IETF Logo Mail Archive

Re: [radext] New draft: RFC6614bis (RADIUS/TLS)

Jan-Frederik Rieckers <rieckers@dfn.de> Fri, 28 October 2022 08:47 UTC

Return-Path: <rieckers@dfn.de>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F13EBC15258E for <radext@ietfa.amsl.com>; Fri, 28 Oct 2022 01:47:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.109
X-Spam-Level:
X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dfn.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7MwLWAtAfEFf for <radext@ietfa.amsl.com>; Fri, 28 Oct 2022 01:47:46 -0700 (PDT)
Received: from c1004.mx.srv.dfn.de (c1004.mx.srv.dfn.de [IPv6:2001:638:d:c303:acdc:1979:2:58]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89BA7C1524A2 for <radext@ietf.org>; Fri, 28 Oct 2022 01:47:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dfn.de; h= content-type:content-type:in-reply-to:organization:from:from :references:content-language:subject:subject:user-agent :mime-version:date:date:message-id:received; s=s1; t=1666946858; x=1668761259; bh=MgeJt3FCBMCBtznIHg9NVCnDA+0YDhfhIrjiRK+tbxc=; b= lKzlNuInB5OtpIswB1HED2DXTyX7Z3wKDjooA3DQYlMKuQ4leRcPV0xBrME18THd N0G57cTFzIFsePnqRysWCUWLZhtCJFkxVF3K0ugOC8COU7HX+tJ4IlArqz2QCBDm f1XzIPUNzRDkqjRaB9DWcJozT4zzNQwehtKd0tiM1BY=
Received: from mail.dfn.de (mail.dfn.de [194.95.245.150]) by c1004.mx.srv.dfn.de (Postfix) with ESMTPS id 47E201200D4; Fri, 28 Oct 2022 10:47:37 +0200 (CEST)
Received: from [IPV6:2001:638:d:1016::1000] (unknown [IPv6:2001:638:d:1016::1000]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits)) (No client certificate requested) by mspool2.srv.dfn.de (Postfix) with ESMTPSA id 79C31103; Fri, 28 Oct 2022 10:47:37 +0200 (CEST)
Message-ID: <5ac1c43d-9638-9d68-6e8f-d0f2c1137bd3@dfn.de>
Date: Fri, 28 Oct 2022 10:47:36 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.3.3
Content-Language: en-US
To: Peter Deacon <peterd@iea-software.com>, radext@ietf.org
References: <d9a015f8-60a7-8eb1-65e0-ea19633c3784@dfn.de> <ef1855a1-2417-b3b0-ba4d-729bc507f151@iea-software.com>
From: Jan-Frederik Rieckers <rieckers@dfn.de>
Organization: DFN e.V.
In-Reply-To: <ef1855a1-2417-b3b0-ba4d-729bc507f151@iea-software.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms020005050300050702050607"
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/8jmAnEyAxnB3v1qn8iauUx1SJwg>
Subject: Re: [radext] New draft: RFC6614bis (RADIUS/TLS)
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2022 08:47:51 -0000

Hi Peter, hi all,

(replying on-list to an off-list mail)

this is definitely an interesting idea, I'm not sure if there is an 
actual benefit.
If others have an opinion: Please feel free to tell me where and why I'm 
wrong ;)

See inline comments below.

Cheers,
Janfred

On 27.10.22 18:35, Peter Deacon wrote:
> On Mon, 24 Oct 2022, Jan-Frederik Rieckers wrote:
> 
>> Hi to all,
> 
>> I have submitted a draft to re-specify RADIUS/TLS, as intended by the 
>> proposed radextra charter. (Moving RADIUS/TLS from experimental to 
>> proposed standard)
> 
>> For now, I have only put myself in the author section as editor, if 
>> any of the original RFC6614 authors are interested in helping, please 
>> let me know. (I have already spoken with Stefan Winter and he wanted 
>> to contribute text)
> 
>> Feedback welcome.
> 
> Hi Janfred,
> 
> Think it might be worth considering a slight change to "radsec" static 
> secrets.  There has been feedback on operational costs with deploying 
> PKI that can lead to PSK/PAKE being preferred.

I don't see exactly why this would be a bad thing. A PSK/PAKE with a 
strong password should be enough to secure the connection in the same 
way as certificates do.

> 
> For some likely to be little practical value in requiring overhead of 
> managing client certificates for every RADIUS client.
> 
> Typical solution for adding TLS to existing protocols is clients 
> authenticate servers via PKI while clients continue supporting existing 
> client authentication mechanisms over TLS.  Think it would be useful for 
> this to also be possible with RADIUS.

It definitely is an intriguing proposal, but it carries the problem, 
that certificate validation logic needs to be implemented in the clients 
either way.

And speaking from personal experience, if there is the possibility to 
click "Ignore certificate errors", people will do it, because they say 
"We have the security via the shared secret, we don't need this stupid 
SSL, it always breaks things" (using the term SSL with full intent here)

This of course is something, we can't control even with full mutual 
authentication with certificates, but it probably is harder, since you 
are more or less forced to exchange the certificate details with the 
admins of the peers, so they can configure their Radsec-Servers accordingly.
If you allow only server authentication, people will likely accept any 
server certificate, which would lead to possibility to 
middle-person-attacks and we would fall back to the "security" of RADIUS.

> 
> Static "radsec" would be maintained for mutually authenticated TLS 
> (client certs, PSK/PAKE..etc) yet for TLS where only server is 
> authenticated a shared secret and message authenticator would be 
> mandatory in order for server to authenticate client.
> 
> Security of RADIUS crypto does not matter in this case as TLS is used. 
> Secret need only have sufficient entropy to guard against online 
> guessing from IP authorized clients.
> 
> This has advantage of simplifying deployments using PKI especially when 
> matched with "reverse" connections for dynamic authorization.
> 
> Compatibility is improved as it more naturally fits existing client 
> configuration and allows clients to upgrade to TLS without additional 
> configuration such as assigning new keys or certificates to clients.
> 
> If interested I can send over some text.


I feel that with the possibility to use PSK, we have a good way to 
secure the transport and either way we would have to manage the PSKs (or 
shared secrets in your proposal) on the server, so adding server 
authentication via TLS just adds more configuration to the server side.

Having said that, I would like to add this:
I have an opinion, but no strong opinion (yet), so if there is feedback 
from the community with good arguments that this should be included, I 
would be open to adding it.



-- 
E-Mail: rieckers@dfn.de | Fon: +49 30884299-339 | Fax: +49 30884299-370
Pronomen: er/sein | Pronouns: he/him
__________________________________________________________________________________

DFN - Deutsches Forschungsnetz | German National Research and Education 
Network
Verein zur Förderung eines Deutschen Forschungsnetzes e.V.
Alexanderplatz 1 | 10178 Berlin
www.dfn.de

Vorstand: Prof. Dr. Odej Kao (Vorsitzender) | Dr. Rainer Bockholt | 
Christian Zens
Geschäftsführung: Dr. Christian Grimm | Jochem Pattloch
VR AG Charlottenburg 7729B | USt.-ID. DE 1366/23822

v2.23.0 | Report a Bug | By Email