[Emu] Query about two types of TEAP TLS session resume

Oleg Pekar <oleg.pekar.2017@gmail.com> Mon, 25 March 2019 13:27 UTC

Return-Path: <oleg.pekar.2017@gmail.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19AF11203FD for <emu@ietfa.amsl.com>; Mon, 25 Mar 2019 06:27:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PJWyYnihf73j for <emu@ietfa.amsl.com>; Mon, 25 Mar 2019 06:27:03 -0700 (PDT)
Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A93F1203F0 for <emu@ietf.org>; Mon, 25 Mar 2019 06:27:02 -0700 (PDT)
Received: by mail-lf1-x12c.google.com with SMTP id b7so1430355lfg.9 for <emu@ietf.org>; Mon, 25 Mar 2019 06:27:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=5B3JdSuSFGU3asDWkiD8ZbRZhKesUFI1P8d7rf52z4s=; b=AdHqA6q0L59HWox0apvZZA1L7B3ndmxplnzd7YUz2zkYBgim42FYPYJFMeqtE6VnZU rRVTWwySTl3HTZZKvvJflfpkOvzM6nU9xk1CedT+BpMzQRIYTQU5WeSDEiKzw4F2n/ND jlLyTp5vm0l9WS7BiknmlBzn1pQK9kXgFLeUi/mXUyWCD1ptaXs9tEmosrhuH+wvNGAP B/A7QtEw/teril5ZmcZ41Ojf9US1nSPled81oGeqdmaA3xdMNYPzgZaZt8FJ8r4vlai3 os+DpjmwXBY3e/bvygIDQZrdr5dE3uIa3uK/47VcBzy7WW0wArpB3OPblVlJVuBGXs7L 9ImQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=5B3JdSuSFGU3asDWkiD8ZbRZhKesUFI1P8d7rf52z4s=; b=QHw/oup7ibpKWh1D6ypRTNccE4fWxbu/zC8ntfDcC10oLhl2Gro/Pm9ggPeloErj0p maCAHFqKTJzTUZ1v//ygW2MvlRuwHGy68qQ0qTYiWntzkSMkjvSpH4rIFXuv8qVZG/zt a+/YDqr9mZwPeYJVs5aZ+UOw4pLeJjJ4grZHiPMStep7+k4hlocxmO8UCZjaO2cA6b3I ZOBVNDYl5k35a3hxvkLy+ma5l+uh6zFbTcDzMY8yggjp1BxrPSUu622s2Vo9MpXJc/Xm Cx2NjS51dHZFfPih+69TM32q2+QtQdQGjGnlxAi9l9IEO5Qk1PvwRC1OFu9LK40ZT5T7 OHiA==
X-Gm-Message-State: APjAAAVctfxSAFeWuOjv0XZ6yQFsMXwjJ/nQpzoxtzOg3qiyVRXiqR5W sa1Ou21UFRpYfkzqpc2S1W9EULe64vDVh2A4eYcznqZm5s0=
X-Google-Smtp-Source: APXvYqzmGMr/DpWNkFtR2pzFaCbDSaYqlmtoV7BORoDAtVhxDVtDL5rAMjDEkpnNx5Zy8v9qoVQ70KPobAn+2GqIR0E=
X-Received: by 2002:ac2:4554:: with SMTP id j20mr12125483lfm.112.1553520418909; Mon, 25 Mar 2019 06:26:58 -0700 (PDT)
MIME-Version: 1.0
From: Oleg Pekar <oleg.pekar.2017@gmail.com>
Date: Mon, 25 Mar 2019 15:26:48 +0200
Message-ID: <CABXxEz8bmfzuGwdrfiwx7eZUj5K8rQcEKFBQXMemmHhAmu5YCw@mail.gmail.com>
To: emu@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b873900584eb28e5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/tDD-uhMYiSz7d-KVVfaAoNpK3rc>
Subject: [Emu] Query about two types of TEAP TLS session resume
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2019 13:27:05 -0000

Hi,

I have several questions about TEAP TLS session resume since I am not sure
I succeeded to interpret the relevant sections of RFC 7170 and RFC 5077
correctly.


1) Does it make sense for TEAP server to support both TLS session resume
using server state and TLS session resume using PAC? Should the server have
an explicit configuration of which type of session resume it supports? In
EAP-FAST there was a dedicated stage of PAC provisioning (Phase 0) that
typically ended with PAC provisioning to the client inside the tunnel.
However TEAP RFC says that PAC should be provisioned either as TLS session
ticket after client sent empty TLS SessionTicket extension or in Phase 2
after client requested a PAC in Request-Action TLV + PAC TLV. So in TEAP
PAC provisioning is always initiated by the client. This gives the server a
chance to presume that if the client didn’t ask for PAC - it doesn’t
support PACs and thus the server should save TLS state of this conversation
in its memory for subsequent TLS session resume using server state.


2) Should it be a restriction for the total time of TLS session resume
using PAC as it exists for TLS session resume using server state? RFC 5077
says that if the conversation was resumed using SessionTicket then the
server can provide a new SessionTicket. Every SessionTicket has its
lifetime restriction but the total time of sequential conversations that
apply TLS session resume using SessionTicket (PAC) is not restricted. I.e.
there is no requirement to conduct a full TLS handshake once per specific
time interval. Doesn’t it create a security issue? Or is it totally on
client's responsibility to conduct a full TLS handshake once per specific
time so the client can verify TLS server's certificate?


3) TEAP RFC says: "If the PAC-Opaque included in the

   SessionTicket extension is valid and the EAP server permits the

   abbreviated TLS handshake, it will select the ciphersuite from

   information within the PAC-Opaque and finish with the abbreviated TLS

   handshake."


What is the reason for storing ciphersuite in the PAC and using it in TLS
session resume using PAC, if server can anyway control the ciphersuites to
eliminate weak cipher usage?


Thank you in advance for your answers,

Oleg