IETF Logo Mail Archive

Re: [HOKEY] RE: Need advise on advancing draft-gaonkar-radext-erp-attrs

"Dan Harkins" <dharkins@lounge.org> Sun, 15 July 2007 23:33 UTC

Return-path: <hokey-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IADam-0005mY-JK; Sun, 15 Jul 2007 19:33:32 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IADal-0005mJ-MP for hokey@ietf.org; Sun, 15 Jul 2007 19:33:31 -0400
Received: from colo.trepanning.net ([69.55.226.174] helo=mail1.trepanning.net) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IADal-00059h-8o for hokey@ietf.org; Sun, 15 Jul 2007 19:33:31 -0400
Received: from www.trepanning.net (localhost [127.0.0.1]) by mail1.trepanning.net (Postfix) with ESMTP id 6F47D1FA60C9; Sun, 15 Jul 2007 16:32:26 -0700 (PDT)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Sun, 15 Jul 2007 16:32:26 -0700 (PDT)
Message-ID: <43198.69.12.173.8.1184542346.squirrel@www.trepanning.net>
In-Reply-To: <4C0FAAC489C8B74F96BEAD85EAEB262504504982@xmb-sjc-215.amer.cisco.com>
References: <46946AE6.9040705@qualcomm.com> <EDC652A26FB23C4EB6384A4584434A04215A88@307622ANEX5.global.avaya.com> <4C0FAAC489C8B74F96BEAD85EAEB262504503FEC@xmb-sjc-215.amer.cisco.com> <4695BD98.9030500@qualcomm.com> <4C0FAAC489C8B74F96BEAD85EAEB26250450403D@xmb-sjc-215.amer.cisco.com> <4695C7CC.5020600@qualcomm.com> <000f01c7c477$ec756f60$6401a8c0@NEWTON603> <4C0FAAC489C8B74F96BEAD85EAEB262504504971@xmb-sjc-215.amer.cisco.com> <469A8329.8050803@qualcomm.com> <4C0FAAC489C8B74F96BEAD85EAEB262504504982@xmb-sjc-215.amer.cisco.com>
Date: Sun, 15 Jul 2007 16:32:26 -0700
Subject: Re: [HOKEY] RE: Need advise on advancing draft-gaonkar-radext-erp-attrs
From: Dan Harkins <dharkins@lounge.org>
To: "Glen Zorn (gwz)" <gwz@cisco.com>
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Priority: 3 (Normal)
Importance: Normal
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 6cca30437e2d04f45110f2ff8dc1b1d5
Cc: "Gaonkar, Kedar" <kgaonkar@qualcomm.com>, Bernard Aboba <bernard_aboba@hotmail.com>, Tim Polk <tim.polk@nist.gov>, "Romascanu, Dan (Dan)" <dromasca@avaya.com>, hokey@ietf.org
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
Errors-To: hokey-bounces@ietf.org

  Hi,

  MPPE is just wrong; IPsec has issues, as Glen notes. But RFC3394 has
it's own problems. It doesn't have a security proof behind it and it
doesn't allow for the inclusion of additional authenticated, but not
wrapped, data. draft-zorn-radius-keywrap-13.txt uses a separate and
additonal MAC on the RADIUS response to get around that latter issue.
RFC3394 also imposes unnatural restrictions on the data being wrapped
which might not be an issue in this case but it's still sub-optimal.

  So let me take this opportunity to tell everyone about
draft-dharkins-siv-aes-00 which describes a new AES cipher mode for
authenticated encryption. It can be used in the traditional nonce-based
authenticated encryption mode and also in a deterministic, nonce-less
key wrap mode. It has a security proof (in "Deterministic Authenticated
Encryption" by Rogaway and Shrimpton, which defines SIV) and allow for
additional authenticated, but not encrypted, data to be input. It also
doesn't impose any unnatural restrictions on the length of the data to be
wrapped. It would be ideal for this sort of problem!

  Also note that when SIV is used in the traditional nonce-based
authenticated encryption mode it provides a level of resistance to
nonce reuse whereas the security of other authenticated encryption schemes
are voided when the nonce gets reused (e.g. GCM, CCM).

  Dan.

On Sun, July 15, 2007 2:18 pm, Glen Zorn (gwz) wrote:
> Lakshminath Dondeti <mailto:ldondeti@qualcomm.com> allegedly scribbled
> on Sunday, July 15, 2007 1:27 PM:
>
>> Glen,
>>
>> I am definitely open to ideas.  At the moment, the model we used is
>> the MSK delivery mechanism (actually my understanding of the commonly
>> used MSK delivery mechanism) of RADIUS.
>
> OK, but I don't know what MSK is delivered this way (certainly not
> 802.11i, which I think is the most common).
>
>> It is the simplest, but as
>> you note has issues.
>
> Well, yes it does, in that it uses the MS MPPE keying attributes but it
> doesn't have the issue I was referring to (the use of IPsec).
>
>> Please send your review to the list and propose
>> alternatives; we can discuss and go with whatever solution we have
>> consensus for, as usual.
>>
>> thanks,
>> Lakshminath
>>
>> On 7/15/2007 10:55 AM, Glen Zorn (gwz) wrote:
>>> David B. Nelson <mailto:d.b.nelson@comcast.net> allegedly scribbled
>>> on Thursday, July 12, 2007 4:30 AM:
>>>
>>> ...
>>>
>>>> Having said all of that, I will note that the RADIUS Crypto-Agility
>>>> work item in RADEXT addresses RADIUS key-wrap and key delivery, and
>>>> this seems to have significant overlap with the
>>>> draft-gaonkar-radext-erp-attrs draft.  We should address that issue.
>>>
>>> Well, it _could_ (probably should) use key wrap, but at the moment it
>>> doesn't specifying instead the use of IPsec (A Really Bad Idea (TM)
>>> IMHO BTW) so in its present state I don't really see much overlap
>>> w/the crypto-agility work.  What am I missing?
>
> _______________________________________________
> HOKEY mailing list
> HOKEY@ietf.org
> https://www1.ietf.org/mailman/listinfo/hokey
>



_______________________________________________
HOKEY mailing list
HOKEY@ietf.org
https://www1.ietf.org/mailman/listinfo/hokey

v2.23.0 | Report a Bug | By Email