IETF Logo Mail Archive

Re: [Emu] Potential Notes in EAP-FAST Documents

<Pasi.Eronen@nokia.com> Thu, 05 February 2009 12:52 UTC

Return-Path: <Pasi.Eronen@nokia.com>
X-Original-To: emu@core3.amsl.com
Delivered-To: emu@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BF7C23A6BFC; Thu, 5 Feb 2009 04:52:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.572
X-Spam-Level:
X-Spam-Status: No, score=-6.572 tagged_above=-999 required=5 tests=[AWL=0.027, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pKuMg-QaxCAG; Thu, 5 Feb 2009 04:52:33 -0800 (PST)
Received: from mgw-mx09.nokia.com (smtp.nokia.com [192.100.105.134]) by core3.amsl.com (Postfix) with ESMTP id B4C983A6AAA; Thu, 5 Feb 2009 04:52:33 -0800 (PST)
Received: from vaebh105.NOE.Nokia.com (vaebh105.europe.nokia.com [10.160.244.31]) by mgw-mx09.nokia.com (Switch-3.2.6/Switch-3.2.6) with ESMTP id n15Cpt4t026301; Thu, 5 Feb 2009 06:52:10 -0600
Received: from vaebh104.NOE.Nokia.com ([10.160.244.30]) by vaebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 5 Feb 2009 14:51:57 +0200
Received: from smtp.mgd.nokia.com ([65.54.30.5]) by vaebh104.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Thu, 5 Feb 2009 14:51:53 +0200
Received: from NOK-EUMSG-01.mgdnok.nokia.com ([65.54.30.106]) by nok-am1mhub-01.mgdnok.nokia.com ([65.54.30.5]) with mapi; Thu, 5 Feb 2009 13:51:52 +0100
From: Pasi.Eronen@nokia.com
To: glenzorn@comcast.net
Date: Thu, 05 Feb 2009 13:51:52 +0100
Thread-Topic: [Emu] Potential Notes in EAP-FAST Documents
Thread-Index: AcmG/lqa1KgpUF8USwKhyQk7NRQaiAAZKlqQAAcC4gAAAri40A==
Message-ID: <808FD6E27AD4884E94820BC333B2DB7727E78F2B67@NOK-EUMSG-01.mgdnok.nokia.com>
References: <BLU137-W531ACB9BE00127DB8595D993C30@phx.gbl> <808FD6E27AD4884E94820BC333B2DB7727E78F274C@NOK-EUMSG-01.mgdnok.nokia.com> <006c01c98781$5d6b8bf0$1842a3d0$@net>
In-Reply-To: <006c01c98781$5d6b8bf0$1842a3d0$@net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 05 Feb 2009 12:51:53.0169 (UTC) FILETIME=[84E94410:01C98790]
X-Nokia-AV: Clean
Cc: emu@ietf.org, iesg@ietf.org
Subject: Re: [Emu] Potential Notes in EAP-FAST Documents
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Feb 2009 12:52:34 -0000

Glen Zorn wrote:

> > I would like to remind everyone that these documents did go
> > through IETF Last Call, and have already been approved by IESG.
>
> Given the quality of the documents in question, perhaps that's not
> something that you should be bragging about...
>
> > If folks are opposed to publishing descriptions of deployed EAP
> > method when they're less than perfect (or even ugly hacks with bad
> > architecture), and may not offer perfect security in all
> > circumstances (but accurately document their limitations), they
> > should have said so much earlier.
>
> No offense, but I'm getting the real feeling that you're just not
> paying much attention.  The major problems I've heard WRT
> publication as-is have to do with the misuse of IANA registries, not
> ugly hacks or "imperfect security".

I am paying attention, thank you. Of the emails on emu@ietf.org about
EAP-FAST in the past month or so, less than half of the text seems to
be about re-using EAP-GTC/MSCHAPv2 type codes. Your first email (Jan
27) mentions only anonymous provisioning (nothing about EAP type
codes), and your second message (Feb 3) first talks about the
insecurity of anonymous provisioning, and then about the EAP-GTC type
code.

The EAP-GTC type code re-use is not a new concern; it was specifically
discussed before the IESG approved the document, and the discussion
resulted in changes in the document. As far as I can tell, this thread
has contained no new information about the topic.  It seems you would
have preferred that IESG had reached a different decision back
then. That's a perfectly valid opinion, but the IETF Last Call
would have been the right time to express it.

For EAP-MSCHAPv2, I think there has been some new information that
wasn't really well considered before IESG approved the document.
IESG is proposing solving it basically the same way as for EAP-GTC --
noting that this is bad design, and future design should not do it
this way.

> > (In hindsight, publishing these via the RFC Editor independent
> > submission route, and including the vendor's name in the document
> > title, might have been better idea. Since the intent was to
> > describe what existing implementations do, the IETF does not
> > realistically have much change control...)
>
> Publishing them as individual submissions would have been a better
> idea I don't see how that would solve the IANA problem.

BTW, you can look at this either as changing an existing code point,
or defining a field (an EAP-FAST TLV "Value" part) that contains
either protocol X (normal EAP header with IANA-allocated EAP Type
code) or protocol Y (some other stuff).

Basically, the change that was made to draft-zhou-emu-fast-gtc says
"if this byte contains anything else than 0x06, interprete it as
normal EAP Header with IANA-allocated EAP Type number. If it contains
0x06, interprete it as described below." (not using those words, but
that's the idea)

When some field can contain either X or Y, normally we'd multiplex
them by having a separate "type" field outside the field itself.
That's the approach used in e.g. RFC5281, which changes MS-CHAPv2
challenge processing in very similar way as draft-cam-winget-eap-
fast-provisioning.

Another approach is to multiplex by "peeking inside the content";
while this is usually less preferable, it's a choice the protocol
designer gets to make when defining a new field (and is used in
some IETF specs too; e.g. draft-ietf-avt-dtls-srtp).

Choosing this approach to multiplexing the contents of this field
certainly was not a good design decision, and the proposed IESG text
basically says so (and warns that it probably doesn't exactly
simplify implementation either). But I don't think it should alone
prevent publishing a description of somewhat widely implemented protocol.

*IF* this caused interoperability problems for folks who don't
implement this specification (or between folks who do implement
this spec and those that don't), I'd be very worried indeed.
But that does not seem to be the case.

Best regards,
Pasi

v2.23.0 | Report a Bug | By Email