Re: [HOKEY] [FW: New Version Notification for draft-ietf-hokey-key-mgm-02]
Yoshihiro Ohba <yohba@tari.toshiba.com> Tue, 19 February 2008 15:09 UTC
Return-Path: <hokey-bounces@ietf.org>
X-Original-To: ietfarch-hokey-archive@core3.amsl.com
Delivered-To: ietfarch-hokey-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AFC273A6AC4; Tue, 19 Feb 2008 07:09:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.423
X-Spam-Level:
X-Spam-Status: No, score=-0.423 tagged_above=-999 required=5 tests=[AWL=0.014, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y0i0tICfCsfb; Tue, 19 Feb 2008 07:09:42 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 810C628C461; Tue, 19 Feb 2008 07:09:42 -0800 (PST)
X-Original-To: hokey@core3.amsl.com
Delivered-To: hokey@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 88EF93A6AB6 for <hokey@core3.amsl.com>; Tue, 19 Feb 2008 07:09:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f2yoM11E7RwW for <hokey@core3.amsl.com>; Tue, 19 Feb 2008 07:09:39 -0800 (PST)
Received: from toshi17.tari.toshiba.com (unknown [IPv6:2001:418:1403:0:212:17ff:fe52:7811]) by core3.amsl.com (Postfix) with ESMTP id 137CB28C461 for <hokey@ietf.org>; Tue, 19 Feb 2008 07:09:38 -0800 (PST)
Received: from steelhead.localdomain (tarij-98.tari.toshiba.com [172.30.24.201] (may be forged)) by toshi17.tari.toshiba.com (8.13.1/8.13.1) with ESMTP id m1JF9X3k096324; Tue, 19 Feb 2008 10:09:33 -0500 (EST) (envelope-from yohba@tari.toshiba.com)
Received: from ohba by steelhead.localdomain with local (Exim 4.69) (envelope-from <yohba@tari.toshiba.com>) id 1JRU68-0002BZ-Tk; Tue, 19 Feb 2008 10:09:32 -0500
Date: Tue, 19 Feb 2008 10:09:32 -0500
From: Yoshihiro Ohba <yohba@tari.toshiba.com>
To: Charles Clancy <clancy@cs.umd.edu>
Message-ID: <20080219150932.GO32166@steelhead.localdomain>
References: <20080131140327.GB2664@steelhead.localdomain> <47BA53F3.7010305@cs.umd.edu>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <47BA53F3.7010305@cs.umd.edu>
User-Agent: Mutt/1.5.17+20080114 (2008-01-14)
Cc: hokey@ietf.org
Subject: Re: [HOKEY] [FW: New Version Notification for draft-ietf-hokey-key-mgm-02]
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: hokey-bounces@ietf.org
Errors-To: hokey-bounces@ietf.org
Charles, I don't agree with entirely removing end-to-end security feature by entirely removing KIts and KCts and eliminating encryption and integrity protection between third party and server within this protocol. I stated my position relating to this in January: http://www.ietf.org/mail-archive/web/hokey/current/msg00923.html Also, let me note your comment stating that end-to-end security would be useful to many working groups and many protocols that operate over AAA: http://www.ietf.org/mail-archive/web/hokey/current/msg01043.html Please see below for my other comments that are not relating to my above disagreement. On Mon, Feb 18, 2008 at 10:58:43PM -0500, Charles Clancy wrote: > Yoshi, > > Thanks for putting together this update. We still have significant > problems with this document. It's very much a 3-party key distribution > document, and the WG consensus is to not do 3-party key distribution. If > we can't get this document to match WG consensus, we'll need to toss it > out and start with something else. Below are my specific comments on > what I think needs to be done to get this document going in the right > direction. Additionally, there are also significant grammatical > problems with the document. > > I'd be happy to help with the editing, to possibly have a document that > matches WG consensus by IETF 71. Let me know if you're interested. > > --------- > Section 1 > --------- > > > The purpose of this document is not to provide exact syntax for the > > signaling, only the general semantics for the parameters involved are > > defined. The exact syntax for these parameters when carried by > > specific protocols, such as AAA protocols [RFC3579] [RFC4072] or EAP > > protocols are out of scope of this document. > > I'm not sure this is correct. The goal of this document is to define a > generic protocol and then describe exactly how to use specific protocols > to transport keying material (e.g. ERX and AAA). I am working on the next revision which will include exact syntax as a generic protocol. If we consider distribution of DSRK, I believe UDP transport is sufficient, since the DSRK distribution can happen after the peer completes a full EAP authentication and establishes connectivity to the network in a visited domain. Therefore, the peer can directly communicate with DSR-KH over UDP. Extending ERX to carry this protocol may not be a good idea. Note also that DSRK is not specific to ERX. > > --------- > Section 3 > --------- > > > However, since EMSK cannot be > > exported from EAP server, such third parties need to request the EAP > > server to generate the relevant root key (USRK, DSRK, or DSUSRK) from > > the EMSK and deliver the requested key to them. > > The EAP server only generates USRKs and DSRKs. DSUSRKs are generated by > AAA servers in a specific key management domain (or DSR-KH in your > terminology). OK. > > > The USR-KH by > > definition is domain independent, which means the USR-KH can use > > USRK to generate DSUSRK for each domain deploying that service. > > According to the current EMSK hierarchy, DSUSRKs cannot be derived from > USRKs. A USR-KH can derive any keys it wants from the USRK, and they > may be domain-specific, but they shouldn't be called DSUSRKs. We can simply remove the sentence. > > > Security Requirements for > > delivery of USRK from EAP server to a collocated USR-KH is > > currently TBD. > > I don't think this is something we need to worry about. It should be > consistent with how AAA keys are currently managed within a AAA server. We can remove this sentence as well. > > > The DSR-KH is > > possibly responsible for derivation and distribution of any child > > keys derived from DSRK for that specific domain. > > More than "possibly responsible". It's "responsible". You should point > out that these keys are DSUSRKs. OK. > > > Regardless of the type of key being delivered, the model for EAP > > based key derivation and delivery interface can be generalized as a 3 > > party key distribution model > > I'd like to see a different terminology used. The WG consensus is to > NOT use 3-party key distribution. References to "distribution to a > third party" seem reasonable, but I'd prefer some other name. "3-party > key distribution" is not okay, because it implies certain requirements > that the WG has decided not to pursue. > > ----------- > Section 3.1 > ----------- > > KDE message 0 should be removed or at least made optional. It should be > assumed that the peer already knows these identities. I agree with making KDE0 optional. > > PRT: this message looks okay > > TRT: We don't assume the existence of KIts. The TRT should not have an > integrity check on it. It should be assumed that the transport protocol > will provide integrity protection and/or confidentiality of this > message. In the transport section we'll deal more with how AAA can > provide this necessary integrity protection. > > TOK: Again, we don't assume the existence of KIts or KCts. We need to > place requirements on the transport to provide this confidentiality and > integrity protection. > > SAT: this message looks okay > > ----------- > Section 3.2 > ----------- > > The KDRK can only be the EMSK (to deliver USRKs and DSRKs) or DSRK (to > deliver DSUSRKs). Describe the CK and IK as USRKS and DSUSRKs. That > is, if the KDRK is the EMSK, then: > > CK = USRK(usage="distribution cipher key") > IK = USRK(usage="distribution integrity key") > > ... and if the KDRK is the DSRK for domain="example.net", then: > > CK = DSUSRK(usage="key distribution cipher key", domain="example.net") > IK = DSUSRK(usage="key distribution integrity key", domain="example.net") > > ... rather than providing the exact PRF. The EMSK doc is normative on > the PRF. OK. > > ----------- > Section 3.4 > ----------- > > This section should be removed, since the KIts and KCts shouldn't exist. > > All references to Kerberos MUST be removed from this document. > > Talk about scenarios independently from HOKEY. Feel free to use ERX as > an example protocol that could use the keys. > > -------------- > Needed Section > -------------- > > We need a section that provides the fundamental signaling. Specifically, > how to map this to AAA, how to deal with proxies, and how to use AAA to > provide some level of confidentiality and integrity for the PRT and TRT. > > We also need to define how ERX can carry PRK and SAT using their > existing, extensible framework. > > I think draft-gaonkar-radext-erp-attrs-02 is a good start on how this > can be accomplished. As I commented above, extending ERX to carry this protocol may not be a good idea. The peer can directly communicate with DSR-KH over UDP. Maybe what we can do is to identify several alternatives for the signaling and discuss them in IETF71. Yoshihiro Ohba _______________________________________________ HOKEY mailing list HOKEY@ietf.org http://www.ietf.org/mailman/listinfo/hokey
- [HOKEY] [FW: New Version Notification for draft-i… Yoshihiro Ohba
- Re: [HOKEY] [FW: New Version Notification for dra… Charles Clancy
- Re: [HOKEY] [FW: New Version Notification for dra… Yoshihiro Ohba
- Re: [HOKEY] [FW: New Version Notification for dra… Charles Clancy
- Re: [HOKEY] [FW: New Version Notification for dra… Yoshihiro Ohba