Re: [consensus] comments on draft-housley-aaa-key-mgmt-07.txt
"Dan Harkins" <dharkins@lounge.org> Thu, 05 April 2007 00:06 UTC
Return-path: <ietf-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HZFUg-0004yi-H7; Wed, 04 Apr 2007 20:06:26 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HZFUf-0004yY-6m for ietf@ietf.org; Wed, 04 Apr 2007 20:06:25 -0400
Received: from colo.trepanning.net ([69.55.226.174] helo=mail1.trepanning.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HZFUd-0005DW-OK for ietf@ietf.org; Wed, 04 Apr 2007 20:06:25 -0400
Received: from www.trepanning.net (localhost [127.0.0.1]) by mail1.trepanning.net (Postfix) with ESMTP id 5EC431FA674A; Wed, 4 Apr 2007 17:06:23 -0700 (PDT)
Received: from 12.108.168.179 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Wed, 4 Apr 2007 17:06:23 -0700 (PDT)
Message-ID: <14965.12.108.168.179.1175731583.squirrel@www.trepanning.net>
In-Reply-To: <tsl7ist2dif.fsf@cz.mit.edu>
References: <41825.12.108.168.179.1171660575.squirrel@www.trepanning.net> <tslwt2hiybm.fsf@cz.mit.edu> <C24CB51D5AA800449982D9BCB90325134F192B@NAEX13.na.qualcomm.com> <tslfy947pol.fsf@cz.mit.edu> <45D73CEB.2000701@qualcomm.com> <C24CB51D5AA800449982D9BCB90325134F192D@NAEX13.na.qualcomm.com> <0C7B902B470A264FA64D66CBF76FB821014CD3F6@WIN-MSG-20.wingroup.windeploy.ntdev.microsoft.com> <C24CB51D5AA800449982D9BCB90325134F1947@NAEX13.na.qualcomm.com> <tsld52qipph.fsf_-_@cz.mit.edu> <52310.69.12.173.8.1175549276.squirrel@www.trepanning.net> <tsl7ist2dif.fsf@cz.mit.edu>
Date: Wed, 04 Apr 2007 17:06:23 -0700
From: Dan Harkins <dharkins@lounge.org>
To: Sam Hartman <hartmans-ietf@mit.edu>
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Priority: 3 (Normal)
Importance: Normal
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 5ebbf074524e58e662bc8209a6235027
Cc: Bernard Aboba <bernarda@windows.microsoft.com>, ietf@ietf.org
Subject: Re: [consensus] comments on draft-housley-aaa-key-mgmt-07.txt
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org
Sam, The keys in this hypothetical protocol are for network access and giving them to authenticators for that purpose would seem to fall under the "key scope" requirement. These are not session keys so the text relating the session keys is not applicable. So the domino effect is the only text that could seem to prohibit this. As long as the same key wasn't given to more than one authenticator though then this is satisfied. A way to prevent the same key being sent to different authenticators is to allow the authenticator to choose an identity to advertise to the peer-- "I'm 'foo'"-- and to tell the server-- "give me a key specific to 'foo'". That identity is mixed into the key derivation function. This is essentially what 802.11r is doing. This has channel binding/lying NAS issues though. I'm not quite sure yet what HOKEY is doing in this regard (how is the distributed key separated from other keys) but it appears to suffer from the same problems since people are advocating solutions that do not fix this problem. Finally, I'm not trying to delay anything. I said it before and I'll say it again: if the general feeling is that the I-D already addresses these issues or there is no consensus to solve the problem then publish it as an RFC. It is important to have an RFC talking about these things, it's just my personal opinion that it does not go far enough. Dan. On Tue, April 3, 2007 5:23 pm, Sam Hartman wrote: >>>>>> "Dan" == Dan Harkins <dharkins@lounge.org> writes: > > Dan> Sam, > > Dan> I guess the question is, what text in this I-D would > Dan> prevent a new key distribution protocol based on AAA in which > Dan> the authentication server sent a copy of the peer's keys > Dan> willy-nilly to every authenticator it had a security > Dan> association with? > > First, note that I do not claim we have the text right; I'm asking > Russ and Bernard to evaluate that. > > So, I'll tell you what the closest text is for this, but you are > welcome to argue that the current text does not reflect our consensus. > > Under limit key scope: > > Following the principle of least privilege, parties MUST NOT > have access to keying material that is not needed to perform > their role. > Also see: > > Strong, fresh session keys > > While preserving algorithm independence, session keys MUST be > strong and fresh. Each session deserves an independent session > key. > A fresh cryptographic key is one that is generated specifically > for the intended use. In this situation, a secure association > protocol is used to establish session keys. The AAA protocol > and EAP method MUST ensure that the keying material supplied as > an input to session key derivation is fresh, and the secure > association protocol MUST generate a separate session key for > each session, even if the keying material provided by EAP is > cached. A cached key persists after the authentication > exchange has completed. For the AAA/EAP server, key caching > can happen when state is kept on the server. For the NAS or > client, key caching can happen when the NAS or client does not > destroy keying material immediately following the derivation of > session keys. > > Prevent the Domino effect > > Compromise of a single peer MUST NOT compromise keying material > held by any other peer within the system, including session > keys and long-term keys. Likewise, compromise of a single > authenticator MUST NOT compromise keying material held by any > other authenticator within the system. In the context of a key > hierarchy, this means that the compromise of one node in the > key hierarchy must not disclose the information necessary to > compromise other branches in the key hierarchy. Obviously, the > compromise of the root of the key hierarchy will compromise all > of the keys; however, a compromise in one branch MUST NOT > result in the compromise of other branches. > > I think given these requirements what you propose would not be > appropriate. > > > Dan> Another question: has the peer no say in to whom its > Dan> secrets are disclosed? If you think it does then what in the > Dan> I-D addresses that concern and if you don't think it does > Dan> then why? > > I find no requirements related to this. I do not believe there is > consensus to have such requirements nor do I believe it appropriate to > delay the document while you attempt to build such a consensus. > > --Sam > > _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- Re: comments on draft-houseley-aaa-key-mgmt-07.txt Sam Hartman
- RE: comments on draft-houseley-aaa-key-mgmt-07.txt Narayanan, Vidya
- Re: comments on draft-houseley-aaa-key-mgmt-07.txt Sam Hartman
- Re: comments on draft-houseley-aaa-key-mgmt-07.txt Lakshminath Dondeti
- RE: comments on draft-houseley-aaa-key-mgmt-07.txt Narayanan, Vidya
- Re: comments on draft-houseley-aaa-key-mgmt-07.txt Lakshminath Dondeti
- Re: comments on draft-houseley-aaa-key-mgmt-07.txt Yoshihiro Ohba
- RE: comments on draft-houseley-aaa-key-mgmt-07.txt Narayanan, Vidya
- Re: comments on draft-houseley-aaa-key-mgmt-07.txt Sam Hartman
- Re: comments on draft-houseley-aaa-key-mgmt-07.txt Yoshihiro Ohba
- Re: comments on draft-houseley-aaa-key-mgmt-07.txt Lakshminath Dondeti
- RE: comments on draft-houseley-aaa-key-mgmt-07.txt Narayanan, Vidya
- RE: comments on draft-houseley-aaa-key-mgmt-07.txt Dan Harkins
- comments on draft-houseley-aaa-key-mgmt-07.txt Dan Harkins
- [Dan Harkins] comments on draft-houseley-aaa-key-… Sam Hartman
- Re: [Dan Harkins] comments on draft-houseley-aaa-… Dan Harkins
- Re: [Dan Harkins] comments on draft-houseley-aaa-… Sam Hartman
- Re: [Dan Harkins] comments on draft-houseley-aaa-… Lakshminath Dondeti
- Re: [Dan Harkins] comments on draft-houseley-aaa-… Dan Harkins
- RE: [Dan Harkins] comments on draft-houseley-aaa-… Narayanan, Vidya
- RE: [Dan Harkins] comments on draft-houseley-aaa-… Dan Harkins
- Re: [Dan Harkins] comments on draft-houseley-aaa-… Lakshminath Dondeti
- Re: [Dan Harkins] comments on draft-houseley-aaa-… Dan Harkins
- Re: [Dan Harkins] comments on draft-houseley-aaa-… Lakshminath Dondeti
- RE: [Dan Harkins] comments on draft-houseley-aaa-… Narayanan, Vidya
- Re: [Dan Harkins] comments on draft-houseley-aaa-… Dan Harkins
- Re: [Dan Harkins] comments on draft-houseley-aaa-… Sam Hartman
- Re: [consensus] comments on draft-housley-aaa-key… Sam Hartman
- Re: [consensus] comments on draft-housley-aaa-key… Dan Harkins
- Re: [consensus] comments on draft-housley-aaa-key… Sam Hartman
- Re: [consensus] comments on draft-housley-aaa-key… Dan Harkins
- Re: [consensus] comments on draft-housley-aaa-key… Sam Hartman
- Re: [consensus] comments on draft-housley-aaa-key… Sam Hartman
- Re: [consensus] comments on draft-housley-aaa-key… Dan Harkins
- Re: [consensus] comments on draft-housley-aaa-key… Sam Hartman
- Re: [consensus] comments on draft-housley-aaa-key… Sam Hartman
- RE: [consensus] comments on draft-housley-aaa-key… Bernard Aboba
- RE: [consensus] comments on draft-housley-aaa-key… Bernard Aboba