IETF Logo Mail Archive

Re: [IPsec] replacing PSKs: CFRG and PAKE

Nico Williams <nico@cryptonector.com> Tue, 11 December 2018 04:28 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86062126CC7 for <ipsec@ietfa.amsl.com>; Mon, 10 Dec 2018 20:28:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ctCw7o-y5P_E for <ipsec@ietfa.amsl.com>; Mon, 10 Dec 2018 20:28:48 -0800 (PST)
Received: from golden.birch.relay.mailchannels.net (golden.birch.relay.mailchannels.net [23.83.209.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E00D9126C01 for <ipsec@ietf.org>; Mon, 10 Dec 2018 20:28:47 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id C0182124131; Tue, 11 Dec 2018 04:28:46 +0000 (UTC)
Received: from pdx1-sub0-mail-a58.g.dreamhost.com (unknown [100.96.11.179]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 669201240EF; Tue, 11 Dec 2018 04:28:46 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a58.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.16.2); Tue, 11 Dec 2018 04:28:46 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Snatch-Spicy: 193bffa84a016354_1544502526603_1030116420
X-MC-Loop-Signature: 1544502526603:3219547074
X-MC-Ingress-Time: 1544502526602
Received: from pdx1-sub0-mail-a58.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a58.g.dreamhost.com (Postfix) with ESMTP id 0FA998068C; Mon, 10 Dec 2018 20:28:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to:content-transfer-encoding; s= cryptonector.com; bh=BDVUfVjX5OQx74QWYbPbkyjrQa0=; b=Z4FF6/cVfws HCf6TU6W39RAUIfrt57/havH44dzOpBprvXx+hoJ8niuO6u1NglFaXpLUtm4uHyb WpxMDpBCSr+NaA/QEbE0J6XbWS4bht8mSz88HMTMSpQaaOOTPzt3JfzU21GGSKrN k+oTQdxTlkBonn24jsjayqtQqslyLJb4=
Received: from localhost (rrcs-172-254-26-194.nyc.biz.rr.com [172.254.26.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a58.g.dreamhost.com (Postfix) with ESMTPSA id 26D8D806D3; Mon, 10 Dec 2018 20:28:41 -0800 (PST)
Date: Mon, 10 Dec 2018 22:28:39 -0600
X-DH-BACKEND: pdx1-sub0-mail-a58
From: Nico Williams <nico@cryptonector.com>
To: Michael Richardson <mcr@sandelman.ca>
Cc: ipsec@ietf.org, Paul Wouters <paul@nohats.ca>
Message-ID: <20181211042838.GF15561@localhost>
References: <25207.1544136532@localhost> <026601d49061$8809ad30$981d0790$@gmail.com> <29587.1544482818@localhost> <alpine.LRH.2.21.1812101842270.29141@bofh.nohats.ca> <24842.1544489482@localhost> <8D5228D2-EF4B-4504-888F-BEB202DB6634@nohats.ca> <14559.1544494854@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <14559.1544494854@localhost>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedtkedrudegiedgjedvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffukfhfgggtugfgjggfsehtkeertddtreejnecuhfhrohhmpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqnecukfhppedujedvrddvheegrddviedrudelgeenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedujedvrddvheegrddviedrudelgedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/ho_hHThC9EDMi3zDQdPyiFy3ToQ>
Subject: Re: [IPsec] replacing PSKs: CFRG and PAKE
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2018 04:28:49 -0000

On Mon, Dec 10, 2018 at 09:20:54PM -0500, Michael Richardson wrote:
> Paul Wouters <paul@nohats.ca> wrote:
> > > yes, typo, "not for road-warrior"
> >
> > I understood. I disagree with the “not”. Road warriors using group psk is a
> > thing, sadly.
> 
> But they aren't cross-domain, they can do EAP-foobar, and they could use a
> certificate without a lot of hassle about what set of trust anchors.
> 
> If we stick to the site-to-site then I think we can do something rather
> simple and quick, and our security considerations section will be much
> simpler.

I mean, if road warriors should always be using either EAP or user
certs, then we don't need PAKE for anything because presumably the
shared keys used in PSKs are strong enough that PAKEs don't improve
security and only slow things down...

(I'm assuming you mean to use an EAP method like EAP-PWD (RFCs 5931 and
8146), yes?)

Assuming you can always use EAP, the only real reasons to use a PAKE in
IKEv2 are:

 - you're not entirely sure that you don't have weak PSKs and would like
   to strengthen them

 - you don't always want EAP for users who don't have certs for reasons
   that escape me

   (I wouldn't object, but if EAP fits the bill as to PAKE already, then
   thw WG could object to spending its resources on adding PAKE to
   IKEv2.)

Right?

Nico
--

v2.23.0 | Report a Bug | By Email