Re: [HOKEY] consensus call: key delivery security protocol
"T. Charles Clancy" <clancy@cs.umd.edu> Wed, 08 August 2007 18:51 UTC
Return-path: <hokey-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IIqd7-0000x2-0D; Wed, 08 Aug 2007 14:51:37 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IIqd5-0000wx-BU for hokey@ietf.org; Wed, 08 Aug 2007 14:51:35 -0400
Received: from dispatch.cs.umd.edu ([128.8.128.60]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IIqd4-0008Ro-0n for hokey@ietf.org; Wed, 08 Aug 2007 14:51:35 -0400
Received: from loompa (loompa.cs.umd.edu [128.8.128.63]) by dispatch.cs.umd.edu (8.13.1/8.12.5) with ESMTP id l78IpHco012365; Wed, 8 Aug 2007 14:51:21 -0400
Date: Wed, 08 Aug 2007 14:51:16 -0400
From: "T. Charles Clancy" <clancy@cs.umd.edu>
X-X-Sender: clancy@loompa
To: Yoshihiro Ohba <yohba@tari.toshiba.com>
Subject: Re: [HOKEY] consensus call: key delivery security protocol
In-Reply-To: <20070807151737.GG16703@steelhead.localdomain>
Message-ID: <Pine.GSO.4.61.0708081450490.12196@loompa>
References: <46A4E634.8060708@cs.umd.edu> <20070807151737.GG16703@steelhead.localdomain>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-CSD-MailScanner-Information: Please email staff@cs.umd.edu for more information
X-CSD-MailScanner: Found to be clean
X-CSD-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-3.499, required 5, autolearn=not spam, AWL -0.90, BAYES_00 -2.60)
X-CSD-MailScanner-From: clancy@cs.umd.edu
X-Spam-Status: No
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c
Cc: hokey@ietf.org
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
Errors-To: hokey-bounces@ietf.org
If AAA-proxy compromise is not part of our threat model, then all parties are securely authenticated and keying material remains undisclosed to non-trusted parties. The draft-housley-aaa-key-mgmt doesn't say to whom the keying material must remain confidential, or that only the two endpoints can know a key. Sure, a proxy can be compromised and misbehave, but so can a AAA server. The cryptographic protocol academic in me cringes to say that, but I don't see any practical way to avoid it. We need to trust the AAA infrastructure. We can certainly document the concerns associated with a hop-by-hop protocol in the security considerations section. -- t. charles clancy, ph.d. <> tcc@umd.edu <> eng.umd.edu/~tcc adjunct professor, electrical engineering, university of maryland On Tue, 7 Aug 2007, Yoshihiro Ohba wrote: > I was taking vacation and sorry for delayed response. > > How does option #1 with hop-by-hop security satisfy > draft-housley-aaa-key-mgmt-09.txt, especially "Authenticate all > parties" and "Keying material confidentiality and integrity" > requirements? > > Regards, > Yoshihiro Ohba > > > > On Mon, Jul 23, 2007 at 01:32:36PM -0400, Charles Clancy wrote: >> Related issue: #28 >> >> The current key distribution document describes protocols that require a >> shared key between the server and third party. According to RFC 4107, >> we are required to specify how those keys are provisioned. The result >> was 3 options: >> >> #1: convert the current protocol into one that uses hop-by-hop security >> with channel bindings based on AAA >> >> #2: define a protocol to provision keys, as necessary, between AAA >> servers and any remote AAA client that needs a pairwise key for >> end-to-end security >> >> #3: use something like cross-realm Kerberos to provide the necessary >> cryptographics to improve upon hop-by-hop security >> >> An initial hum eliminated option #2. A vote for options #1 and #3 >> yielded 23 in favor of #1 and 11 in favor of #3. This email is to >> confirm the consensus in the room during the meeting. >> >> Please comment by August 2. >> >> -- >> t. charles clancy, ph.d. <> tcc@umd.edu <> eng.umd.edu/~tcc >> adjunct professor, electrical engineering, university of maryland >> >> _______________________________________________ >> HOKEY mailing list >> HOKEY@ietf.org >> https://www1.ietf.org/mailman/listinfo/hokey >> > _______________________________________________ HOKEY mailing list HOKEY@ietf.org https://www1.ietf.org/mailman/listinfo/hokey
- [HOKEY] consensus call: key delivery security pro… Charles Clancy
- Re: [HOKEY] consensus call: key delivery security… Yoshihiro Ohba
- Re: [HOKEY] consensus call: key delivery security… T. Charles Clancy
- Re: [HOKEY] consensus call: key delivery security… Yoshihiro Ohba
- RE: [HOKEY] consensus call: key delivery security… Glen Zorn (gwz)
- Re: [HOKEY] consensus call: key delivery security… Yoshihiro Ohba
- RE: [HOKEY] consensus call: key delivery security… Glen Zorn (gwz)
- Re: [HOKEY] consensus call: key delivery security… Yoshihiro Ohba
- RE: [HOKEY] consensus call: key delivery security… Glen Zorn (gwz)
- Re: [HOKEY] consensus call: key delivery security… Yoshihiro Ohba
- RE: [HOKEY] consensus call: key delivery security… Glen Zorn (gwz)
- Re: [HOKEY] consensus call: key delivery security… Yoshihiro Ohba
- RE: [HOKEY] consensus call: key delivery security… Alper Yegin
- Re: [HOKEY] consensus call: key delivery security… Yoshihiro Ohba
- RE: [HOKEY] consensus call: key delivery security… Madjid Nakhjiri
- Re: [HOKEY] consensus call: key delivery security… Sam Hartman
- RE: [HOKEY] consensus call: key delivery security… Madjid Nakhjiri
- Re: [HOKEY] consensus call: key delivery security… Dan Harkins
- RE: [HOKEY] consensus call: key delivery security… Glen Zorn
- Re: [HOKEY] consensus call: key delivery security… Sam Hartman
- Re: [HOKEY] consensus call: key delivery security… Yoshihiro Ohba
- RE: [HOKEY] consensus call: key delivery security… Dan Harkins
- RE: [HOKEY] consensus call: key delivery security… Glen Zorn
- RE: [HOKEY] consensus call: key delivery security… Dan Harkins