IETF Logo Mail Archive

Re: [IPsec] Beginning the PAKE selection process

Nicolas Williams <Nicolas.Williams@oracle.com> Tue, 25 May 2010 00:55 UTC

Return-Path: <Nicolas.Williams@oracle.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 01B333A6908 for <ipsec@core3.amsl.com>; Mon, 24 May 2010 17:55:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.138
X-Spam-Level:
X-Spam-Status: No, score=-4.138 tagged_above=-999 required=5 tests=[AWL=-0.140, BAYES_50=0.001, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ae0yLtUCV8Q7 for <ipsec@core3.amsl.com>; Mon, 24 May 2010 17:55:12 -0700 (PDT)
Received: from rcsinet10.oracle.com (rcsinet10.oracle.com [148.87.113.121]) by core3.amsl.com (Postfix) with ESMTP id F2A133A685F for <ipsec@ietf.org>; Mon, 24 May 2010 17:55:11 -0700 (PDT)
Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o4P0t1tP002575 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 25 May 2010 00:55:03 GMT
Received: from acsmt355.oracle.com (acsmt355.oracle.com [141.146.40.155]) by acsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o4OMmnKP013018; Tue, 25 May 2010 00:55:00 GMT
Received: from abhmt018.oracle.com by acsmt353.oracle.com with ESMTP id 264238301274748798; Mon, 24 May 2010 17:53:18 -0700
Received: from oracle.com (/129.153.128.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 24 May 2010 17:53:18 -0700
Date: Mon, 24 May 2010 19:53:14 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: Dan Harkins <dharkins@lounge.org>
Message-ID: <20100525005313.GY9605@oracle.com>
References: <p06240809c8170588347a@[10.20.30.158]> <4BFADC66.3030902@gmail.com> <1efd1968902681a735f0f3083b2c3066.squirrel@www.trepanning.net> <p06240832c820a32b532c@[10.20.30.158]> <20100524215455.GV9605@oracle.com> <beb64bc637fe61c9ed35ce2563333fe9.squirrel@www.trepanning.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <beb64bc637fe61c9ed35ce2563333fe9.squirrel@www.trepanning.net>
User-Agent: Mutt/1.5.20 (2010-03-02)
X-Auth-Type: Internal IP
X-Source-IP: acsinet15.oracle.com [141.146.126.227]
X-CT-RefId: str=0001.0A090204.4BFB1FE7.013C:SCFMA922111,ss=1,fgs=0
Cc: IPsecme WG <ipsec@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [IPsec] Beginning the PAKE selection process
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 May 2010 00:55:13 -0000

On Mon, May 24, 2010 at 04:41:59PM -0700, Dan Harkins wrote:
>   We discussed this in the WG. The non-PKIX authentication mechanism
> using EAP entails pointless encapsulation, twice as many messages,
> unnecessary code bloat from implementation of both client and server
> EAP state machines (where it had been the case, in RFC 4306, that an
> implementation only needed to do one), and the introduction of problems
> that didn't use to exist (like the "lying NAS" problem). The WG added
> this work item for a very good reason.

Allow me to quote myself:

> On Mon, May 24, 2010 2:54 pm, Nicolas Williams wrote:
> > Personally I'd much rather that the WG add non-PKIX authentication
> > mechanism options to IKEv2 via existing frameworks: either EAP or the
> > GSS-API.

I didn't say it has to be EAP; I named an alternative.  The GSS-API is
far, far simpler.  For an example see SCRAM (draft-ietf-sasl-scram)
(specifically see the section on SCRAM as a GSS-API mechanism).  (Plus
a GSS->EAP mechanism bridge is certainly feasible as well.)

For your mechanism it'd be even simpler because you'd not be trying to
describe in two different ways at the same time.  SCRAM was designed as
both, a GSS-API mechanism, and as a SASL mechanism that is functionally
equivalent to SCRAM-the-GSS-API- mech-used-as-a-SASL-"GS2"-mech ("GS2"
is a framework for adapting GSS-API mechanisms as SASL mechanisms).

Of course, I'd also point out that SCRAM is the way it is precisely
because we had two camps: one that thought the GSS-API overly complex
and one that thought it pointless to define SCRAM as a SASL mechanism
but not as a GSS-API mechanism.  We found a very happy medium by
constructing a GSS->SASL mechanism bridge that was simple, added no
round-trips and which allowed us to describe SCRAM in two equivalent
ways.  You might find the same is possible here, both with regard to EAP
and with regard to the GSS-API.

You might also find our logic in the SASL WG appealing here as well:
surely you want your mechanism to be useable in more than just this one
context (IKEv2)!, and surely you don't want to have to define new
bindings for it to every application protocol!  By defining your
mechanism as a GSS-API mechanism, for example, you'd get support for the
same mechanism in SSHv2, NFSv4, etcetera, almost for free.

>   So how do you think the work item should be solved given that the WG
> already decided to solve it? What do you think of my draft?

I've not read it yet.  I don't think it'd make much difference to the
matter at hand.

Nico
--

v2.23.0 | Report a Bug | By Email