IETF Logo Mail Archive

Re: [HOKEY] consensus call: key distribution security requirement

Yoshihiro Ohba <yohba@tari.toshiba.com> Tue, 10 April 2007 04:32 UTC

Return-path: <hokey-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hb81s-00063t-N2; Tue, 10 Apr 2007 00:32:28 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hb81s-00063m-9Q for hokey@ietf.org; Tue, 10 Apr 2007 00:32:28 -0400
Received: from [2001:418:1403:0:212:17ff:fe52:7811] (helo=toshi17.tari.toshiba.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Hb81j-0004wy-I3 for hokey@ietf.org; Tue, 10 Apr 2007 00:32:28 -0400
Received: from localhost (toshi17.tari.toshiba.com [172.30.24.10]) by toshi17.tari.toshiba.com (8.13.1/8.13.1) with ESMTP id l3A4VjaM045889; Tue, 10 Apr 2007 00:31:45 -0400 (EDT) (envelope-from yohba@tari.toshiba.com)
Date: Tue, 10 Apr 2007 00:31:46 -0400
To: "Narayanan, Vidya" <vidyan@qualcomm.com>
Subject: Re: [HOKEY] consensus call: key distribution security requirement
Message-ID: <20070410043146.GC29462@steelhead>
References: <460EB36E.5010604@cs.umd.edu> <C24CB51D5AA800449982D9BCB9032513575610@NAEX13.na.qualcomm.com> <20070404024453.GA18289@steelhead> <C24CB51D5AA800449982D9BCB9032513575663@NAEX13.na.qualcomm.com> <20070405133243.GA18558@steelhead> <C24CB51D5AA800449982D9BCB903251357599A@NAEX13.na.qualcomm.com> <20070410015448.GH27511@steelhead> <C24CB51D5AA800449982D9BCB90325135759AB@NAEX13.na.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-2022-jp"
Content-Disposition: inline
In-Reply-To: <C24CB51D5AA800449982D9BCB90325135759AB@NAEX13.na.qualcomm.com>
User-Agent: Mutt/1.5.13 (2006-08-11)
From: Yoshihiro Ohba <yohba@tari.toshiba.com>
X-Dispatcher: imput version 20050308(IM148)
Lines: 133
X-Spam-Score: -2.4 (--)
X-Scan-Signature: a1852b4f554b02e7e4548cc7928acc1f
Cc: hokey@ietf.org
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
Errors-To: hokey-bounces@ietf.org

On Mon, Apr 09, 2007 at 07:08:47PM -0700, Narayanan, Vidya wrote:
>  
> > -----Original Message-----
> > From: Yoshihiro Ohba [mailto:yohba@tari.toshiba.com] 
> > Sent: Monday, April 09, 2007 6:55 PM
> > To: Narayanan, Vidya
> > Cc: Yoshihiro Ohba; Charles Clancy; hokey@ietf.org
> > Subject: Re: [HOKEY] consensus call: key distribution 
> > security requirement
> > 
> > On Mon, Apr 09, 2007 at 06:15:32PM -0700, Narayanan, Vidya wrote:
> > > Hi Yoshi,
> > > 
> > > <snip>
> > > 
> > > > 
> > > > I don't understand what "many cases" are.  What is "a 
> > certain level 
> > > > of service"?  What do you mean by "is charged for the 
> > same"?  I've 
> > > > read your slides you indicated below (thanks for the 
> > pointer!), but 
> > > > unfortunately, the slides do not contain detaied explanation on 
> > > > those points.
> > > > 
> > > 
> > > As an example, if I was guaranteed 1Mbps and that's what I get and 
> > > that's what I pay for, the identity of the entity that gave 
> > me 1Mbps 
> > > may be irrelevant to me.
> > 
> > But this has nothing to do with security properties we are 
> > talking about.
> 
> Why not?  

Because any security property I know of does not depend on how much
bandwidth is guaranteed.

> 
> > > 
> > > <snip>
> > > 
> > > > 
> > > > I have specific comments on your slides:
> > > > 
> > > > Slide 6:
> > > > 
> > > > "- As long as the peer is satisfied, the identity of the network 
> > > > entity providing the service is irrelevant"
> > > > 
> > > > How do you define peer's "satisfaction" from security 
> > point of view?
> > > > 
> > > 
> > > Again, this is what I've explained above. I may be looking for no 
> > > security guarantees from the network - i.e., I either don't 
> > care about 
> > > data security and exchange data in the clear through that 
> > network or 
> > > do care about it and use some end-to-end security for my data.
> > 
> > This sounds like sidetracking...
> > 
> > If what you are saying can justify making channel binding 
> > optional feature for the above reason, why can't we just make 
> > link-layer ciphering optional and recommend use of end-to-end 
> > security instead?
> > 
> 
> We don't make link-layer ciphering mandatory here at the IETF. If a
> network wants to do access control, it does that. EAP may provide the
> keys necessary to do that. And, just integrity protection is sufficient
> for access control. 

If you are talking about the case in which EAP does not provide keys
(e.g., wired Ethernet access with 802.1X), that is fine.  But as long
as keys are provided for link layer ciphering, I believe channel
binding is an important security property (and also see my comment below).

> 
> <snip>
> 
> > 
> > Without channel binding, a peer may connect to a network 
> > which is different from the intended one, through an 
> > impersonating authenticator.  As a result, the peer may 
> > happen to disclose information that is supposed to be sent to 
> > the intended network only, to the impersonating 
> > authenticator, and the impersonating authenticator can obtain 
> > that information.  This is a threat if channel binding is not 
> > provided.
> > 
> 
> This seems to be the point of disconnect. This is true when I treat my
> data that way selectively - may be true when I want to exchange data in
> the clear over an enterprise intranet, because I know I'm attached to an
> enterprise intranet. Channel binding may be relevant there and can also
> be done more effectively. When I'm attaching to an access point in
> Starbucks, I don't care what its identity is; my data is either not
> sensitive and I send it or I use end-to-end security for it. And, in
> such cases, channel binding is of no use. 

Since Starbucks does not use EAP or link-layer ciphering, and I don't
see your point.

Finally, how your argument on making channel binding optional can fit
draft-housley-aaa-key-mgmt?

Yoshihiro Ohba



> 
> Vidya
> 
> > Regards,
> > Yoshihiro Ohba
> > 
> > 
> > > 
> > > Regards,
> > > Vidya
> > > 
> > > > Regards,
> > > > Yoshihiro Ohba
> > > > 
> > > > 
> > > 
> > > 
> > 
> 
> 

_______________________________________________
HOKEY mailing list
HOKEY@ietf.org
https://www1.ietf.org/mailman/listinfo/hokey

v2.23.0 | Report a Bug | By Email