IETF Logo Mail Archive

Re: [Emu] Working Group Last Call for draft-ietf-emu-chbind-04.txt (part 2)

"Hoeper Katrin-QWKN37" <khoeper@motorola.com> Tue, 02 March 2010 17:01 UTC

Return-Path: <khoeper@motorola.com>
X-Original-To: emu@core3.amsl.com
Delivered-To: emu@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 735FA28C19A for <emu@core3.amsl.com>; Tue, 2 Mar 2010 09:01:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id akuAEL5b+EMX for <emu@core3.amsl.com>; Tue, 2 Mar 2010 09:01:06 -0800 (PST)
Received: from mail55.messagelabs.com (mail55.messagelabs.com [216.82.241.163]) by core3.amsl.com (Postfix) with ESMTP id 2A8283A8B4B for <emu@ietf.org>; Tue, 2 Mar 2010 09:01:06 -0800 (PST)
X-VirusChecked: Checked
X-Env-Sender: khoeper@motorola.com
X-Msg-Ref: server-7.tower-55.messagelabs.com!1267549265!97713789!1
X-StarScan-Version: 6.2.4; banners=-,-,-
X-Originating-IP: [136.182.1.12]
Received: (qmail 4132 invoked from network); 2 Mar 2010 17:01:05 -0000
Received: from motgate2.mot.com (HELO motgate2.mot.com) (136.182.1.12) by server-7.tower-55.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 2 Mar 2010 17:01:05 -0000
Received: from il27exr04.cig.mot.com (il27exr04.mot.com [10.17.196.73]) by motgate2.mot.com (8.14.3/8.14.3) with ESMTP id o22H15EW001837 for <emu@ietf.org>; Tue, 2 Mar 2010 10:01:05 -0700 (MST)
Received: from il27vts03 (il27vts03.cig.mot.com [10.17.196.87]) by il27exr04.cig.mot.com (8.13.1/Vontu) with SMTP id o22H14qB001577 for <emu@ietf.org>; Tue, 2 Mar 2010 11:01:05 -0600 (CST)
Received: from de01exm68.ds.mot.com (de01exm68.am.mot.com [10.176.8.24]) by il27exr04.cig.mot.com (8.13.1/8.13.0) with ESMTP id o22H14oJ001572 for <emu@ietf.org>; Tue, 2 Mar 2010 11:01:04 -0600 (CST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CABA29.E30A597C"
Date: Tue, 02 Mar 2010 12:00:40 -0500
Message-ID: <3A241A6B234BE948B8B474D261FEBC2F07239E74@de01exm68.ds.mot.com>
In-Reply-To: <BLU137-W362C6445E0E62757B32EC1938F0@phx.gbl>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Emu] Working Group Last Call for draft-ietf-emu-chbind-04.txt (part 2)
Thread-Index: Acp3zXbzBIUh5tK4SfawXqfcfSwNiRCV6sAA
References: <BLU137-W362C6445E0E62757B32EC1938F0@phx.gbl>
From: Hoeper Katrin-QWKN37 <khoeper@motorola.com>
To: Bernard Aboba <bernard_aboba@hotmail.com>, emu@ietf.org
X-CFilter-Loop: Reflected
Subject: Re: [Emu] Working Group Last Call for draft-ietf-emu-chbind-04.txt (part 2)
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2010 17:01:17 -0000

Bernard, All

 

See my comments inline.

 

________________________________

From: emu-bounces@ietf.org [mailto:emu-bounces@ietf.org] On Behalf Of
Bernard Aboba
Sent: Tuesday, December 08, 2009 12:12 AM
To: emu@ietf.org
Subject: Re: [Emu] Working Group Last Call for
draft-ietf-emu-chbind-04.txt (part 2)

 

Section 5.1

   The local database is perhaps the most important part of this system.

   In order for the EAP server or AAA server to know whether i1 and i2

   are correct, they need access to trustworthy information, since an

   authenticator could include false information in both i1 and i2.

   Additional reasons why such a database is necessary for channel

   bindings to work are discussed in the next subsection.  The

   information contained within the database could involve wildcards.

   For example, this could be used to check whether WiFi access points

   on a particular IP subnet all use a specific SSID.  The exact IP

   address is immaterial, provided it is on the correct subnet.



[BA] Is it really true that the IP address of the NAS is always
immaterial?  For example, couldn't a 

NAS lie about its IP address in order to impersonate another NAS? 
[KH] No, this is an example for the use of wildcards, i.e. it doesn't
mean IP addresses of the NAS are always immaterial.




   During an EAP method execution with channel bindings, the goal is to

   transport i1 from the peer to the EAP server, and allow the system to

   verify the consistency of i1 provided by the peer, i2 provided by the

   authenticator, and the information in the local database.  Upon the

   check, the EAP server sends a message to the peer indicating whether

   the channel binding validation check succeeded or failed and

   optionally includes all or some of the information that was used in

   the check.  The message flow is illustrated in Figure 1.



[BA] Is it always necessary for the EAP server to provide information to
the peer 

about why the channel binding check succeeded or failed?  While this
info might be helpful for

debugging, it seems like there could be situations in which the AAA
server just returns an

Accept/Reject indication. 
[KH] No, it is not necessary; this is why the text reads "and optionally
includes all or some of the information that was used in the check."




   If the compliance of i1 or i2 information with the authoritative

   policy source is mandatory and a consistency check failed, then after

   sending a protected indication of failed consistency, the EAP server

   MUST send an EAP-Failure message to terminate the session.  If the

   EAP server is otherwise configured, it MUST allow the EAP session to

   complete normally, and leave the decision about network access up to

   the peer's policy.



[BA] I would suggest that normative language is not appropriate here.
For one thing, an EAP-Failure

does not actually result in the host being denied access to the network
-- an Access-Reject is what

accomplishes this.  Also, since an EAP-Failure (or EAP-Success) may not
be delivered, it doesn't make

sense to rely on it.  Furthermore, couldn't there be situations where
rather than denying access 

some other action is taken, such as putting up a warning message,
isolating the host in some way

(e.g. filters or VLAN setting, etc.)?  
[KH] OK. I guess simply mentioning that in some cases a failed channel
binding leads to an EAP-Failure message is sufficient. Text will be
revised accordingly.



Section 5.2



   These checks enable the EAP server to detect lying NAS/authenticator

   in enterprise networks and lying providers in service provider



[BA] As noted in the previous message, these checks do not actually
enable the determination of whether

a provider is lying. 
[KH] Agree, statement should be put in perspective.




   Checking the consistency of i1 and i2 is nontrivial, as has been

   pointed out already in [HC07].  First, i1 can contain any type of

   information propagated by the authenticator, whereas i2 is restricted

   to information that can be carried in AAA attributes.  



[BA] Actually, i1 can only contain information that is both propagated
by the authenticator *and*

passed up by the host in the proper format.  This requires coordination
between the

driver implemented on the host and the EAP method.   In practice, this
has been a major impediment

to implementation of Channel Bindings, because without driver changes,
many of the parameters desired

by channel binding implementations will not be available. 
[KH] Will add the second condition to the sentence. The required driver
updates are considered in Section 10.




Similarly, the database referred to in this section also requires a
non-trivial effort to put together,

comparable to the "wire map" required to support geographic location or
emergency services calling. 



   For example, if the EAP MTU is 1020 octets, and EAP-GPSK is used as

   the authentication method, and maximal-length identities are used, a

   maximum of 384 octets are available for conveying channel binding.



[BA] This is an important point -- and one that indicates that the
ability to implement channel

bindings is limited on EAP methods that don't support fragmentation.  




[KH] Indicating this was the point of this paragraph. Will add another
sentence to further clarify.


Section 6.3



   If transporting data within a lower-layer's secure association

   protocol (SAP), this protocol MUST support transport of integrity

   protected data using a key known only by the EAP peer and EAP server,

   and not known to the authenticator.  There must be mechanism whereby

   the authenticator can transport the protected payloads to the EAP

   server, either via a AAA protocol or some other means, and receive a

   protected result.



[BA] This paragraph does not make sense, because by definition the SAP

exchange occurs between the authenticator and the peer, and therefore

any keys derived in the process need to be known by the authenticator

and the peer.  In a number of cases (such as IKEv2), the EAP server

only doesn't know the key used by the SAP, but it is an explicit

design requirement that this not be possible.  
[KH] Needs to be clarified. It was meant that the data is transported
between peer and the authenticator via SAP but that the data is
protected by a key not known to the authenticator.




   This protocol MUST support exporting channel binding data to the AAA

   subsystem on the EAP server for validation.  The SAP must have access

   to channel binding data required for transport to the EAP server.



[BA] The last sentence also doesn't make sense.  Elsewhere in the
document

it says that the authenticator is not supposed to have access to the

channel bindings data, but here it implies that it must have access,

since the SAP is run between the peer and authenticator. 
[KH] Good catch. The authenticator should not have access to the
unprotected data, it just needs to be able to transport the information
to the EAP server. Needs to be revised.




Section 7.1



7.1.  Requirements for Lower-Layer Bindings



   Lower-layer protocols MUST support EAP in order to support EAP

   channel bindings.  These lower layers MUST support EAP methods that

   derive keying material, as otherwise no integrity-protected channel

   would be available to execute the channel bindings protocol.  Lower-

   layer protocols need not support traffic encryption, since this is

   independent of the authentication phase.



[BA] Channel Bindings can still be used even on lower layers that don't
use keying material.  For

example, an EAP method supporting channel bindings could be used with a
wired network supporting

IEEE 802.1X-2004. Since the EAP server/AAA server will still obtain
i1/i2 in this situation, why

should it matter whether an integrity-protected channel is in place?  
[KH] Because nobody including  the authenticator should  be able to
alter i1/i2.








 

 

<http://im.live.com/Messenger/IM/Home/?source=EML_WLHM_GreaterGood>

v2.23.0 | Report a Bug | By Email