IETF Logo Mail Archive

Re: [OPSAWG] Submission of new version of TACACS+ TLS Spec (V4)

Alan DeKok <aland@deployingradius.com> Fri, 29 December 2023 01:15 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA787C17C88B for <opsawg@ietfa.amsl.com>; Thu, 28 Dec 2023 17:15:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aR8y1bHu4oqu for <opsawg@ietfa.amsl.com>; Thu, 28 Dec 2023 17:15:02 -0800 (PST)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9445DC1519B9 for <opsawg@ietf.org>; Thu, 28 Dec 2023 17:15:01 -0800 (PST)
Received: from smtpclient.apple (135-23-95-173.cpe.pppoe.ca [135.23.95.173]) by mail.networkradius.com (Postfix) with ESMTPSA id 848EC504; Fri, 29 Dec 2023 01:14:58 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <BL3PR11MB63644D3F5582B72ECC98B6BEB794A@BL3PR11MB6364.namprd11.prod.outlook.com>
Date: Thu, 28 Dec 2023 20:14:56 -0500
Cc: "opsawg@ietf.org" <opsawg@ietf.org>, John Heasly <heas@shrubbery.net>, Andrej Ota <andrej@ota.si>
Content-Transfer-Encoding: quoted-printable
Message-Id: <51549EE7-6065-407F-8A2E-D179B1AA8D54@deployingradius.com>
References: <BL3PR11MB63644D3F5582B72ECC98B6BEB794A@BL3PR11MB6364.namprd11.prod.outlook.com>
To: "Douglas Gash (dcmgash)" <dcmgash=40cisco.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/KP_vRljYhTfsvRfXVk4zdHD8Nkc>
Subject: Re: [OPSAWG] Submission of new version of TACACS+ TLS Spec (V4)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Dec 2023 01:15:06 -0000

On Dec 22, 2023, at 11:53 AM, Douglas Gash (dcmgash) <dcmgash=40cisco.com@dmarc.ietf.org> wrote:
> Some brief notes regarding the broader topics raised in v3, all items of course, are open for re-aligning as the group sees fit.
>  
> 	• Regarding the allocation of a specific port, a key motivation concerns the pervasive use of default ports in current configurations. Ensuring the client implementations work correctly with default ports now TLS is introduced, to minimise burden for operators whilst avoiding wrinkles with downgrade attacks does require said new default port to be allocated, and we will explicitly mention this in a new section in the new doc. We hope this should help account for our request for an allocated port.

  I think it's reasonable to allow use of the old port.  I would add a section explaining why this choice was made.  Perhaps also adding some text on how packet inspection systems / firewalls can distinguish the two protocols over the same port.

  For example, it may be useful for firewalls to allow TACACS+ traffic, but only if it's encrypted.

  The non-TLS TACAC+ connections have the first octet as 0xc0 or 0xc1, and the second octet is 0x01, 0x02, or 0x03.  Whereas TLS begins with a TLS handshake 0x16, followed by the TLS major version 0x03.

   I think it would be sufficient to just check the first octet.  If it's 0xc0 ... 0xcf, it's unlikely to be TLS and could be blocked.  Those values are unassigned in the TLS ContentType registry, and are likely to remain unassigned for the foreseeable future.

 I suspect that by the time those values are assigned for TLS ContentType, all uses of non-TLS TACACS+ would be long deprecated.

> 	• RFC9325 does look a timely reference, and we have tried to delegate what we can from the new TACACS+ doc to it.
> 	• Tracking the discussion on the deprecation of obfuscation option inside TLS, our current reading is that:
> 		• All TLS traffic must NOT use obfuscation.

  I would phrase that as "TACACS+ application data sent inside of a TLS tunnel MUST NOT use obfuscation".

> 		• Setting the non-obfuscation option (TACACS has a flag for unencrypted)  is mandatory for all TLS TACACS+ traffic.

  Yes.

> 		• The aim is to avoid any ambiguity and to remove MD5 operations from this level of the protocol.

  It would be good to give some explanation as to why MD5 is being removed.


> 	• We hope we have addressed the raised issues nits and ambiguities.

  It's looking good.

  Some additional nits on the new version:

* Section 2

  I would suggest some modifications to the terms.  Perhaps:

     Historic TACACS+: as defined in RFC 8907

  The intention here is to say also that it's not just "TACACS+ without TLS", but it's *historic* and should not be used.

    TACACS+TLS: TLS transport with TACACS+ as the application data
  
* Section 3

  Perhaps "TACACS+ over TLS" instead of "TLS for TACACS+" ?

  I don't think it's necessary for the first paragraph to re-explain how TACAC+ connections work.

  Perhaps also explain that TACACS+TLS is little more than a TLS wrapper around un-obfuscated TLS.  i.e. could it be implemented simply with stunnel + a historic TLS client/server?

* Section 3.1

  Perhaps explain why the same port is being (or could be) used.

  "Therefore, TLS Hello MUST be initiated ..."

  What's a "Hello" ?  Perhaps just say instead that the connection begins with TLS, and leave it at that.

 "This document favors the predictable use of TLS security for a deployment"

  I'm not sure what that means.  Maybe "prefers" or "mandates" the use of TLS?  I find the phrasing to be confusing.

* Section 3.2.2

  It may be useful to move the TLS-PSK discussion from 5.1.3 to here.

  Though the RADEXT WG recently went through a long process of defining TLS-PSK for RADIUS.  It wasn't trivial.  See https://datatracker.ietf.org/doc/draft-ietf-radext-tls-psk/

  If the document is going to say "TLS-PSK is possible" but nothing more, then I would suggest just forbidding it.  There are a lot of details to get right with TLS-PSK.

* Section 3.4

  ALPN needs to have ALPN strings defined.  There's a similar (and long) discussion in https://datatracker.ietf.org/doc/draft-ietf-radext-radiusv11/

  TACACS+TLS doesn't need that level of complexity.  The RADEXT document is trying to be compatible with historic RADIUS, which is hard.  So it's a good idea to require the use of ALPN now.

  Perhaps for TACACS+TLS, just say that the client and server MUST use a particular ALPN string.  Maybe "tacacs+/12.1", which could mean both 12.0 and 12.1 versions of TACACS+,

 Over all, I'd like to see more content in the document.  Right now it outlines how TACACS+TLS should work, but gives very little guidance to implementors or operators.  I'd suggest reading the RADEXT TLS-PSK and ALPN documents linked above.  They go into exhaustive detail about how every little bit is supposed to work.  I've found that documenting the protocol in such detail greatly improves the quality of the implementations, and is more likely to result in interoperation between the implementations.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email