IETF Logo Mail Archive

Re: [Emu] Finishing draft-ietf-emu-eap-tls13 - Commitment Message handling

Mohit Sethi M <mohit.m.sethi@ericsson.com> Mon, 13 July 2020 18:50 UTC

Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6E9C3A1720 for <emu@ietfa.amsl.com>; Mon, 13 Jul 2020 11:50:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PIZ1HmmCKkaE for <emu@ietfa.amsl.com>; Mon, 13 Jul 2020 11:49:58 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10077.outbound.protection.outlook.com [40.107.1.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 395AF3A1707 for <emu@ietf.org>; Mon, 13 Jul 2020 11:49:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VpFD9TpkwuxqRnhutUyZv/w3w4dJspuGKWhNz+aQBojHXljQgh2uU4I7KT1v+gxcqxdeMuWIF5O8Gy7GNeWxb/W5EBuEp84hor3KS4/79qC6IGwyeZFxiic++bxTROUJcAFbHFECYIq6tIxIVi0oRsJLQeTLOWmqi6owKS1/2BqhQD49dv8n4IsWdveAnIY7EtiepSHVeg7pxGkVL5mS/5Dc1qQ8m8m1Fws/M//OIw262egX2xiTkG30QbpXr56YmSxmpvmuO2MUQEQ0R4MhGfwJqHAIddXnx9BynrrY0SI8sDeXE4sbm9qGy0QzVPwQCwciA+kOOXs++nuryKHCQA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lnRjsZN6HveTfB9km0OWDYtXf3g8XhSPkKORKnw+OVk=; b=jSM80QfZNv9n0I1H0+gqyUUbf4prb77O3U8HHM0LIms+cqTMXjzAtXQFq9giDMo8Id1hPRkm+Dg/OOeZE+omIHQo37ik6asyysIhFDhapFqzFCmqsPNMxz9Z+wxoykE8JgG2ucbA+HEF86zy3QQ65VA6l2R1HNZZs7HPyxMtKiBFoM6YlOPoq/rkqaDyrn3GJED+CfN2/REE6dSkiikAJqv7+cpodRWkzS+ZNZotvHceSr0wlHtXBKYlDcdHRjTGofLjSuEsxosLuNwYX0ZJJA+6xn+OAfKFYfiHOfjpWVENT333si4gM1JtD6lXBw+6X7ts1jNf4C9obLGfatOXcw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lnRjsZN6HveTfB9km0OWDYtXf3g8XhSPkKORKnw+OVk=; b=HqjNwSUHz1V/TjHpPWgW+vlFEnwHQYdzKoLCL7FWGzB5oeogGEok49fXyw0CC0knrLkGsrgf7AYVZYKqNcwkky9ayT6tK6BIdVr7tgm4drqW0qqt3Kdmoxc5QS3NQOD/k+ZPaMCsMY8jZQOOwxr/KbsNwx/qTOC6KoC0nRrksTo=
Received: from HE1PR07MB3386.eurprd07.prod.outlook.com (2603:10a6:7:2d::25) by HE1PR07MB4428.eurprd07.prod.outlook.com (2603:10a6:7:9c::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.11; Mon, 13 Jul 2020 18:49:54 +0000
Received: from HE1PR07MB3386.eurprd07.prod.outlook.com ([fe80::297d:f4a6:bf0c:1ff5]) by HE1PR07MB3386.eurprd07.prod.outlook.com ([fe80::297d:f4a6:bf0c:1ff5%4]) with mapi id 15.20.3195.016; Mon, 13 Jul 2020 18:49:54 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: Jorge Vergara <jovergar=40microsoft.com@dmarc.ietf.org>, Alan DeKok <aland@deployingradius.com>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>
CC: "emu@ietf.org" <emu@ietf.org>
Thread-Topic: [Emu] Finishing draft-ietf-emu-eap-tls13 - Commitment Message handling
Thread-Index: AQHWWT0wdHdKwpHxS0OX+DAm2c3lZqkFygqAgAAIRQCAAAgAgA==
Date: Mon, 13 Jul 2020 18:49:54 +0000
Message-ID: <d02556ba-d4bd-18e4-85e7-69c049216f10@ericsson.com>
References: <1dbd00fc-0031-7198-5a0b-1f107dba942b@ericsson.com> <3DB31766-6E92-46A0-9EB4-98E8D1516831@deployingradius.com> <CH2PR21MB13816C0027D11C4B29650F43D1600@CH2PR21MB1381.namprd21.prod.outlook.com>
In-Reply-To: <CH2PR21MB13816C0027D11C4B29650F43D1600@CH2PR21MB1381.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [2001:14bb:140:27c7:2739:5cce:2572:bccb]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 887f54e0-3aa2-4f1d-e5c1-08d8275d8878
x-ms-traffictypediagnostic: HE1PR07MB4428:
x-microsoft-antispam-prvs: <HE1PR07MB44280DDEABAB811FCBB7249ED0600@HE1PR07MB4428.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: dedsAqNDsh5ffzyxvdp+rX9OATlKkzZuy1Oagp2fbSZ2dOfRbz/XtZJ+D77IclHPjL6f+DOwiQya25zQzoeHogxYDMFJjnML/oDqB/sW4Ut9sph2wAEj/h5Ztq5ceoFWJm0qpeM09mV5Vpl1e05R7hrZoM8veZwJbpWYPngaN4RZT+jLrtBBLyQ9Z+9MvYR1dBq+CkFV3OFpNfV5JQrFqw/XnXiOBO/uDHE4eL6W4gMieioXda/85Ac5U9IKNcHNhWPFIwrNUyFq/ssPydhmdi9M8zzzKsyPKYspJ9nCBtN3wqjaUAqDP0ejt+mWduvvHv6c3wNbtnKuwDn7dmW498OEXDQOc4JAlBvu378DGyzULWlLAW3n0nMZYLZqzviskSEZQ6ghB8Musl3JfQWSALN42fjLpvg7/NNzaVoBNuL1ZzJ/6AmdiGqM3mT6he7vRG8uWBtfzPIBgX64WlwvjQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB3386.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(136003)(346002)(39860400002)(396003)(366004)(4326008)(31696002)(6486002)(86362001)(186003)(2616005)(53546011)(31686004)(316002)(6506007)(8936002)(8676002)(6512007)(110136005)(66946007)(36756003)(2906002)(71200400001)(166002)(5660300002)(83380400001)(966005)(45080400002)(15650500001)(76116006)(66446008)(66556008)(66476007)(478600001)(64756008)(43740500002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: u6k6tAl7AXHjBp2F9qTH1WjIQUnxM1nx3e8laAJaNOC6fzqX7SBQn+ZQ3vEB/hRO/w2Wx9jjN+Ia0GGzmjV820/2B4Rno7SfDYMc5SpxQ1slGCqEExbL329nwXFSRxFNsx3lZFLt+BgfH9Bd0IuQpHW9c5kXP/aI/T5Qik1kNr+VGrlKgay7jd81eOX9QU28oyuHj5NEa486Gw3P88hJE7B0+XmTw6AOwYaAveq7l+XeZGoVWVs6fUckiOVhNNZj0xKKuaTvT31fV28ui60itJhxywyh+bweuDnis2lTf/2oagNaHdHW2we/ct6zxBg6BNCs/KVpYqIZK4fGzDPByIGQb5QlkEr2lBvpEzAYigDEH7Nf1uGv1TBQrbyj8QOADPkRf/akXfTczcImUTAOZoS40i+dNhk6ouyENRiiQBuYFsCYokFWB/8jdZZVNKnPZXyeJ2EOSeKS9xR/JK9AFz3exbKTzCXuVdUPy8YQIA/F1BIkXxfkrKZcxpqitEon1aW7pAwc7Sz3FZ6BbhWr7zGu6p3IIX10G9UR9yI/VY3Oaf8ytTNJuxwwYzzBTRMN
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_d02556bad4bd18e485e769c049216f10ericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB3386.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 887f54e0-3aa2-4f1d-e5c1-08d8275d8878
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jul 2020 18:49:54.6132 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: SFvuDLCzy3olrYtEK25tdYEdfdrEUDKnIL1mjZ+GqW4/I/4QWt+Tgutv1yxXba+KrLka7HzgVtIz2vQ8Ct+g671PBHUuaeQLvnnpGGe/R7Y=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4428
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/zMrN77dBEH9WnLVfEb_foiNiJZ0>
Subject: Re: [Emu] Finishing draft-ietf-emu-eap-tls13 - Commitment Message handling
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2020 18:50:01 -0000

Hi Alan, Jorge, Jim, Hannes,

One octet of plaintext naturally results in a larger encrypted record (which serves as the notification). The current text only explains how to construct the encrypted record by setting the TLSPlaintext to one octet of zeros.

RFC 8446 in any case says the following in Section 5.1.  Record Layer: "Application Data messages contain data that is opaque to TLS. Application Data messages are always protected."

Perhaps the text can be made more explicit as follows:

When an EAP server has sent its last handshake message (Finished or a Post-Handshake), it commits to not sending any more handshake messages by sending an encyrpted Commitment Message.  The Commitment Message is an encyrpted TLS record constructed with application data 0x00 (i.e. a TLS record with TLSPlaintext.type = application_data, TLSPlaintext.length = 1, and TLSPlaintext.fragment = 0x00).  Note that the length of the plaintext is greater than the corresponding TLSPlaintext.length due to the inclusion of TLSInnerPlaintext.type and any padding supplied by the sender.  EAP server implementations MUST set TLSPlaintext.fragment to 0x00, but EAP peer implementations MUST accept any application data as a Commitment Message from the EAP server to not send any more handshake messages.  The Commitment Message may be sent in the same EAP-Request as the last handshake record or in a separate EAP-Request.  Sending the Commitment Message in a separate EAP-Request adds an additional round-trip, but may be necessary in TLS implementations that only implement a subset of TLS 1.3.
Is this amenable to all?

--Mohit

On 7/13/20 9:24 PM, Jorge Vergara wrote:

Windows expects an encrypted octet. My brain had automatically translated the plaintext -> encrypted based on the timing of the commitment message - which was apparently an incorrect translation at the time. Interop has been tested with FreeRADIUS and hostapd.

-----Original Message-----
From: Emu <emu-bounces@ietf.org><mailto:emu-bounces@ietf.org> On Behalf Of Alan DeKok
Sent: Monday, July 13, 2020 10:52 AM
To: Mohit Sethi M <mohit.m.sethi@ericsson.com><mailto:mohit.m.sethi@ericsson.com>
Cc: Roman Danyliw <rdd@cert.org><mailto:rdd@cert.org>; emu@ietf.org<mailto:emu@ietf.org>
Subject: Re: [Emu] Finishing draft-ietf-emu-eap-tls13 - Commitment Message handling

On Jul 13, 2020, at 1:44 PM, Mohit Sethi M <mohit.m.sethi@ericsson.com><mailto:mohit.m.sethi@ericsson.com> wrote:



Dear all,

draft-ietf-emu-eap-tls13 is currently in the state "AD Evaluation::AD Followup". Our AD (Roman) had done an excellent review (https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Femu%2Fk6K98OhuOQmbzSAgGWCtSIVv3Qk%2F&amp;data=02%7C01%7Cjovergar%40microsoft.com%7C435cd35863dd44a5aba708d82755b6b4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637302596380970944&amp;sdata=mfYGmzLt9zC%2BDBmqGzeFmx%2Bq8XdZG%2Bd0JefKvwSSQ%2Bw%3D&amp;reserved=0), which I addressed in version 10 (https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Femu%2FIopJTjefyVVKpObzyFc0CAJ-Pig%2F&amp;data=02%7C01%7Cjovergar%40microsoft.com%7C435cd35863dd44a5aba708d82755b6b4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637302596380970944&amp;sdata=%2FWzCNaXEnxX9adDHjLHKHmH0aYyG3CV4cqpyRSP7yF4%3D&amp;reserved=0).
...
Hannes says that this is not ideal and cannot be achieved with mbed TLS 1.3 implementation. He made 3 alternative suggestions for achieving the functionality of the commitment message (https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Femu%2FeM-14QdDQjg7DvhAVJMzpvPz5wg%2F&amp;data=02%7C01%7Cjovergar%40microsoft.com%7C435cd35863dd44a5aba708d82755b6b4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637302596380980941&amp;sdata=umbXQTG0%2FLJN6IrXI%2BjgrQME6mE3UtmI7nOTAdghl7M%3D&amp;reserved=0).

I would like to close this issue and would like to receive feedback from others who have commented before or are working on implementations: Jim, Alan, Jouni; please let us know what do you think about the change?



  hostap sends an encrypted octet.  See https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fw1.fi%2Fcgit%2Fhostap%2Fcommit%2F%3Fid%3D36ec5881657157752dced741256441c230e42fe6&amp;data=02%7C01%7Cjovergar%40microsoft.com%7C435cd35863dd44a5aba708d82755b6b4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637302596380980941&amp;sdata=R1R8rq0d0MyG36iSVeJwcP3UYRSb%2F4MafyW9Ir%2BNx2A%3D&amp;reserved=0

EAP-TLS server: Add application data to indicate end of v1.3 handshake This adds an encrypted version of a one octet application data payload to the end of the handshake when TLS v1.3 is used to indicate explicit termination of the handshake (either after Finished message or after the optional NewSessionTicket message). The current
draft-ietf-emu-eap-tls13-05 defines this to be a zero length payload, but since that is not allowed by OpenSSL, use a one octet payload instead for now with hopes of getting the draft specification updated instead of having to modify OpenSSL for this.

Signed-off-by: Jouni Malinen <j@w1.fi><mailto:j@w1.fi>

  FreeRADIUS does the same, as of recent commits in the v3.0.x branch.  We've successfully tested interoperability.

  So I think it's fine to send the one octet as *encrypted* data, and not *plaintext*.

  Alan DeKok.

_______________________________________________
Emu mailing list
Emu@ietf.org<mailto:Emu@ietf.org>
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Femu&amp;data=02%7C01%7Cjovergar%40microsoft.com%7C435cd35863dd44a5aba708d82755b6b4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637302596380980941&amp;sdata=1xjqVMXOl1D62KRGdzAggBjEIuBVMoIU6AisOnJEroo%3D&amp;reserved=0

_______________________________________________
Emu mailing list
Emu@ietf.org<mailto:Emu@ietf.org>
https://www.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email