Re: [radext] #148: Review of dynamic-discovery by Jim Schaad
Stefan Winter <stefan.winter@restena.lu> Mon, 04 March 2013 15:46 UTC
Return-Path: <stefan.winter@restena.lu>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73C8621F8C23 for <radext@ietfa.amsl.com>; Mon, 4 Mar 2013 07:46:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2VuKxzbC2vR4 for <radext@ietfa.amsl.com>; Mon, 4 Mar 2013 07:46:45 -0800 (PST)
Received: from smtprelay.restena.lu (smtprelay.restena.lu [IPv6:2001:a18:1::62]) by ietfa.amsl.com (Postfix) with ESMTP id 3924C21F8C20 for <radext@ietf.org>; Mon, 4 Mar 2013 07:46:42 -0800 (PST)
Received: from smtprelay.restena.lu (localhost [127.0.0.1]) by smtprelay.restena.lu (Postfix) with ESMTP id 1B2F5107B5; Mon, 4 Mar 2013 16:46:41 +0100 (CET)
Received: from [IPv6:2001:a18:1:8:a052:157:aa11:9a4b] (unknown [IPv6:2001:a18:1:8:a052:157:aa11:9a4b]) by smtprelay.restena.lu (Postfix) with ESMTPS id 0B953106C2; Mon, 4 Mar 2013 16:46:41 +0100 (CET)
Message-ID: <5134C1DD.1020204@restena.lu>
Date: Mon, 04 Mar 2013 16:46:37 +0100
From: Stefan Winter <stefan.winter@restena.lu>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130215 Thunderbird/17.0.3
MIME-Version: 1.0
To: Jim Schaad <ietf@augustcellars.com>
References: <065.a122826c6d7c009295065142646863ee@trac.tools.ietf.org> <512E23F3.3000307@restena.lu> <026f01ce152a$f24ceb20$d6e6c160$@augustcellars.com>
In-Reply-To: <026f01ce152a$f24ceb20$d6e6c160$@augustcellars.com>
X-Enigmail-Version: 1.5.1
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="----enig2JVKXVLUBDWVALANUNHIL"
X-Virus-Scanned: ClamAV
Cc: radext@ietf.org
Subject: Re: [radext] #148: Review of dynamic-discovery by Jim Schaad
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2013 15:46:46 -0000
Hi, > This depends on specific properties of the EAP method being used. It would > not be true for a simple user name/password EAP method. I don't know that > there is anything that would prevent a man-in-the-middle attack from > occurring in this situation would might result in leaked credentials and no > failure for the EAP peer to know about. > > See Sam's draft in the EMU WG for more details. We (eduroam) require EAP methods capable of mutual authentication (typically by the EAP server presenting a server certificate) and require users to validate the server-side identity. It is well possible that some users neglect to configure the proper checks, and yes, these would be fooled into connecting to a different EAP server than expect. It is though, to a very large extent, their own fault then. But this is a bit of side-track issue not terribly relevant for the spec. >> That is a decision for a deployer of the algorithm to make though: the >> security considerations say that it's only safe with DNSSEC - which is > true; >> every deployer is free to draw his own consequences from that. > > Given the presence of the second sentence in the paragraph that is not a > statement that I heard from the Security Considerations. Okay, I've made it more explicit in my current working copy: 3. Security Considerations The results from the execution of this algorithm are only trustworthy if each of the lookup steps by the name resolution library were cryptographically secured; i.e. if DNSSEC validation was turned on during the resolution AND all of the records were in a DNSSEC signed zone AND validation of all those records was successful. >> We've investigated the opportunities of DANE and it seems much rather >> like: DANE ignores the possibility that TLS handshakes can be mutual. >> Which is a bummer for things like RADIUS/TLS which /require/ mutual auth. > > I don't know that I agree with this. A very simple way to use DANE for this > would be > > Server gets client certificate > Server extracts client DNS name from certificate > Server does a TLSA lookup on the client DNS name and sees if it matches the > certificate given per DANE rules > > Assuming that we are looking a this being a generic proxy, that information > is going to be in the DNS for lookups back. Sure; it's not rocket science to specify this. It just hasn't been done; and I would find it undue for this document to invent something on its own. The proper place for such work would IMHO be in DANE for the generic use of TLS client authentication. It would be easy to refer to such a spec and make it a suggested way of verifying TLS keys. I've added the following text to my working copy' Security Consideration to make all this spelt out explicitly: The use of DNSSEC allows to verify TLS keys inside the DNS using DANE. It is in principle possible to use DANE and TLSA records to verify the authenticity, and possibly the authorisation of, a discovered RADIUS server by the RADIUS client which executed the algorithm. However, RADIUS/TLS and RADIUS/DTLS require mutual authentication; i.e. the RADIUS client's authenticity and authorisation are also verified by the RADIUS server as the client establishes the TLS connection. The DANE specification does not currently include a mechanism regarding the validation of a TLS credential of a client as it connects to a server (there is not per se a DNS label for which to do TLSA lookups). This makes DANE in its current state unsuitable for TLS connections discovered with the algorithm in this specification. If client authentication gets covered by future DANE extensions, this situation may change. > However I was really only looking at the use of DANE in the same forward > direction that you are doing the discovery. This means that the mutual auth > question is an interesting one and should be discussed as a reason for > perhaps not using the DANE work. It is actually quite promising - but client verification being underspecified currently makes it incomplete. I'll very gladly look at things again when there is a TLS client verification spec! >> I'd say: unless ABFAB people want to have text about the dynamic >> negotiation of TLS-PSK keying material with this algorithm (some ABFABs > are >> known to read the radext list :-) ), I'd feel inclined to write that PSK > cipher >> suites are not appropriate for use with DNS-based dynamic discovery. > > Given that ABFAB is basically doing a completely different dynamic > negotiation, I would be inclined to state that don't use PSK is a reasonable > position. Good! I've deleted the mention of TLS-PSK from the security considerations; and clarified the dangers of not using DNSSEC: When using DNS without DNSSEC security extensions for at least one of the replies to NAPTR, SRV and A/AAAA requests as described in section Section 2, the resulting set O can not be trusted. RADIUS transports have an out-of-DNS-band means to verify that the discovery attempt led to the intended target: certificate verification using a PKI. If the result set from DNS discovery is not trusted, deployments need to take sufficient care to verify during the TLS session establishment that they communicate with a peer they expect and deem authorised for RADIUS datagram exchange in their roaming environment. (The last sentence is a cliffhanger to add MTI text how to do this, depending on the outcome of the other discussion in the thread with Sam) Greetings, Stefan > > Jim > >> >> Greetings, >> >> Stefan Winter >> >> -- >> Stefan WINTER >> Ingenieur de Recherche >> Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de >> la Recherche 6, rue Richard Coudenhove-Kalergi >> L-1359 Luxembourg >> >> Tel: +352 424409 1 >> Fax: +352 422473 > > -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
- [radext] #148: Review of dynamic-discovery by Jim… radext issue tracker
- Re: [radext] #148: Review of dynamic-discovery by… Stefan Winter
- Re: [radext] #148: Review of dynamic-discovery by… Sam Hartman
- Re: [radext] #148: Review of dynamic-discovery by… Stefan Winter
- Re: [radext] #148: Review of dynamic-discovery by… Sam Hartman
- Re: [radext] #148: Review of dynamic-discovery by… Jim Schaad
- Re: [radext] #148: Review of dynamic-discovery by… Stefan Winter
- Re: [radext] #148: Review of dynamic-discovery by… Sam Hartman
- Re: [radext] #148: Review of dynamic-discovery by… Stefan Winter
- Re: [radext] #148: Review of dynamic-discovery by… Stefan Winter
- Re: [radext] #148: Review of dynamic-discovery by… Sam Hartman
- Re: [radext] #148: Review of dynamic-discovery by… Jim Schaad
- Re: [radext] #148: Review of dynamic-discovery by… Jim Schaad
- Re: [radext] #148: Review of dynamic-discovery by… Jouni Korhonen
- Re: [radext] #148: Review of dynamic-discovery by… Stefan Winter
- Re: [radext] #148: Review of dynamic-discovery by… Stefan Winter
- Re: [radext] #148: Review of dynamic-discovery by… Sam Hartman
- Re: [radext] #148: Review of dynamic-discovery by… radext issue tracker
- Re: [radext] #148: Review of dynamic-discovery by… Stefan Winter
- Re: [radext] #148: Review of dynamic-discovery by… Sam Hartman
- Re: [radext] #148: Review of dynamic-discovery by… Stefan Winter
- Re: [radext] #148: Review of dynamic-discovery by… Sam Hartman
- Re: [radext] #148: Review of dynamic-discovery by… Stefan Winter
- Re: [radext] #148: Review of dynamic-discovery by… Jim Schaad
- Re: [radext] #148: Review of dynamic-discovery by… Jim Schaad
- Re: [radext] #148: Review of dynamic-discovery by… Stefan Winter
- Re: [radext] #148: Review of dynamic-discovery by… radext issue tracker