IETF Logo Mail Archive

Re: [radext] Proposed charter text based on IETF-115 BoF

Alan DeKok <aland@deployingradius.com> Tue, 22 November 2022 15:51 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AF67C1522B4 for <radext@ietfa.amsl.com>; Tue, 22 Nov 2022 07:51:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jX-Dbhs0XONu for <radext@ietfa.amsl.com>; Tue, 22 Nov 2022 07:51:10 -0800 (PST)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E66DC14CE4E for <radext@ietf.org>; Tue, 22 Nov 2022 07:51:09 -0800 (PST)
Received: from smtpclient.apple (135-23-95-173.cpe.pppoe.ca [135.23.95.173]) by mail.networkradius.com (Postfix) with ESMTPSA id 97FFE29F; Tue, 22 Nov 2022 15:51:07 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <CAOW+2dswxm5mcjayPjqK6VHQexG2iimfPnrcqTC2VR-iAvXNxQ@mail.gmail.com>
Date: Tue, 22 Nov 2022 10:51:06 -0500
Cc: Peter Deacon <peterd@iea-software.com>, Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org>, "radext@ietf.org" <radext@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <E8A62A03-A43C-4E4E-B337-7713978F5476@deployingradius.com>
References: <FD0507D4-2C1D-478A-97E0-ECEEF1A5613B@deployingradius.com> <E82B0ECD-4580-4F35-B07B-35685CFC5C44@aiven.io> <883f3572-121f-5ed8-7378-1a91c5525f88@iea-software.com> <CAOW+2dswxm5mcjayPjqK6VHQexG2iimfPnrcqTC2VR-iAvXNxQ@mail.gmail.com>
To: Bernard Aboba <bernard.aboba@gmail.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/8lgkZh9IoYVgzc5nzxR8uilQdvo>
Subject: Re: [radext] Proposed charter text based on IETF-115 BoF
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Nov 2022 15:51:14 -0000

On Nov 22, 2022, at 10:38 AM, Bernard Aboba <bernard.aboba@gmail.com> wrote:
> [BA] That's my take as well.  RADIUS over (D)TLS won't need MD5 in the authenticator anyway, so why not specify how to avoid this usage within the specs?  Why is it necessary to define an entirely new protocol??

  RFC 6614 (TLS) and RFC 7360 (DTLS) both mandate the use of packet signing with MD5, and the shared secret of "radsec".  See https://www.rfc-editor.org/rfc/rfc6614#section-2.3

   4.  start exchanging RADIUS datagrams (note Section 3.4 (1)).  The
       shared secret to compute the (obsolete) MD5 integrity checks and
       attribute encryption MUST be "radsec" (see Section 3.4 (2)).

  If we wanted to remove MD5 from TLS/DTLS transports, the time to do it would have been when those standards we published.  I must confess I was one of the people saying "meh, leave MD5 in TLS transport".  In hindsight, that decision looks to be wrong.

  I'm not sure that we want to re-define the meaning of RADIUS/TLS and RADIUS/DTLS to allow for removal of MD5 from RADIUS packet signing.  It's not clear how we would modify those protocols to allow for secure negotiation of "use MD5 or not".

  If such negotiation was possible, it would be subject to down-bidding attacks.  It could be difficult to debug interoperability issues.

  The SRADIUS proposal doesn't just say "remove MD5".  It also requests a new port from IANA.  At which point there is no negotiation of capabilities, and no confusion over what traffic on that port means.

  If we can find a way to re-use port 2083 for "RADIUS without MD5", I'm all for it.  But I'd like to see how we can implement and deploy that without breaking existing systems.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email