IETF Logo Mail Archive

Re: [pcp] Comparison of PCP authentication

Sam Hartman <hartmans@painless-security.com> Thu, 09 August 2012 13:25 UTC

Return-Path: <hartmans@painless-security.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72A7021F859B for <pcp@ietfa.amsl.com>; Thu, 9 Aug 2012 06:25:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.124
X-Spam-Level: **
X-Spam-Status: No, score=2.124 tagged_above=-999 required=5 tests=[AWL=-2.164, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GqBC6zCP-IZl for <pcp@ietfa.amsl.com>; Thu, 9 Aug 2012 06:25:38 -0700 (PDT)
Received: from ec2-23-21-76-251.compute-1.amazonaws.com (ec2-23-21-227-93.compute-1.amazonaws.com [23.21.227.93]) by ietfa.amsl.com (Postfix) with ESMTP id D386A21F8599 for <pcp@ietf.org>; Thu, 9 Aug 2012 06:25:36 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id ED30C201B6; Thu, 9 Aug 2012 09:25:25 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 9B0A7420E; Thu, 9 Aug 2012 09:25:22 -0400 (EDT)
From: Sam Hartman <hartmans@painless-security.com>
To: Dan Wing <dwing@cisco.com>
References: <9B57C850BB53634CACEC56EF4853FF653B6EC381@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <7FE144CF-00E3-4451-8CBE-A6A684DB7CC4@yegin.org> <067d01cd73fd$765a6c50$630f44f0$@com> <D6D2DEED-C35A-45AB-8B72-96195C308DB9@yegin.org> <57FF0F8E-1B86-410F-8B6B-C4893A28222F@lilacglade.org> <BB72B80F-0622-4A5B-A985-79D8AED13E0B@apple.com> <003b01cd7587$a111b760$e3352620$@com> <15990E87-2D59-49B1-845C-2A4CB5A1FBD6@lilacglade.org> <008801cd758f$3fd306e0$bf7914a0$@com> <C72CBD9FE3CA604887B1B3F1D145D05E2CE65225@szxeml528-mbx.china.huawei.com> <028801cd75d6$c5765490$5062fdb0$@com>
Date: Thu, 09 Aug 2012 09:25:22 -0400
In-Reply-To: <028801cd75d6$c5765490$5062fdb0$@com> (Dan Wing's message of "Wed, 8 Aug 2012 19:29:15 -0700")
Message-ID: <tsla9y4gptp.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: 'Margaret Wasserman' <mrw@lilacglade.org>, pcp@ietf.org
Subject: Re: [pcp] Comparison of PCP authentication
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Aug 2012 13:25:38 -0000

>>>>> "Dan" == Dan Wing <dwing@cisco.com> writes:


    Dan> Doing PANA first is a good optimization only if the PCP client
    Dan> knows that PCP authentication will be required by the PCP
    Dan> server on that particular network.  If PCP authentication is
    Dan> not needed on a particular network, requesting PCP
    Dan> authentication incurs an extra round trip.

Thinking about this as an optimization seems wrong to me.

consider the case where the client wants authentication but the server
does not require it.  For example, the client wants integrity protection
of the result of the request.
In this case it's about security requirements *not* optimization.
The client needs a way to force the server to require authentication.

Another case where this becomes important is where a server will accept
requests from unauthenticated clients but treat them differently. For
example an authenticated client is allowed to ask for longer lifetimes,
etc.

Especially since interacting with firewalls is in-scope for PCP,
supporting clients with higher security requirements seems and important
design goal for a PCP authentication mechanism.

So, I don't think we should be thinking of this purely in terms of
optimization.

v2.23.0 | Report a Bug | By Email