IETF Logo Mail Archive

Re: [Emu] New Version Notification for draft-janfred-eap-fido-02.txt

Alan DeKok <aland@deployingradius.com> Mon, 04 March 2024 19:11 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBAB3C1654F3 for <emu@ietfa.amsl.com>; Mon, 4 Mar 2024 11:11:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3WCGv8Hx76-r for <emu@ietfa.amsl.com>; Mon, 4 Mar 2024 11:11:48 -0800 (PST)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33C50C15793B for <emu@ietf.org>; Mon, 4 Mar 2024 11:11:47 -0800 (PST)
Received: from smtpclient.apple (135-23-95-173.cpe.pppoe.ca [135.23.95.173]) by mail.networkradius.com (Postfix) with ESMTPSA id 3819D308; Mon, 4 Mar 2024 19:11:44 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <5e5f794d-a260-4fc4-b4c0-fbe13ed54691@dfn.de>
Date: Mon, 04 Mar 2024 14:11:43 -0500
Cc: emu@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <2A73CDC3-9D44-433B-8948-405917CA69F0@deployingradius.com>
References: <170932527085.22824.18343512124707075119@ietfa.amsl.com> <66bca1b2-4b2d-429d-8f85-5c76d29005ad@dfn.de> <c2951f3d-bcc7-4b90-bcdd-077a506dd464@app.fastmail.com> <5e5f794d-a260-4fc4-b4c0-fbe13ed54691@dfn.de>
To: Jan-Frederik Rieckers <rieckers@dfn.de>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/zSsIcPcR9gKAOPwU9lE7VkPkrlo>
Subject: Re: [Emu] New Version Notification for draft-janfred-eap-fido-02.txt
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2024 19:11:52 -0000

On Mar 4, 2024, at 10:39 AM, Jan-Frederik Rieckers <rieckers@dfn.de> wrote:
> My main idea was to prevent reflection attacks from the get-go. If we have a clear specification in which direction a message is going, we can spot bad behavior more easily.

  I think this is a good idea.

>> For the errors, I would remove the success/error/failure type and just communicate this through the *presence* of a list of error tuples (<type[enum]>, <fatal[bool]>, <description[str]>) in your map; you may wish to include here a '<required[bool]>' in the tuple as a way for the server (or client) to communicate to the peer "you must understand and not ignore this, otherwise abort".

  Using "mandatory" bits in a protocol has been difficult.  Diameter has them, and they've proven less useful than initially thought.

  But I do like a list of error tuples.  It's not always possible to map complex failure onto one 3-digit decimal number.

> Definitely a thing to think about.
> I am always very much in favor of explicitly stating what is going on instead of relying on implicit information, that the peer may overlook if the order of the message items were chosen in a specific way.
> At the very least I would have a separate Success and Failure indicator.

  I agree, and I believe separate Success / Failure indicators are useful.

> The technical limit I think is restricted by the amount of EAP roundtrips that most NAS allow, I think most Access Points will abort the EAP conversation on their own if they saw more than 50 roundtrips.

  Yes.

> To be honest, I hate TLV, especially with fixed-length types.
> Either you waste resources by defining a 2 byte or 4 byte type field, or you run into resource exhaustion if your type field was too small.
> I don't expect that we would run into a problem with that with this specification soon, even with extensions, but why risk it?

  A counter-point is that all EAP methods implement TLVs already, so adding more / similar code is easy.

  The downside is that CBOR is likely more expressive than TLVs, and perhaps what people should be moving towards.  There's no reason to stick with TLVs simply because we've been using them for years.  It's 2024, new technologies exist.

> (I'm not fixed on using CBOR for the message format, but since CTAP2 also uses CBOR at least the client needs to have a CBOR library anyway.)

  I think tho that the EAP implementations don't need to implement CBOR in order to do CTAP2, right?  They just hand the data to another library, and it does the work.

> Again, I like to be explicit. If we have an attribute that says "MUST be of length one", some vendor will ignore it, on the sending or receiving side. How do we deal with two PKIDs? do we take the first one? The last one? Do we abort completely?
> I find it better to be explicit, this way we avoid such errors in implementation from the get-go.

  I agree completely.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email