Re: [IPsec] replacing PSKs: CFRG and PAKE

Paul Wouters <paul@nohats.ca> Tue, 11 December 2018 20:57 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DABA12E036 for <ipsec@ietfa.amsl.com>; Tue, 11 Dec 2018 12:57:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ULG1yCiMj9ir for <ipsec@ietfa.amsl.com>; Tue, 11 Dec 2018 12:57:41 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11EDF124D68 for <ipsec@ietf.org>; Tue, 11 Dec 2018 12:57:41 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 43Dshd6Xr1zG8V; Tue, 11 Dec 2018 21:57:37 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1544561857; bh=4o/pz1MtC4JSDy9BPHBC992Shyu0VMDasRLjdAkoa2Q=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=ADWwRAD/VktlGFxGberJqXb0VSk/6G2u2aLJBp+iBgZRRipC82xLX6eKxrwu9R/tq yP3jBFsRqaD1O3x/nLVuJVZTfDzOkT57TnplMSMksVrwwwnw3/TLhB+ePajN5IAwjc vfx0ehvuAVP66hsgk3uAFS+D5XnL9p9mGvwhYfrU=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id adumCtdUnX7K; Tue, 11 Dec 2018 21:57:36 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 11 Dec 2018 21:57:35 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id BA2422E75A2; Tue, 11 Dec 2018 15:57:34 -0500 (EST)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca BA2422E75A2
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id AD3C3407AA79; Tue, 11 Dec 2018 15:57:34 -0500 (EST)
Date: Tue, 11 Dec 2018 15:57:34 -0500
From: Paul Wouters <paul@nohats.ca>
To: Nico Williams <nico@cryptonector.com>
cc: Michael Richardson <mcr+ietf@sandelman.ca>, ipsec@ietf.org
In-Reply-To: <20181211202518.GG15561@localhost>
Message-ID: <alpine.LRH.2.21.1812111551580.22818@bofh.nohats.ca>
References: <25207.1544136532@localhost> <026601d49061$8809ad30$981d0790$@gmail.com> <29587.1544482818@localhost> <alpine.LRH.2.21.1812101842270.29141@bofh.nohats.ca> <24842.1544489482@localhost> <8D5228D2-EF4B-4504-888F-BEB202DB6634@nohats.ca> <14559.1544494854@localhost> <20181211042838.GF15561@localhost> <2076.1544530886@localhost> <20181211202518.GG15561@localhost>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/bAi3zON2IcP3r145Rz1wxlKWS3g>
Subject: Re: [IPsec] replacing PSKs: CFRG and PAKE
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2018 20:57:43 -0000

On Tue, 11 Dec 2018, Nico Williams wrote:

>>>  - you're not entirely sure that you don't have weak PSKs and would like
>>>    to strengthen them
>>
>> I think that this is the major reason.
>
> OK, but you can always convert the real weak PSKs to either PK-{I,raw}
> or EAP depending on whether the "client" is a user or not and/or its
> capabilities.

I hate the idea of turning weak PSKs, possibly already logged by nation
states, and turn these into PAKEs. I would really hope people do NOT do
that or part of the point of obsoleting PSK's for PAKEs is lost.

> I'e, this reason doesn't seem pressing, unless what's pressing is that
> somehow a non-EAP PAKE would be much less work for some implementors or
> operators (or users) than EAP (w/ EAP-PWD or equivalent).

Yes. Please no EAP where possible.

> The moment someone says "and let's add OTP" I think EAP is definitely
> the better answer if it already ticks all the capability boxes.

That I can agree too. In general, the OTP use case is a really a
deployment with a human driver in the seat, and not site-to-site or
mesh-node encryption. It's almost always remote access vpn within the
same organisation.

>>>    (I wouldn't object, but if EAP fits the bill as to PAKE already, then
>>>    thw WG could object to spending its resources on adding PAKE to
>>>    IKEv2.)

As explained before. site to site has no way of doing EAP in practise.

> I tend to agree.  The only case where that's not true is when you have a
> site that doesn't already have RADIUS/DIAMETER/WHATEVER AAA
> infrastructure and would rather not deploy one.  Not sure the WG should
> cater to such users.

That is a common case, imagine your 4 home users connecting back to your
simple home vpn gateway.

>> A site-to-site PAKE is more useful if it isolated from any AAA
>> infrastructure.
>
> Sure, but does this WG want to cater to that?

Yes we do! One of the goals was to get PSK phased out. So to me this is
the primary use case.

> I think a reasonable compromise would be to add a PAKE (both options,
> balanced and augmented) but no second factor support.

I have been convinced this is likely the right way forward.

Paul