IETF Logo Mail Archive

Re: [radext] ALPN alert use with RADIUS Version 1.1

Alexander Clouter <alex+ietf@coremem.com> Wed, 19 July 2023 17:28 UTC

Return-Path: <alex+ietf@coremem.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7866FC151073 for <radext@ietfa.amsl.com>; Wed, 19 Jul 2023 10:28:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=coremem.com header.b="PZmPc6dn"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="NluQDSpn"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xAHo1hOInKRz for <radext@ietfa.amsl.com>; Wed, 19 Jul 2023 10:28:44 -0700 (PDT)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 286CAC14CE25 for <radext@ietf.org>; Wed, 19 Jul 2023 10:28:43 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id B9A353200938 for <radext@ietf.org>; Wed, 19 Jul 2023 13:28:42 -0400 (EDT)
Received: from imap46 ([10.202.2.96]) by compute5.internal (MEProxy); Wed, 19 Jul 2023 13:28:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coremem.com; h= cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm2; t=1689787722; x=1689874122; bh=I0 TyFwVNpxPCjiqrzCrd1O7NBSHwnZzFL+OvGP54sDM=; b=PZmPc6dnP6NNJG/eea 7MxgKS5hEnHJD/SaRImsUWtLktYo2ckghzR/DtFUZ8vGQz864iqDwLObqvP6QU3T K+08Xy+HJB8jlC9lzH/p0ZH2CvIpbxQecQ8AVVmfZVHeaE+zjnb9kQpU5zuzkhya nPSAf2PHKLgyWbcKsTrtQTDRSJmlTIO4j7MGJg6P+Id+6TYSQ9NGQBmBapmXfaXV Q9nvRGvgjdAQA3Abnhb3X8gESQP3XIzJpRX9WDvQgC9XESp9VaYMgie+C+NXI288 31LmSdJjS0Q8eiBkFhURcmsVC90iG/69ODi9T7/58hj0+Gkk/BpULQ7ERcnBFLQ2 NaGQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1689787722; x=1689874122; bh=I0TyFwVNpxPCj iqrzCrd1O7NBSHwnZzFL+OvGP54sDM=; b=NluQDSpnECAJEdIPPSxqtS7ikM9AO URUmD6icZn2Fja6Mlb9A+1ft8ORvqWr5+YmEa9ILNyHCB+vDbglkK5TcdZg3T9zI bms/23pGmqQmYaDuel4V1uLOb9GKDnCmYp8kN8y7DehFMN3tMzX4nx2cyfYSEkWq WjOWgJN/J9Knzbp+vH1cSKa4+HWKbYx/q9XkUAOWiRYecp/vHRzJgoAFiJBaJP9Y NwzIqdU8VlsoznhgBMgwO280fzrt6LlL1EzIhYS2H+C7YU3rIgrrciFEo6E9i0PF CIWWjamLEdMyrWLEbs0gK6fCgLcrybM8It18lYhmv6klmdx9kOCMoLZ+Q==
X-ME-Sender: <xms:SR24ZNa0IUlMtYFHqurTrFsY9QfFWq6oneqraOQCw-suChC5g2WueQ> <xme:SR24ZEZfEP0GCfLUAn55ogNAL8TrytJv5jUjs3yfvY1BQnn_LxMsWyLnrv__O-p6q A6ZpDEpKPw01MmgLQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrgeekgdeliecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesrgdtre erreertdenucfhrhhomhepfdetlhgvgigrnhguvghrucevlhhouhhtvghrfdcuoegrlhgv gidoihgvthhfsegtohhrvghmvghmrdgtohhmqeenucggtffrrghtthgvrhhnpeeikeevue dvtddukefgtdekheejtddtkeethefgueffleejhfevteffueevfeejleenucffohhmrghi nhepihgvthhfrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrg hilhhfrhhomheprghlvgigodhivghtfhestghorhgvmhgvmhdrtghomh
X-ME-Proxy: <xmx:Sh24ZP_MefWfsSYv1xEmcFvu9ubaBe_qKkT7h9s04gPNlUO6Px-gtw> <xmx:Sh24ZLrOAFXCVAZU0hw18txploNHjvHHm6tiVQbRkT03Zg3nLSphjg> <xmx:Sh24ZIrlzgZf3gTaP4pZLFMBVvviW_UzHT1CX7znXolpBwgz_CJTLw> <xmx:Sh24ZF2k5_UvPwy8iwXHDRdXCuv9qQ56TFsiApA9Fae5t6rwIjj05w>
Feedback-ID: ie3614602:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id DD2C62A2008B; Wed, 19 Jul 2023 13:28:41 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.9.0-alpha0-531-gfdfa13a06d-fm-20230703.001-gfdfa13a0
Mime-Version: 1.0
Message-Id: <2b0525c8-bb78-41eb-833a-5ee4f7a3231f@app.fastmail.com>
In-Reply-To: <CAA7Lko9kxYNOZDuZHfBZQ-01fPf25EYSLuNR=2aUL1Z19ehuRw@mail.gmail.com>
References: <CAA7Lko9kxYNOZDuZHfBZQ-01fPf25EYSLuNR=2aUL1Z19ehuRw@mail.gmail.com>
Date: Wed, 19 Jul 2023 18:27:44 +0100
From: Alexander Clouter <alex+ietf@coremem.com>
To: radext@ietf.org
Content-Type: multipart/alternative; boundary="531c7960d50a4f9b97e4866b938b7814"
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/17ANcIPXJMEaQyb86vMP50-FqZo>
Subject: Re: [radext] ALPN alert use with RADIUS Version 1.1
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2023 17:28:48 -0000

On Wed, 19 Jul 2023, at 17:36, Heikki Vatiainen wrote:
> I've looked at RADIUS Version 1.1 implementation and there are a some implementation related topics I'd like to hear opinions on. I'll start with ALPN alert use with this message.
> 
> The draft currently states this about TLS alert 120 use:
> https://www.ietf.org/archive/id/draft-ietf-radext-radiusv11-01.html#section-3.3-9
>> If a client or server determines that there are no compatible application protocol names, then as per [RFC7301] Section 3.2, it MUST send a TLS alert of "no_application_protocol" (120), which signals to the other end that there is no compatible application protocol.
> 
> The table in section 3.3.1 then helpfully describes all combinations of client and server ALPN configuration policy and capability.
> First, regarding client behaviour: I don't think RFC 7301 describes the possibility for a client to send alert 120.
> https://datatracker.ietf.org/doc/html/rfc7301#section-3.2 

I do not think this is necessary as 'client' is not RADIUS client, it is TLS client.

The TLS client already has sent all the ALPN protocols it is willing to do, the server is doing the checking.

If the client sends 'radius11' and the server is okay with it and responds with "showtime, lets do radius11", the client really should not be rejecting it at this point.

So maybe the 'client or' in section 3.3.9 should be removed?

> Second, OpenSSL provides a callback for examining ClientHello and then triggering an alert if the handshake shouldn't proceed. This can be used to handle the upper right corner case in the table where the Client supports 'No ALPN' and Server policy is 'require'. This again seems to go against ALPN RFC 7301 because the RFC only discusses alert 120 in the case where the server supports no value that the client offers with ALPN. The upper right corner is the case where the client sends no ALPN extension.
> 
> With Rust native TLS there's apparently no similar ClientHello callback and the server needs to later examine if ALPN was negotiated and then close the connection. In other words, with Rust TLS, the handshake finishes first before ALPN status is available.

Erlang supports the hook via ssl:handshake_continue/2 and ssl:handshake_continue/3; I used it to implement RFC8737.

Erlang only uses OpenSSL for crypto operations but otherwise is its own independent TLS library.

> With both OpenSSL and Rust TLS, the libraries can be made to send alert 120 when there's no overlap with ALPN protocols the client and server support. In other words, only the case where the both client and server use ALPN, alert 120 can be sent without any extra work.

I do not think it is meaning for a client to send this as it has already declared what it wants to do in the ClientHello.

> To summarise: the requirement to use TLS alert 120 by both client and server in every case where the table in section 3.3.1 of the current draft requires 'Close' seems to be hard to implement. It also seems to be not what the ALPN RFC states about alert 120 usage. It would be beneficial for troubleshooting if the alert could be used for all 'Close' cases, but should we think about an alternative for those cases where the TLS implementation can't be made to send alert 120 as the application needs?

I think we should ignore incomplete implementations. They will fix these and other limitations as demand for that functionality pops up.

I agree though it should be highlighted in this document that the server needs the ability to inspect the ClientHello mid-handshake and if you cannot, do a hard and fast shutdown of the socket post handshake.

Not convinced close_notify is the right approach, as there is a lack of client support (even in OpenSSL) there we all discovered whilst contributing to RFC9427....I really think "server shuts down immediately the connection and logs a very grumpy message to the logging subsystem" will suffice here.

I think it would be worse to force all RADIUS implementors to write code to handle two different types of connection shutdowns. This spec is meant to make things easier :)

Afterall, the RADIUS client operators will have the ability to talk to the RADIUS server operator and ask "your server dislikes me, can you tell me why?"

Cheers

v2.23.0 | Report a Bug | By Email