[radext] Proposed Security Considerations Text

Margaret Cullen <mrcullen42@gmail.com> Fri, 26 July 2024 19:56 UTC

Return-Path: <mrcullen42@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CDC2C14F60E for <radext@ietfa.amsl.com>; Fri, 26 Jul 2024 12:56:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.859
X-Spam-Level:
X-Spam-Status: No, score=-1.859 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sqZkdGDrw5at for <radext@ietfa.amsl.com>; Fri, 26 Jul 2024 12:56:37 -0700 (PDT)
Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 177E3C14F5EE for <radext@ietf.org>; Fri, 26 Jul 2024 12:56:37 -0700 (PDT)
Received: by mail-pl1-x635.google.com with SMTP id d9443c01a7336-1fd70ba6a15so8870015ad.0 for <radext@ietf.org>; Fri, 26 Jul 2024 12:56:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722023796; x=1722628596; darn=ietf.org; h=to:date:message-id:subject:mime-version:content-transfer-encoding :from:from:to:cc:subject:date:message-id:reply-to; bh=ACxIRc/zZdgnAz5nbQkFUFcIU/vSjTj1JmrmGKXrrIk=; b=U9/uJU1HRelcWR1U496C0iNNrtP1oLiu0swbt1nFxurID5GrPEOhJKAdFDKerAC6hC MAppDtItlKA733ZrM2B9mXP50Q+ZTzf71TEG3OP5Hrfd1s6RKPqjpN2d3IJXKGVaP428 J6zhbGGx/RUBlkhn1Hbo3aVadi5T7l5iJ1txABJPbLhsFHbY5UWVYaaWXt+9SAhKZwhb lZBAcU+mAJomz0ufgAVJ98T8+cQy5ntHcCocND119jOLmrS6zyIola7y7weHm5blo7/R Va1wqs5Q9F3oVOZNr38EtnAlfrsb8gcHgB+mYXMb/satwhVqTX/KsoVa8a/RXgnoqv8l /DOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722023796; x=1722628596; h=to:date:message-id:subject:mime-version:content-transfer-encoding :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ACxIRc/zZdgnAz5nbQkFUFcIU/vSjTj1JmrmGKXrrIk=; b=F0fuoYsp6VKxhAc0J8vYsc4Q2D2ef8Gihx3MLuzZC/ALSqyyELr81MecYTEWfpXKXQ FQGC7q8baFRmvChActRmzdUm9exPT/oRH+vKdaXWiK2jYkGYM7pRK38QKQT3fUsoj/c5 0qEEbEZgYa/4xhpSY+I6dauc5eoqYsmn+it67e5KhXldZ1aYtAEVrOy33Ht9Gikr2JsS tOjXcqsYgAKZhijP+5YE2QIINbmPZeLRzaG4586r7FyrmathmmmrOX/o2ZJckPrn+Luc BCXwW66XIfYP7ZEYxuxvBFlLFhTkgHeofS2TuNrxE3aJd2qF0PXOiqcBVEZKFzpJaQAb mXzA==
X-Gm-Message-State: AOJu0YzQzuffwWzG3PQ0j+OoqwOFityCbLuVQnd+99aagGh6DoNL5TKa 7H5ejoggtoHG25zBjA5JpuZpufN7bj4pAhMGKUBXrVryVRdsAH14kztNXqpM
X-Google-Smtp-Source: AGHT+IGzENvEn3QipxpPKcm9WdZUtbTUob8gDF5xPOw25EuhDUlw2LvTZHQBEPwHuzpQNHhPEb5Igw==
X-Received: by 2002:a17:903:248:b0:1fb:58b8:2fbc with SMTP id d9443c01a7336-1ff04840dc2mr9723115ad.29.1722023795885; Fri, 26 Jul 2024 12:56:35 -0700 (PDT)
Received: from smtpclient.apple ([2001:67c:1232:144:ec07:97c2:d784:6450]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1fed7fbf285sm37422575ad.267.2024.07.26.12.56.35 for <radext@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 26 Jul 2024 12:56:35 -0700 (PDT)
From: Margaret Cullen <mrcullen42@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Message-Id: <D11A041B-99E4-4886-99C6-6A410D85B908@gmail.com>
Date: Fri, 26 Jul 2024 12:56:34 -0700
To: radext@ietf.org
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Message-ID-Hash: MJOCB2TQDWSMWAMJUY577JR5NVS2EB63
X-Message-ID-Hash: MJOCB2TQDWSMWAMJUY577JR5NVS2EB63
X-MailFrom: mrcullen42@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-radext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [radext] Proposed Security Considerations Text
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/ANYKHR1qSuJ76MyUn4icFIpGlU0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Owner: <mailto:radext-owner@ietf.org>
List-Post: <mailto:radext@ietf.org>
List-Subscribe: <mailto:radext-join@ietf.org>
List-Unsubscribe: <mailto:radext-leave@ietf.org>

[I am sending this message incomplete because the WG meeting is now…. I will pick it up again and add more on the way home or over the weekend.  Contributions very welcome!]


Hi All,

I am working on additional Security Considerations text for RADIUS/(D)TLS to capture the discussion we have been having for  the past couple of days.  Please note that I have written this text as though the text of the TLS-PSK document were included in RADIUS/(D)TLS, as we previously established WG consensus to incorporate it.

There are some places below where I need help knowing what to say…. Either because I lack specific knowledge or because I am unsure of how certain things will work.  

Please help!

—

X.1		Security implications of well-known “secret” value 

In addition to defining how a single RADIUS message transmitted over (D)TLS, this document specifies that the RADIUS “secret” value will be hard-coded to one of two well-known values (“radsec” of “radsec/dtls”).  The “secret” value is used for several things in RADIUS/UDP:

- authentication of a RADIUS peer,
- authorization of a RADIUS peer to assume a particular role (client, server, CoA sender, etc.)
- integrity protection of the message contents, and 
- hiding sensitive data in a RADIUS messages

X.1.1 	Authentication and Authorization of a RADIUS Peer

When a RADIUS/UDP message is received, the “secret” value and the remote IP address are used to authenticate the RADIUS peer.  Once the peer has been authenticated, the RADIUS server will look up the configured policy for that peer, and determine whether the peer is authorized to send the type of message that was just received.  Assuming authentication and authorization are successful, the RADIUS server will process the message.  Otherwise, it will be discarded.  Each RADIUS message is separately authenticated and authorized as it is received.

In RADIUS/(D)TLS, a peer is authenticated as part of TLS session establishment, because a TLS connection will not be established unless the peer has acceptable credentials.  When certificates are used, TLS authentication is established by the fact that a peer has a current, valid, unrevoked certificate where the value in <what field?> matches <what value?>.  When (D)TLS-PSK is used, TLS authentication is established when the peer has a PSK value that matches the PSK configured in the TLS configuration in use by RADIUS.  When a TLS connection has been established, the RADIUS layer will infer that authentication has been successful, .  How will be RADIUS layer determine the identity of the connected peer, so that authorization can be performed?

[Note:  We should probably also have something in the normative part of the RADIUS/(D)TLS document that explains what a RADIUS implementation should do, when RADIUS is run over (D)TLS, anywhere that RADIUS/UDP and/or other RADIUS-adjacent specifications (such as the CoA documents) indicate that implementations should “check the secret” for any reason, as that is not a useful thing to do in RADIUS/(D)TLS.]

X.1.2 	Integrity protection of messages

X.1.3	Hiding sensitive data in RADIUS message

X.2	Security implications of connection-based vs. per-packet authentication and authorization


X.3	Explanation of why TLS channel binding is not needed in RADIUS/(D)TLS

—
Anything to contribute to the above text? Any thoughts or questions?

Thank you in advance for your help,
Margaret






.