IETF Logo Mail Archive

Re: [HOKEY] consensus call: key delivery security protocol

"T. Charles Clancy" <clancy@cs.umd.edu> Wed, 08 August 2007 18:51 UTC

Return-path: <hokey-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IIqd7-0000x2-0D; Wed, 08 Aug 2007 14:51:37 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IIqd5-0000wx-BU for hokey@ietf.org; Wed, 08 Aug 2007 14:51:35 -0400
Received: from dispatch.cs.umd.edu ([128.8.128.60]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IIqd4-0008Ro-0n for hokey@ietf.org; Wed, 08 Aug 2007 14:51:35 -0400
Received: from loompa (loompa.cs.umd.edu [128.8.128.63]) by dispatch.cs.umd.edu (8.13.1/8.12.5) with ESMTP id l78IpHco012365; Wed, 8 Aug 2007 14:51:21 -0400
Date: Wed, 08 Aug 2007 14:51:16 -0400
From: "T. Charles Clancy" <clancy@cs.umd.edu>
X-X-Sender: clancy@loompa
To: Yoshihiro Ohba <yohba@tari.toshiba.com>
Subject: Re: [HOKEY] consensus call: key delivery security protocol
In-Reply-To: <20070807151737.GG16703@steelhead.localdomain>
Message-ID: <Pine.GSO.4.61.0708081450490.12196@loompa>
References: <46A4E634.8060708@cs.umd.edu> <20070807151737.GG16703@steelhead.localdomain>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-CSD-MailScanner-Information: Please email staff@cs.umd.edu for more information
X-CSD-MailScanner: Found to be clean
X-CSD-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-3.499, required 5, autolearn=not spam, AWL -0.90, BAYES_00 -2.60)
X-CSD-MailScanner-From: clancy@cs.umd.edu
X-Spam-Status: No
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c
Cc: hokey@ietf.org
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
Errors-To: hokey-bounces@ietf.org

If AAA-proxy compromise is not part of our threat model, then all parties 
are securely authenticated and keying material remains undisclosed to 
non-trusted parties.  The draft-housley-aaa-key-mgmt doesn't say to whom 
the keying material must remain confidential, or that only the two 
endpoints can know a key.

Sure, a proxy can be compromised and misbehave, but so can a AAA server.

The cryptographic protocol academic in me cringes to say that, but I don't 
see any practical way to avoid it.  We need to trust the AAA 
infrastructure.  We can certainly document the concerns associated with a 
hop-by-hop protocol in the security considerations section.

--
t. charles clancy, ph.d.  <>  tcc@umd.edu  <>  eng.umd.edu/~tcc
adjunct professor, electrical engineering, university of maryland


On Tue, 7 Aug 2007, Yoshihiro Ohba wrote:

> I was taking vacation and sorry for delayed response.
>
> How does option #1 with hop-by-hop security satisfy
> draft-housley-aaa-key-mgmt-09.txt, especially "Authenticate all
> parties" and "Keying material confidentiality and integrity"
> requirements?
>
> Regards,
> Yoshihiro Ohba
>
>
>
> On Mon, Jul 23, 2007 at 01:32:36PM -0400, Charles Clancy wrote:
>> Related issue: #28
>>
>> The current key distribution document describes protocols that require a
>> shared key between the server and third party.  According to RFC 4107,
>> we are required to specify how those keys are provisioned.  The result
>> was 3 options:
>>
>> #1: convert the current protocol into one that uses hop-by-hop security
>> with channel bindings based on AAA
>>
>> #2: define a protocol to provision keys, as necessary, between AAA
>> servers and any remote AAA client that needs a pairwise key for
>> end-to-end security
>>
>> #3: use something like cross-realm Kerberos to provide the necessary
>> cryptographics to improve upon hop-by-hop security
>>
>> An initial hum eliminated option #2.  A vote for options #1 and #3
>> yielded 23 in favor of #1 and 11 in favor of #3.  This email is to
>> confirm the consensus in the room during the meeting.
>>
>> Please comment by August 2.
>>
>> --
>> t. charles clancy, ph.d.  <>  tcc@umd.edu  <>  eng.umd.edu/~tcc
>> adjunct professor, electrical engineering, university of maryland
>>
>> _______________________________________________
>> HOKEY mailing list
>> HOKEY@ietf.org
>> https://www1.ietf.org/mailman/listinfo/hokey
>>
>

_______________________________________________
HOKEY mailing list
HOKEY@ietf.org
https://www1.ietf.org/mailman/listinfo/hokey

v2.23.0 | Report a Bug | By Email