IETF Logo Mail Archive

Re: [pcp] EAP-over-PCP

Sam Hartman <hartmans@painless-security.com> Wed, 19 September 2012 13:54 UTC

Return-Path: <hartmans@painless-security.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0EE921F861D for <pcp@ietfa.amsl.com>; Wed, 19 Sep 2012 06:54:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 4.395
X-Spam-Level: ****
X-Spam-Status: No, score=4.395 tagged_above=-999 required=5 tests=[AWL=0.107, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TjwCSP7BvS-9 for <pcp@ietfa.amsl.com>; Wed, 19 Sep 2012 06:54:26 -0700 (PDT)
Received: from ec2-23-21-227-93.compute-1.amazonaws.com (ec2-23-21-227-93.compute-1.amazonaws.com [23.21.227.93]) by ietfa.amsl.com (Postfix) with ESMTP id 3C11021F8620 for <pcp@ietf.org>; Wed, 19 Sep 2012 06:54:25 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (c-98-217-126-210.hsd1.ma.comcast.net [98.217.126.210]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id A649120178; Wed, 19 Sep 2012 09:54:15 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 6060C4149; Wed, 19 Sep 2012 09:53:55 -0400 (EDT)
From: Sam Hartman <hartmans@painless-security.com>
To: Alper Yegin <alper.yegin@yegin.org>
References: <14C7F4F06DB5814AB0DE29716C4F6D6702E12ABC28@FRMRSSXCHMBSB1.dc-m.alcatel-lucent.com> <CB96F2AF-7545-457D-96EB-F78B7666C00C@yegin.org> <tsl1ui0wvmo.fsf_-_@mit.edu> <E91C9554-FBCF-4324-A1BF-5C4D75F5264A@yegin.org> <9A2322BB-699A-4A71-89D5-9E3E48979272@yegin.org> <tslvcfbscqm.fsf_-_@mit.edu> <20FE79EA-9E75-49E7-9854-4AA24314FC7B@yegin.org>
Date: Wed, 19 Sep 2012 09:53:55 -0400
In-Reply-To: <20FE79EA-9E75-49E7-9854-4AA24314FC7B@yegin.org> (Alper Yegin's message of "Wed, 19 Sep 2012 10:39:40 +0300")
Message-ID: <tslipbap18s.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: "'pcp@ietf.org'" <pcp@ietf.org>
Subject: Re: [pcp] EAP-over-PCP
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Sep 2012 13:54:27 -0000

>>>>> "Alper" == Alper Yegin <alper.yegin@yegin.org> writes:

    >> Depending on what's easy for PCP implementations we have a number
    >> of options.
    >> 
    >> In RFC 3748 the conversation is conceptually server driven.
    >> However, there is typically a client (lower layer) indication to
    >> get things started.
    >> 
    >> However, the only reason that the conversation is server-driven
    >> iss retransmissions. If you take a look at section 2 of RFC 3748
    >> you note that the protocol is lockstep. The server cannot send a
    >> new request until the client has responded to the previous one.
    >> If you take a look at section 4.3, a lower layer may sent the
    >> retransmission timeout to infinite. In this mode, the server will
    >> never generate an unsolicited request.  So, it's entirely
    >> possible to view things as a client-server protocol with
    >> client-driven retransmissions if that makes things easier for PCP
    >> implementations.
    >> 

Alper>I don't understand how this works.
    Alper> EAP authenticator performs rexmits.  So, if it does not get a
    Alper> response, it'll keep rexmitting. So, how can you achieve
    Alper> "server will never generate an unsolicited request"?

There are three aspects to this: why does it work in practice, why does
it comply with the spec, and why do I think  it's been reviewed
adequately to suggest it?

For the first, EAP libraries tend to have a way to ignore  retransmits
or set the retransmission timeout to infinite.
Consider what happens in an AAA server. There, your EAP server cannot
(and is not supposed to) handle retransmits.
RADIUS at least is a lock-step protocol. Ignoring things like COA, a
RADIUS server cannot send an unsolicited response to a client.
So any EAP server library basically has to have a way to disable
retransmits.
I guess it's possible that you could have a passthrough authenticator
library that doesn't pull this off.
IN practice we've not run into this problem; see below for why.

Also, as I understand it (without close reading) the IKEv2 EAP support
works this way as well.

So, why does it comply with the spec?
Take a look at RFC 3748 section 4.3. That section points out a lower
layer can set the retransmit timeout to infinite if it is reliable
itself.

Why do I think the whole idea of assuming you'll never get an
unsolicited server request has been adequately reviewed? It's part of
draft-ietf-abfab-gss-eap, which has already been approved and is waiting
publication. I've personally walked through what we were doing with
Bernard; I know Joe is familiar with the work enough that he understands
our state machine constraints. Klaas is one of the chairs; he also has a
lot of EAP experience. Josh Howlett, my co-author has many more years of
EAP experience than I do.  So, I believe that this idea has received
adequate review that if I were somehow misreading the base EAP spec we
would have noticed it.


    Alper> And, furthermore, there'd be EAP re-authentication which can
    Alper> be initiated by the client or server. This is another reason
    Alper> for having to support server-side requests.


I'm not entirely sure what you're talking about when you say EAP
re-authentication.
Do you mean the EAP re-authentication protocol (the one done in HOKEY?)
The base EAP spec mentions re-authentication once or twice  but does not
define it.
My best reading of that text is that they simply mean there can be later
EAP conversations if you want to access a new resource or the like, or
the network wants to re-key, or prove fresh access to tokens or
whatever.


When you look at the peer state machine in RFC 4137, you note that the
success state is a final state.
It's going to require lower layer interactions to get out of that state.
If you look at the commen open-source supplicants (all I have access to)
you see that tends to be how people implement things.
You expect a disassociation or something else to trigger new
authentication.
And when that happens, yes, depending on who's doing the trigger and
what's going on, the first *EAP* message may be from the server.

In our proposal, PCP is the same way.  A server can throw away a session
and give a client an error that they must authenticate again if it wants
an EAP exchange.  This is intended to deal with wanting to expire
sessions or servers that lose state.  However it also deals with a
server wanting to confirm freshness, or getting a re-authentication
demand via some complex AAA infrastructure that seems unlikely to be
used with PCP in practice.

v2.23.0 | Report a Bug | By Email