Re: comments on draft-houseley-aaa-key-mgmt-07.txt

[Lakshminath Dondeti <ldondeti@qualcomm.com>]

Sam,

Please read the thread again and make a convincing case as to why my 
message -- and please consider the entire message -- is disgusting, and 
I shall apologize.

Some notes inline:

Sam Hartman wrote:
>>>>>> "Lakshminath" == Lakshminath Dondeti <ldondeti@qualcomm.com> writes:
> 
>     Lakshminath> Dan, We are discussing the case of the authenticator
>     Lakshminath> providing a different identity to the peer and the
>     Lakshminath> server here.  Sam raised that issue.
> 
> This is probably the last message you'll hear from me for the next
> week.  I'm supposed to be on vacation but I made the mistake of
> reading my ietf mail.
> 
> However, I was so disgusted by your message that I had to reply.  I
> will not make the mistake of reading ietf mail until I return again.
> 
> We're discussing Dan's last call comment.  There's no way Dan can be
> wrong about what problem we're discussing.H We may not understand him,
> but it is completely inappropriate to correct him and tell him that
> he's bringing up the wrong problem.

First, a fact to consider: Dan's last call comment never really made it 
to my mailbox and it is not available in the archive (perhaps he was/is 
not subscribed to the IETF list; I have 1 message from him in my mailbox 
that was cc'ed to the IETF list, but that is not in the archive either).

This thread started with your message calling the list's attention to 
Dan's message; unfortunately, Dan's message was not included in your 
message either.  Vidya was kind enough to summarize the problem for the 
list based on the long discussion on this topic in the HOKEY list.

You responded to Vidya's message saying that "the model you proposed 
didn't fit what Dan was talking about very well."  You went on to 
summarize the problem as "Dan wants to focus on problems
resulting from the fact that the name of the authenticator used
between the peer and the authenticator may be different than the name
of the authenticator used between the authenticator and the AAA
server."

Now I haven't seen Dan's original message and so I don't know whether 
you are capturing the entirety of Dan's message.  In my response, I was 
in fact bringing in Dan's concern (as I understood it on the HOKEY list) 
back into the discussion.

I responded to you and noted that there are two problems, 1) the entity 
in the middle giving a different identity to the peer and the server 
(which may be solved by including the identity in the key derivation; 
there are other solutions) and 2) the entity in the middle giving the 
same wrong identity to both sides.

I went on to say "Let me put it this way, both issues are considered 
problems to address/solve in this case."

By the way, I think #2 above briefly and correctly summarizes what Dan 
is describing.  Below is the attack in his own words.

Here is Dan's summary of the problem: "No, there is a problem even if 
the identity is part of the key
derivation. The reason is that this is a _symmetric_ key that is used
by the client to gain network access. If it is possible for some
entity to lie about its identity to obtain one of these keys, then that
key can be used to impersonate the client to the authenticator whose
identity was lied about and/or attack a connection the client makes to
the authenticator whose identity was lied about.

   Any security properties you're trying to assign to this key have been
thrown out the window.

   Dan."

My message that you were so "disgusted" by was in response to Dan's 
email above.

I was attempting to say to Dan that the reference to including the 
identity as part of key derivation came about as a response to your 
summary of the problem.  I went on to talk about the problem he has 
described in the HOKEY list as well in this thread in the second 
paragraph and concluded "Please provide your thoughts on whether her 
proposed text covers the issue adequately.  Otherwise, please provide 
text. "

I did not correct him, I was merely saying the focus of the thread at 
that moment was on a slightly different problem (and that was from your 
summary of the issue, btw) than the one he has described.

I did not "tell him that he's bringing up the wrong problem."  What gave 
you that impression?

So where do I think we are?  At the risk of repeating myself, there is 
the problem of an entity in the middle giving different identities to 
the peer and the server and there is the problem of the entity in the 
middle giving the wrong identity to the server and the peer (giving the 
wrong identity to the server alone may also be sufficient in some cases, 
but requiring that the peer trigger the key delivery mitigates that 
aspect of it).

This is my opinion; last I checked I can express my opinion on any of 
the IETF lists, just as anyone else.  I am also quite fallible.

I look forward to other summaries of where we are in the discussion and 
what needs to be added to draft-housley-aaa-key-mgmt.  I may have overly 
simplified something or understood the threat incorrectly; please point 
out what I got wrong.

Finally, if someone cares to explain in what way my messages (I sent all 
of two in this thread) are sidetracking (I guess that's what Sam is 
saying below) or otherwise disrupting the discussion, I am willing to learn.

thanks,
Lakshminath

> 
> Please stop trying to refocus the discussion.  Bringing up a model to
> think about an issue can be a useful tool, but it can also be a tool
> used to add obscurity.  In this instance, I think you and Vidya may be
> having the ladder effect.
> 
> --Sam
> 
> 

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf