague concept, well now you SHOULD select one of the > two > > candidates here." > > > > Please remove 4.1.2. > > > [Joe] Needs more discussion. > > > - 4.2.1.1.1 if TLS is required and "[a]ll versions of TLS meet > > [cipher suite negotiation] requirements" then what's the point of > > this section? > > > > Please remove section 4.2.1.1.1. > > > [Joe] I think the comment is still relevant, suggested text: > " TLS provides protected cipher suite negotiation as long as all the > cipher suites supported provide strong authentication, key establishment > and data integrity protection." > > > - 4.2.1.1.3 begins saying "A tunnel method MUST provide > unidirectional > > authentication from authentication server to EAP peer and mutual > > authentication between authentication server and EAP peer." > > > > This is a nonsense statement. Either it's unidirectional or it's > > mutual, it can't be both. > > > > Additionally, it says "mandatory to implement cipher suites MUST > NOT > > include...mutually anonymous authentication...." > > > > Seeing as how this subsection is under 4.2.1 and 4.2.1.1.1 > describes > > these as TLS cipher suites then I really think this should be > changed. > > An anonymous TLS cipher suite negotiated by the EAP tunnel method > > will be extremely valuable when combined with something like > EAP-pwd > > as the inner method. That would provide a way to securely satisfy > the > > credential provisioning requirement (which is a MUST by the way). > > > > Please restate the requirement to say something along the lines of > > "if an anonymous TLS ciphersuite is used by the outer tunnel then > an > > inner method providing mutual authentication MUST be used." > > > [Joe] I agree that anonymous cipher suites might be useful in the > context you describe. I do not that this is the main purpose of the > tunnel method work. I think this would be done in a separate document > building on top of the tunnel method. I can see how the existing text > might be a bit problematic, but your suggested text makes me a bit > nervous because it may require more consideration. How about something > along the lines of: > > "Other specifications may define uses of the tunnel method the build on > anonymous cipher suites. These specifications must take care to address > the security issues inherent in anonymous cipher suites. " > > > - 4.2.1.2 requires replay protection and then goes on to say that > TLS > > (which is required by 4.2.1) satisfies this requirement. > > > > Please remove 4.2.1.2 since it does not add a new requirement. > > > [Joe] Suggested Text: > " TLS provides sufficient replay protection to meet this requirements as > long as strong cipher suites are used." > > > regards, > > > > Dan. > > > > > > > > > > _______________________________________________ > > Emu mailing list > > Emu@ietf.org > > https://www.ietf.org/mailman/listinfo/emu > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu
- [Emu] review of draft-ietf-emu-eaptunnel-req-04 Dan Harkins
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Joseph Salowey (jsalowey)
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Hoeper Katrin-QWKN37
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Dan Harkins
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Hoeper Katrin-QWKN37
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Dan Harkins
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Hoeper Katrin-QWKN37
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Dan Harkins
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Hoeper Katrin-QWKN37
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Dan Harkins
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Hoeper Katrin-QWKN37
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Dan Harkins
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Hoeper Katrin-QWKN37
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Hoeper Katrin-QWKN37
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Dan Harkins
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Joseph Salowey (jsalowey)
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Yaron Sheffer
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Alan DeKok
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Yaron Sheffer
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Alan DeKok
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Joseph Salowey (jsalowey)
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Joseph Salowey (jsalowey)
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Yaron Sheffer
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Dan Harkins
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Joseph Salowey (jsalowey)
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Hoeper Katrin-QWKN37
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Dan Harkins
- Re: [Emu] review of draft-ietf-emu-eaptunnel-req-… Hoeper Katrin-QWKN37