Re: [Pana] Security Comment: draft-ohba-pana-relay-02.txt
Margaret Wasserman <margaretw42@gmail.com> Thu, 25 November 2010 14:29 UTC
Return-Path: <margaretw42@gmail.com>
X-Original-To: pana@core3.amsl.com
Delivered-To: pana@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 425AA28C116 for <pana@core3.amsl.com>; Thu, 25 Nov 2010 06:29:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Za+WKZtedFpV for <pana@core3.amsl.com>; Thu, 25 Nov 2010 06:29:43 -0800 (PST)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by core3.amsl.com (Postfix) with ESMTP id DFE613A6A38 for <pana@ietf.org>; Thu, 25 Nov 2010 06:29:42 -0800 (PST)
Received: by vws7 with SMTP id 7so381827vws.31 for <pana@ietf.org>; Thu, 25 Nov 2010 06:30:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:cc:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=mIONkp4jtoJeQzQbZO0zuSCjiquBc6mhfl5CghaVN0c=; b=qE+8oqxyiAtdxIlv7rpIYEFYAL5P6SkJNbZrF2cqAG9u2ToZYBOe8NjZAf2kcoBELX oNGzy3lNSSTszOkYrM7bnv1mKvLGkSmTxfDvWorw8F+1cncV/VsyMD30TjOKkN5a+g3J mFeupCzszqRY4+viwi/IXbUebBUv21DPLwcmU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=cc:message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=SyZbk+ORlN1VxMqKwgw8vxc5LN4eULXPn8cU9RQ45qMV9TIaJZn5vzz29BuHRWQAYi WbUWkQzEKa7vr9f4DJY6bsIdnKxilJ+S4DR/AWzC4iTDAWsGpmFnWPxL3r/iauzABIjk 3AroAfDNn/ijEwSJDY8oKOxUuZVIswR3cgU5g=
Received: by 10.220.85.2 with SMTP id m2mr218918vcl.119.1290695444116; Thu, 25 Nov 2010 06:30:44 -0800 (PST)
Received: from [10.36.0.42] (pool-108-20-27-240.bstnma.fios.verizon.net [108.20.27.240]) by mx.google.com with ESMTPS id y4sm96076vch.11.2010.11.25.06.30.42 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 25 Nov 2010 06:30:43 -0800 (PST)
Message-Id: <645DDAC5-3104-4BEF-9CA1-6E0362CEFF2C@lilacglade.org>
From: Margaret Wasserman <margaretw42@gmail.com>
To: Alper Yegin <alper.yegin@yegin.org>
In-Reply-To: <10506E23-EE49-4355-BE7E-CE0151DDD34D@lilacglade.org>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Thu, 25 Nov 2010 09:30:41 -0500
References: <10506E23-EE49-4355-BE7E-CE0151DDD34D@lilacglade.org>
X-Mailer: Apple Mail (2.936)
Cc: pana@ietf.org, robert.cragie@gridmerge.com, 'Samita Chakrabarti' <samitac@ipinfusion.com>, 'Ralph Droms' <rdroms.ietf@gmail.com>
Subject: Re: [Pana] Security Comment: draft-ohba-pana-relay-02.txt
X-BeenThere: pana@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Protocol for carrying Authentication for Network Access <pana.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pana>
List-Post: <mailto:pana@ietf.org>
List-Help: <mailto:pana-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Nov 2010 14:29:49 -0000
Hi Alper, On Nov 22, 2010, at 6:25 AM, Alper Yegin wrote: > Hi Margaret, > > EAP and PANA protocols are designed to operate over unsecure links. > They don't expect any encryption, integrity/replay protection, data > origin authentication from the layers below. > As far as the EAP and PANA are concerned, PRE is no different than a > bridge or a router relaying the EAP/PANA payloads between the PaC > and the PAA. > I think there is an important difference between a Pana Relay (PRE) and a bridge or router relaying EAP/PANA packets. In the router/ bridge case, the replies from the PAA are sent in an IP packet with a destination address of the Pana Client (PaC). In order to snoop or intercept those packets, an attacker would need to be on-path between the PAA and the PaC. When using PRE, the PAA responses are sent back to the PRE addresses which are not validated or authenticated in any way, so this would allow an easy way for an attacker to harvest a large number of replies for different PaCs without having to be on- path between the PAA and those PaCs. That is a significant difference in the security model when a PRE is used. Whether it is a difference that needs to be addressed in the protocol depends on whether it would be problematic (within PANA/EAP, specifically) for a third-party to be able to harvest PAA replies for multiple clients. The Security Considerations section needs to acknowledge this difference, and it (at least) needs to include some analysis of why this isn't a problem (if, in fact, it isn't). Thanks, Margaret
- [Pana] Security Comment: draft-ohba-pana-relay-02… Margaret Wasserman
- Re: [Pana] Security Comment: draft-ohba-pana-rela… Alper Yegin
- Re: [Pana] Security Comment: draft-ohba-pana-rela… Margaret Wasserman
- Re: [Pana] Security Comment: draft-ohba-pana-rela… Alper Yegin
- Re: [Pana] Security Comment: draft-ohba-pana-rela… Margaret Wasserman
- Re: [Pana] Security Comment: draft-ohba-pana-rela… Samita Chakrabarti