IETF Logo Mail Archive

Re: [IPsec] replacing PSKs: CFRG and PAKE

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 11 December 2018 12:21 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD68C130DD0 for <ipsec@ietfa.amsl.com>; Tue, 11 Dec 2018 04:21:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Al31K0gHbbFZ for <ipsec@ietfa.amsl.com>; Tue, 11 Dec 2018 04:21:28 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E9CE127333 for <ipsec@ietf.org>; Tue, 11 Dec 2018 04:21:28 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 481BD20072; Tue, 11 Dec 2018 07:21:20 -0500 (EST)
Received: by sandelman.ca (Postfix, from userid 179) id 14F65E15; Tue, 11 Dec 2018 07:21:26 -0500 (EST)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 12E949D9; Tue, 11 Dec 2018 07:21:26 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: ipsec@ietf.org, Nico Williams <nico@cryptonector.com>
cc: Paul Wouters <paul@nohats.ca>
In-Reply-To: <20181211042838.GF15561@localhost>
References: <25207.1544136532@localhost> <026601d49061$8809ad30$981d0790$@gmail.com> <29587.1544482818@localhost> <alpine.LRH.2.21.1812101842270.29141@bofh.nohats.ca> <24842.1544489482@localhost> <8D5228D2-EF4B-4504-888F-BEB202DB6634@nohats.ca> <14559.1544494854@localhost> <20181211042838.GF15561@localhost>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Tue, 11 Dec 2018 07:21:26 -0500
Message-ID: <2076.1544530886@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/jWzyBiDlRYVHt-ZSfa4-9rNlRZE>
Subject: Re: [IPsec] replacing PSKs: CFRG and PAKE
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2018 12:21:31 -0000

Nico Williams <nico@cryptonector.com> wrote:
> On Mon, Dec 10, 2018 at 09:20:54PM -0500, Michael Richardson wrote:
> > Paul Wouters <paul@nohats.ca> wrote:
> > > > yes, typo, "not for road-warrior"
> > >
> > > I understood. I disagree with the “not”. Road warriors using group psk is a
> > > thing, sadly.
> >
> > But they aren't cross-domain, they can do EAP-foobar, and they could use a
> > certificate without a lot of hassle about what set of trust anchors.
> >
> > If we stick to the site-to-site then I think we can do something rather
> > simple and quick, and our security considerations section will be much
> > simpler.
>
> I mean, if road warriors should always be using either EAP or user
> certs, then we don't need PAKE for anything because presumably the
> shared keys used in PSKs are strong enough that PAKEs don't improve
> security and only slow things down...

It's the enterprise-to-enterprise connection that is hard to convert to
certificates for the reasons that Paul explained.

> (I'm assuming you mean to use an EAP method like EAP-PWD (RFCs 5931 and
> 8146), yes?)
>
> Assuming you can always use EAP, the only real reasons to use a PAKE in
> IKEv2 are:
>
>  - you're not entirely sure that you don't have weak PSKs and would like
>    to strengthen them

I think that this is the major reason.

>
>  - you don't always want EAP for users who don't have certs for reasons
>    that escape me
>
>    (I wouldn't object, but if EAP fits the bill as to PAKE already, then
>    thw WG could object to spending its resources on adding PAKE to
>    IKEv2.)

I think that a user-oriented PAKE is more useful if it can be backended into
a AAA infrastructure, which EAP can.
A site-to-site PAKE is more useful if it isolated from any AAA
infrastructure.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.37.1 | Report a Bug | By Email | System Status