Re: [HOKEY] RE: Need advise on advancing draft-gaonkar-radext-erp-attrs
"Dan Harkins" <dharkins@lounge.org> Sun, 15 July 2007 23:33 UTC
Return-path: <hokey-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IADam-0005mY-JK; Sun, 15 Jul 2007 19:33:32 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IADal-0005mJ-MP for hokey@ietf.org; Sun, 15 Jul 2007 19:33:31 -0400
Received: from colo.trepanning.net ([69.55.226.174] helo=mail1.trepanning.net) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IADal-00059h-8o for hokey@ietf.org; Sun, 15 Jul 2007 19:33:31 -0400
Received: from www.trepanning.net (localhost [127.0.0.1]) by mail1.trepanning.net (Postfix) with ESMTP id 6F47D1FA60C9; Sun, 15 Jul 2007 16:32:26 -0700 (PDT)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Sun, 15 Jul 2007 16:32:26 -0700 (PDT)
Message-ID: <43198.69.12.173.8.1184542346.squirrel@www.trepanning.net>
In-Reply-To: <4C0FAAC489C8B74F96BEAD85EAEB262504504982@xmb-sjc-215.amer.cisco.com>
References: <46946AE6.9040705@qualcomm.com> <EDC652A26FB23C4EB6384A4584434A04215A88@307622ANEX5.global.avaya.com> <4C0FAAC489C8B74F96BEAD85EAEB262504503FEC@xmb-sjc-215.amer.cisco.com> <4695BD98.9030500@qualcomm.com> <4C0FAAC489C8B74F96BEAD85EAEB26250450403D@xmb-sjc-215.amer.cisco.com> <4695C7CC.5020600@qualcomm.com> <000f01c7c477$ec756f60$6401a8c0@NEWTON603> <4C0FAAC489C8B74F96BEAD85EAEB262504504971@xmb-sjc-215.amer.cisco.com> <469A8329.8050803@qualcomm.com> <4C0FAAC489C8B74F96BEAD85EAEB262504504982@xmb-sjc-215.amer.cisco.com>
Date: Sun, 15 Jul 2007 16:32:26 -0700
Subject: Re: [HOKEY] RE: Need advise on advancing draft-gaonkar-radext-erp-attrs
From: Dan Harkins <dharkins@lounge.org>
To: "Glen Zorn (gwz)" <gwz@cisco.com>
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Priority: 3 (Normal)
Importance: Normal
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 6cca30437e2d04f45110f2ff8dc1b1d5
Cc: "Gaonkar, Kedar" <kgaonkar@qualcomm.com>, Bernard Aboba <bernard_aboba@hotmail.com>, Tim Polk <tim.polk@nist.gov>, "Romascanu, Dan (Dan)" <dromasca@avaya.com>, hokey@ietf.org
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
Errors-To: hokey-bounces@ietf.org
Hi, MPPE is just wrong; IPsec has issues, as Glen notes. But RFC3394 has it's own problems. It doesn't have a security proof behind it and it doesn't allow for the inclusion of additional authenticated, but not wrapped, data. draft-zorn-radius-keywrap-13.txt uses a separate and additonal MAC on the RADIUS response to get around that latter issue. RFC3394 also imposes unnatural restrictions on the data being wrapped which might not be an issue in this case but it's still sub-optimal. So let me take this opportunity to tell everyone about draft-dharkins-siv-aes-00 which describes a new AES cipher mode for authenticated encryption. It can be used in the traditional nonce-based authenticated encryption mode and also in a deterministic, nonce-less key wrap mode. It has a security proof (in "Deterministic Authenticated Encryption" by Rogaway and Shrimpton, which defines SIV) and allow for additional authenticated, but not encrypted, data to be input. It also doesn't impose any unnatural restrictions on the length of the data to be wrapped. It would be ideal for this sort of problem! Also note that when SIV is used in the traditional nonce-based authenticated encryption mode it provides a level of resistance to nonce reuse whereas the security of other authenticated encryption schemes are voided when the nonce gets reused (e.g. GCM, CCM). Dan. On Sun, July 15, 2007 2:18 pm, Glen Zorn (gwz) wrote: > Lakshminath Dondeti <mailto:ldondeti@qualcomm.com> allegedly scribbled > on Sunday, July 15, 2007 1:27 PM: > >> Glen, >> >> I am definitely open to ideas. At the moment, the model we used is >> the MSK delivery mechanism (actually my understanding of the commonly >> used MSK delivery mechanism) of RADIUS. > > OK, but I don't know what MSK is delivered this way (certainly not > 802.11i, which I think is the most common). > >> It is the simplest, but as >> you note has issues. > > Well, yes it does, in that it uses the MS MPPE keying attributes but it > doesn't have the issue I was referring to (the use of IPsec). > >> Please send your review to the list and propose >> alternatives; we can discuss and go with whatever solution we have >> consensus for, as usual. >> >> thanks, >> Lakshminath >> >> On 7/15/2007 10:55 AM, Glen Zorn (gwz) wrote: >>> David B. Nelson <mailto:d.b.nelson@comcast.net> allegedly scribbled >>> on Thursday, July 12, 2007 4:30 AM: >>> >>> ... >>> >>>> Having said all of that, I will note that the RADIUS Crypto-Agility >>>> work item in RADEXT addresses RADIUS key-wrap and key delivery, and >>>> this seems to have significant overlap with the >>>> draft-gaonkar-radext-erp-attrs draft. We should address that issue. >>> >>> Well, it _could_ (probably should) use key wrap, but at the moment it >>> doesn't specifying instead the use of IPsec (A Really Bad Idea (TM) >>> IMHO BTW) so in its present state I don't really see much overlap >>> w/the crypto-agility work. What am I missing? > > _______________________________________________ > HOKEY mailing list > HOKEY@ietf.org > https://www1.ietf.org/mailman/listinfo/hokey > _______________________________________________ HOKEY mailing list HOKEY@ietf.org https://www1.ietf.org/mailman/listinfo/hokey
- [HOKEY] RE: Need advise on advancing draft-gaonka… Glen Zorn (gwz)
- Re: [HOKEY] RE: Need advise on advancing draft-ga… Dan Harkins