Re: [radext] TLS-PSK and RADIUS/(D)TLS - MTI trust models

Margaret Cullen <mrcullen42@gmail.com> Sun, 13 August 2023 17:38 UTC

Return-Path: <mrcullen42@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51D78C14F74E for <radext@ietfa.amsl.com>; Sun, 13 Aug 2023 10:38:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.858
X-Spam-Level:
X-Spam-Status: No, score=-1.858 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BaXuJlTegIDi for <radext@ietfa.amsl.com>; Sun, 13 Aug 2023 10:38:15 -0700 (PDT)
Received: from mail-qt1-x831.google.com (mail-qt1-x831.google.com [IPv6:2607:f8b0:4864:20::831]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7901C14F74A for <radext@ietf.org>; Sun, 13 Aug 2023 10:38:15 -0700 (PDT)
Received: by mail-qt1-x831.google.com with SMTP id d75a77b69052e-40fe9c38800so21875061cf.0 for <radext@ietf.org>; Sun, 13 Aug 2023 10:38:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691948294; x=1692553094; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=xp6zBCww41QNg6iMOUd2D6WVwy7JmbIMl9T/tx33Qi4=; b=WNnpXWh4bGBd1reyrR3QA/ed1yRJ409s4LMUSQrA2CwqrExG5VpVk5c+jUwAsJmb2e /d1MvoBD716iyXyW9RhLZI4Gta6sxlxB95eMrwSPw6k6nIAP6bkS2d7ZmEc+RDr/xVSr mER9Avf6ydkCAOX6soJuvsHYTA2AGV3AYi0dSAYoMIN7bGnuS1x0oXbdabU3FlgpkLX8 7TOTa4ZheR0hJP8fCSZCgDYP5X9GFTrrTl8qU7zHm1T4goZSS7rjCQakqi6JyjPhkMKF iEMGvp20UWTgTz3fCGaA0Z5S5+ya2ECnnAF/8bgYYXJvZZ9Ymmq255h3BxDn1bCZpnno 2JCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691948294; x=1692553094; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xp6zBCww41QNg6iMOUd2D6WVwy7JmbIMl9T/tx33Qi4=; b=Hy3HX6RKMIXkPEZxX5u9muG6XHpxduLWieChpHqw9V6trnvINqzUkijema08RicCPv RYSrpaRM0BD1Ternf4fbkz63qRrGKey/rn9AakrUjgXw2f3TKptITiS00sQWSYI9FnzB EnKOSwTs4eHeLzUGJL/cScBn+yJDGBAnBpddWzgu3qaR89LWxqBC0pFSvK+A9Z+WtVr3 NxXSYz+PynIi2Fn0uNieMC34P7HCpUrTTyWJvdpdO0vt6/QKo5c2ptI5wEizTmMuPK0Z 1XNAFxgW6xSMTQS7JC5rIxooZtERoVqTrwfGk/77Y6kFIELV5SfMIksrrCXMivSazZoV qx3Q==
X-Gm-Message-State: AOJu0Yx0CE/KGC6LE3bgzsU6+SH8zMpEQyV/jTqj+Y5/Nbj4NDO4ilPy 8JzfWrhgNmmksu8vNBPMVzn+gpbK9Gg=
X-Google-Smtp-Source: AGHT+IF2UZk94NrDIuaxezsnuV1nrSNkl3ijiPP/XQSAYJPLFySOTldRugVjim+/OqPMWmnbusAWtw==
X-Received: by 2002:a05:622a:209:b0:40e:6f1:3d38 with SMTP id b9-20020a05622a020900b0040e06f13d38mr10445678qtx.8.1691948294307; Sun, 13 Aug 2023 10:38:14 -0700 (PDT)
Received: from smtpclient.apple ([2601:18c:503:9630:dd99:fac1:f7b7:b661]) by smtp.gmail.com with ESMTPSA id x11-20020ae9e90b000000b0076d08d5f93asm2490985qkf.60.2023.08.13.10.38.13 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 13 Aug 2023 10:38:13 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Margaret Cullen <mrcullen42@gmail.com>
Mime-Version: 1.0 (1.0)
Date: Sun, 13 Aug 2023 13:38:02 -0400
Message-Id: <CD310A93-BAEA-47AF-B0F4-F72F59E12E11@gmail.com>
References: <368D0314-E535-4176-A844-1FA378A4A1AA@deployingradius.com>
Cc: Josh Howlett <josh.howlett@gmail.com>, Jan-Frederik Rieckers <rieckers@dfn.de>, radext@ietf.org
In-Reply-To: <368D0314-E535-4176-A844-1FA378A4A1AA@deployingradius.com>
To: Alan DeKok <aland@deployingradius.com>
X-Mailer: iPhone Mail (20F75)
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/BHediwWoPQfzwYhEmwzwmqNOREE>
Subject: Re: [radext] TLS-PSK and RADIUS/(D)TLS - MTI trust models
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Aug 2023 17:38:16 -0000

> That is a tried and true RADIUS tradition.  "I know the RFCs say to do X, but I'll just do something else instead."

That tradition extends well beyond RADIUS, unfortunately.

> DTLS is a lot more difficult.  I blame some of that on OpenSSL weirdness.  Their DTLS implementation has best been described as "alpha" for a long time.

This is the reason for my concern with mandating that servers implement DTLS.  

I am mostly okay with mandating that servers implement TLS-PSK, because it is not a major addition and it makes for a more complete, more useful RADIS/TLS server. 

I think RADIUS/DTLS is an awful lot to expect, though — especially because I don’t see any evidence that RADIUS/DTLS will ever be widely implemented or used.  Do you?

Many protocols that run over TLS don’t have a DTLS equivalent defined, at all.  Is there some important advantage that RADIUS/DTLS offers that RADIUS/TLS does not?  Is that advantage sufficient to warrant mandating both in every server implementation?

>  There's good reason for that, of course.  But I think it's best to document the system we need, rather than the system we have.

I absolutely agree with this when it comes to documenting good protocol behavior, ways to avoid known issues, etc.  I don’t think it extends to mandating the implementation of an entirely separate protocol.

> The alternative is to never fix RADIUS, or to give bad implementations a free pass.

Is there a reason that you think a RADIUS/TLS-only server would be a bad implementation, and that it would  become a good implementation if it also implemented RADIUS/DTLS?

Margaret