Re: [radext] I-D Action: draft-ietf-radext-tls-psk-02.txt

Heikki Vatiainen <hvn@radiatorsoftware.com> Sun, 20 August 2023 16:34 UTC

Return-Path: <hvn@radiatorsoftware.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03714C14CEFF for <radext@ietfa.amsl.com>; Sun, 20 Aug 2023 09:34:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.907
X-Spam-Level:
X-Spam-Status: No, score=-6.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=radiatorsoftware-com.20221208.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z1R6fnOuRN0V for <radext@ietfa.amsl.com>; Sun, 20 Aug 2023 09:34:36 -0700 (PDT)
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09716C14F74E for <radext@ietf.org>; Sun, 20 Aug 2023 09:34:35 -0700 (PDT)
Received: by mail-ed1-x52e.google.com with SMTP id 4fb4d7f45d1cf-51d95aed33aso3195830a12.3 for <radext@ietf.org>; Sun, 20 Aug 2023 09:34:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=radiatorsoftware-com.20221208.gappssmtp.com; s=20221208; t=1692549273; x=1693154073; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=c405uyDh+qcgmSSG9BrGQT7GiEJBvznCpKsdIa4vD1k=; b=lO47l6w9VdFccHOUaGQJzxIBn0AGPGdQABoPiMUrkIg7+u7yrW9lZVktKwQTn/NKuT njvgZ3QhoeIuN9AGuBvt8/ysEQuaG1W+qch2aCjKq7C2PJjBH03/VAwub9KHCFABSvs5 Z3vvMiPXieivDl+w+yRZR5Qc7V9X8Vg4LNfqILpIGGwuFzbdOvSWMhGSI6+thuu4GihA IZndGzmeReZpa4A/eSpZkelh2ViTogf+3QkQKf8w2yKR3R0gR3NkrDAnHhP8V5Ia882d q7wVrV0lzZgmqne3pYKzLhFfufqvxzJXiyBuTJxZW9KzOolTEw7Gy4WYQfru3CraCQUV ZTqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692549273; x=1693154073; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=c405uyDh+qcgmSSG9BrGQT7GiEJBvznCpKsdIa4vD1k=; b=SXz+yVij58QaENLBCaMcIxaXAnH0QlE/S5j+D6gECMqfSRGQqA1L3cXcRoGhfpyhbp VqaGeU/kif3ldPIZzh+SE0aOtGnuH19uKpF+vYhWnmaRmFV5W6tBm33lF+l7zokkmzU8 cEXCQD6sE7/bSZ5TvBSIDA7zjzmA4pDMvs1HiZRBkNahXxrOSDFW6ksDLG4+iVZ0CslR ib1do9LH7qqC0pLlfV1FsuHO3sxk+IUlraw3g0ovF09uj6nqBoFmtbD+4vvC83R2kaHN YGUL5xzwXrsIQX05PO4Zznv5DL0oInFPGa2oaFvNKYWm6l878MjQnV4KDCQekBaCui0f 1ZrQ==
X-Gm-Message-State: AOJu0YynGyFZ1me1z/alKoWIAYEpGr6Qcdt0OT1347laf5Nj0yetsAIX +wlJ5Amj8fcOCw7fsH0b3ZbSnpwFIoBLn23fCmCMkK96h32LwaY4
X-Google-Smtp-Source: AGHT+IEztYOT5JnjVdXgg/x94L1y6PL9cCGjcsCBBm5aHHI4KF8U2NOo1M7y7/TCoQNSZLA7WI5CTWueRyzxTIMmXA8=
X-Received: by 2002:aa7:c48f:0:b0:522:3cf4:9d86 with SMTP id m15-20020aa7c48f000000b005223cf49d86mr3144704edq.33.1692549273447; Sun, 20 Aug 2023 09:34:33 -0700 (PDT)
MIME-Version: 1.0
References: <169238915704.56283.13664283366489431030@ietfa.amsl.com> <B2006538-89E0-46AC-9834-1854D586B3D3@deployingradius.com> <2060ecfc-65d0-47d0-9c41-edebf6478478@app.fastmail.com> <7FC7064B-0CFA-49D8-8D9E-46E260328DC6@deployingradius.com>
In-Reply-To: <7FC7064B-0CFA-49D8-8D9E-46E260328DC6@deployingradius.com>
From: Heikki Vatiainen <hvn@radiatorsoftware.com>
Date: Sun, 20 Aug 2023 19:34:17 +0300
Message-ID: <CAA7Lko8V9c4V1gyRw8WX=fmb+bZ6zaZLk-7NRCnVqZOe5ZYJAQ@mail.gmail.com>
To: radext@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/71dSvAUpbcHbcbl4-HbGdH2NPIc>
Subject: Re: [radext] I-D Action: draft-ietf-radext-tls-psk-02.txt
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Aug 2023 16:34:40 -0000

On Sun, 20 Aug 2023 at 15:56, Alan DeKok <aland@deployingradius.com> wrote:
>
> On Aug 20, 2023, at 2:49 AM, Alexander Clouter <alex+ietf@coremem.com> wrote:
> > "Implementations MUST use ECDH cipher suites", is this not meant to be "Implementations MUST support ECDH cipher suites" or because pinning cipher suites tends to not age well?
>
>   I'll fix that for sure this time.

Here's my suggestion:
- first, use IANA recommended ciphersuites; then
- with TLS 1.3 use "psk_dhe_ke" PSK key exchange mode
- with TLS 1.2 and earlier use ciphersuites that require ephemeral
keying. Currently a couple of TLS_(EC)DHE_ prefixed ciphersuites would
match the both requirements.

In other words, IANA recommended ciphersuites and ephemeral keying are
required. It depends on the TLS version (1.3 or earlier) how ephemeral
keying is expressed; based on the ciphersuite definition (TLS 1.2 and
earlier) or by requiring a suitable key exchange model (TLS 1.3).


Regarding my earlier question whether the text "Implementations MUST
use ECDH cipher suites" wants to mandate only ECDH or was the purpose
to require ephemeral keying, the question is related to the potential
DH problems summarised here:
   https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/

One of the mitigation suggestions is to disable DH and use only ECDH
with selected groups. But I'd say there's no need to go to this level
of detail in an RFC.

--
Heikki Vatiainen
hvn@radiatorsoftware.com