Re: [radext] I-D Action: draft-ietf-radext-tls-psk-03.txt
Peter Deacon <peterd@iea-software.com> Wed, 20 September 2023 00:02 UTC
Return-Path: <peterd@iea-software.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A7EDC1522CB for <radext@ietfa.amsl.com>; Tue, 19 Sep 2023 17:02:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ic0RTYDCil08 for <radext@ietfa.amsl.com>; Tue, 19 Sep 2023 17:02:23 -0700 (PDT)
Received: from aspen.iea-software.com (www.iea-software.com [70.89.142.193]) by ietfa.amsl.com (Postfix) with ESMTP id 9A098C1522AF for <radext@ietf.org>; Tue, 19 Sep 2023 17:02:23 -0700 (PDT)
Received: from smurf (unverified [10.0.3.195]) by aspen.iea-software.com (Rockliffe SMTPRA 7.0.6) with ESMTP id <B0006194940@aspen.iea-software.com>; Tue, 19 Sep 2023 17:02:22 -0700
Date: Tue, 19 Sep 2023 17:02:22 -0700
From: Peter Deacon <peterd@iea-software.com>
To: Alan DeKok <aland@deployingradius.com>
cc: radext@ietf.org
In-Reply-To: <94B53F4B-3D37-41C7-80AC-5C233B6CF271@deployingradius.com>
Message-ID: <a144a652-c829-2b69-cf6a-a38d03335e5b@iea-software.com>
References: <C3B7208C-C5E9-4F24-A4A3-9786A4568134@gmail.com> <0A108CC4-20E0-4089-9C73-6C321969133D@deployingradius.com> <CAOW+2dtDiL1DVd+uc0cga5ng+540v1h-Fgdm3Yo=GPOUGCYR0g@mail.gmail.com> <8D4A5243-47E4-44E1-825E-8B74772FD6AF@deployingradius.com> <CAOW+2du1RLGymyy8u4C_dq76OogXH819a3u5m86dBi_s59BrdA@mail.gmail.com> <56640CFB-C826-428C-B1E0-8C256A3B222E@deployingradius.com> <bd9dad9e-daab-97e6-3544-13e32be2000c@iea-software.com> <DBA2BB0F-A5BD-41EF-96AF-CBD8A2931505@deployingradius.com> <ed5071e6-efc6-d891-8c5b-1cfaed9d6342@iea-software.com> <94B53F4B-3D37-41C7-80AC-5C233B6CF271@deployingradius.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/1e7hgy64-p-BrASXtVqcxoZJIc8>
Subject: Re: [radext] I-D Action: draft-ietf-radext-tls-psk-03.txt
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Sep 2023 00:02:24 -0000
On Tue, 19 Sep 2023, Alan DeKok wrote: > On Sep 19, 2023, at 1:20 PM, Peter Deacon <peterd@iea-software.com> wrote: >> SRP ciphersuites are supported in OpenSSL. We've used them for years. >> That I know of wolfSSL and GnuTLS support SRP as well. OpenSSL uses a >> similar callback scheme for SRP as the external PSKs. > OK, but that's changing the subject. If you want to write a document > on using SRP with RADIUS/TLS, that's completely separate from TLS-PSK. I have no intention on writing a separate draft nor do I expect this draft to be modified to include PAKE. Remarks quoted above were offered only as a direct response to a question you asked about support in standard TLS libraries. I agree with the perspective insecure PSK authentication methods are good enough when you assume only keys having sufficient entropy to weather offline challenge are used. The reason for persuing PAKE is I simply don't view as credible the prospect decades of real world precident can be changed by merely calling a shared secret something else and placing a bunch of strong words in an RFC. I believe use of secure authentication between RADIUS clients and servers improves real world security at implementation costs no different from PSK. Not suggesting or requsting this WG do anything at all about my personal perspectives on PAKEs. >> "While there is no known way in which the same PSK might produce >> related output in both versions, only limited analysis has been done. >> Implementations can ensure safety from cross-protocol related output by >> not reusing PSKs between TLS 1.3 and TLS 1.2" >> This is a reflection of inability to formally prove separation not that >> there is actually a problem. > The fact that attacks are unknown simply means that they are likely to > exist in the future. The prospect of unknown attacks is what crypto agility is all about and why unecessarily restricting PSK to just one version at present is a source of avoidable risk by preventing operators from reacting should the unknown occur. > Given also the complexity of supporting multiple TLS versions with PSK > + certs + resumption etc., I think it's worth suggesting that TLS 1.2 > isn't worth it. To be clear in no way arguing TLS 1.2 should be required or anyone implementing servers or clients otherwise feel in any way compelled to support it. Only that it not be activly disallowed or discouraged. > TLS 1.3 (RFC8446) is 5 years old. It will likely be 6-7 years old by > the time we issue "standards track" RADIUS/TLS documents. I see it as > only problematic to continue support for old TLS versions. Not advocating anyone should have to support old TLS versions. My request is merely to require TLS 1.3 or later and say nothing about 1.2. regards, Peter
- [radext] I-D Action: draft-ietf-radext-tls-psk-03… internet-drafts
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Alan DeKok
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Alan DeKok
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Heikki Vatiainen
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Alan DeKok
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Heikki Vatiainen
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Michael Richardson
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Alexander Clouter
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Bernard Aboba
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Alan DeKok
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Peter Deacon
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Valery Smyslov
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Alexander Clouter
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Bernard Aboba
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Alan DeKok
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Bernard Aboba
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Alan DeKok
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Valery Smyslov
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Heikki Vatiainen
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Alan DeKok
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Peter Deacon
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Alan DeKok
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Alan DeKok
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Alan DeKok
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Alan DeKok
- Re: [radext] I-D Action: draft-ietf-radext-tls-ps… Peter Deacon