Review of draft-gaonkar-radext-erp-attrs-02.txt
Alan DeKok <aland@nitros9.org> Thu, 03 January 2008 05:11 UTC
Return-path: <owner-radiusext@ops.ietf.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JAIMx-0000vh-J8 for radext-archive-IeZ9sae2@lists.ietf.org; Thu, 03 Jan 2008 00:11:51 -0500
Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1JAIMw-0000in-L8 for radext-archive-IeZ9sae2@lists.ietf.org; Thu, 03 Jan 2008 00:11:51 -0500
Received: from majordom by psg.com with local (Exim 4.68 (FreeBSD)) (envelope-from <owner-radiusext@ops.ietf.org>) id 1JAIDx-0003KT-Ip for radiusext-data@psg.com; Thu, 03 Jan 2008 05:02:33 +0000
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on psg.com
X-Spam-Level:
X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,RDNS_NONE autolearn=no version=3.2.3
Received: from [216.240.42.17] (helo=deployingradius.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.68 (FreeBSD)) (envelope-from <aland@nitros9.org>) id 1JAIDR-0003HE-Bp for radiusext@ops.ietf.org; Thu, 03 Jan 2008 05:02:18 +0000
Received: from [192.168.0.14] (pas38-1-82-67-71-238.fbx.proxad.net [82.67.71.238]) by deployingradius.com (Postfix) with ESMTP id 1D928A71A3; Wed, 2 Jan 2008 21:01:50 -0800 (PST)
Message-ID: <477C6BFC.6040808@nitros9.org>
Date: Thu, 03 Jan 2008 06:00:44 +0100
From: Alan DeKok <aland@nitros9.org>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: 'radext mailing list' <radiusext@ops.ietf.org>, kgaonkar3@gatech.edu, Lakshminath Dondeti <ldondeti@qualcomm.com>, vidyan@qualcomm.com
Subject: Review of draft-gaonkar-radext-erp-attrs-02.txt
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-radiusext@ops.ietf.org
Precedence: bulk
X-Spam-Score: -4.0 (----)
X-Scan-Signature: ff03b0075c3fc728d7d60a15b4ee1ad2
I've read the draft, and have a few comments. These attributes can be used by a visited network entity to request a key from the home network and the home domain to deliver the key to the visited network entity Why is the visited network requesting keys? Is the user involved in this request? Does the user know that the visited network is requesting keys on his behalf? These issues are referenced in the security section. However, that section says that channel bindings *may* be necessary. It looks to me like they are required to avoid a large class of security / information leakage. The key-request attribute contains the requesting entity's identity and the type of the key being requested. Why is it necessary to have the requesting entities identity? Can multiple servers in a proxy chain make requests at the same time? If so, why? What benefit does this serve? The key-response attribute contains the requesting entity's identity, the type of the key, the key itself, its length, name and lifetime. Are key lifetimes different from user session lifetimes? RADIUS already has support for Session-Timeout, which would seem to put an upper limit on key lifetimes, at least for one session. Are these keys to be cached across multiple user sessions? If so, this document should say. [ key request attribute ] The Requesting Entity's Identity is to be copied in the corresponding Key-Response attribute. The following section says that the response MAY include the identity. That section then says the identity "is to be included". The text should agree with itself. The next section says that the identity can be only 192 octets in length, but that limitation is not discussed here. It should be. The guidelines document discusses packing multiple fields into one attribute: http://www.ietf.org/internet-drafts/draft-ietf-radext-design-02.txt The document doesn't say whether or not only one key-request attribute is permitted in an Access-Request. If only one is permitted, then all of the packed fields in both attributes MUST be broken out into separate attributes. That will enable legacy implementations to deal with the attributes. i.e. not only support them, but enforce policies based on them. What is the purpose of the "key name" field? This document doesn't say, and it doesn't refer to other documents which could explain the utility of that field. Including a key name in a key response attribute would seem to indicate that more than one key response is permitted in an Access-Accept. If so, this needs to be explained, including use-cases. If not, the key name is not needed. A stricter version of RFC 3756 requirements apply for RADIUS messages carrying Key-Response Attribute(s). Implementations of this specification MUST support IPsec along with IKEv2 for key management. IPsec ESP with a non-null transform MUST be supported, and IPsec ESP with a non-null encryption transform and authentication support is necessary to provide per-packet confidentiality, authentication, integrity and replay protection. This requirement imposes a heavy burden on any implementation of this proposal. Most existing RADIUS EAP deployments do not use IPSec as a transport layer. I also question the necessity for exposing the DSRK "in the clear" to all parties in the AAA conversation. i.e. in a proxy environment, entities who transport the traffic do NOT request the key, but can see it "in the clear". Not only that, but they can modify the key without detection, as the key is not authenticated. This issue is not discussed in the security section. It would also appear to be a fatal flaw in this proposal: keys being exposed to entities that don't need to see the key, and lack of integrity checks on the keys themselves. I question why the visited *network* needs the DSRK, as opposed to the visited *NAS*. This document does not discuss any use-cases or requirements that would make this distinction clear. From what I see, only the NAS requires access to any keying material. For security, we can presume that the keys are opaque to everyone on the network other than the user and the home server which authenticates that user. Anyone else needing access to those keys can prove their need to either the user, or to the home server. And in general, no one needs to get the key from the home server, Since the NAS is already in direct contact with the user, it becomes clear that the NAS can ask the user how to interpret any keying material it has. Since that keying material is opaque to everyone else, there is no security issue with it being exposed, because it has no useful information. Since that keying material is opaque, anyone and everyone with access to it can cache it. See the following message for a short exposition of the concepts outlined above: http://ops.ietf.org/lists/radiusext/2007/msg01001.html That proposal would seem to meet the requirements outlined for this document, from what I can understand. (The requirements and use-cases outlined here are unclear). That proposal can be modified to include key lifetime, if necessary. That proposal avoids all of the security issues inherent in this design. For this proposal to move forward, it needs to have clearer use-cases and requirements. And it needs to address the security issues that are currently fatal flaws. Alan DeKok. -- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>
- Review of draft-gaonkar-radext-erp-attrs-02.txt Alan DeKok
- Re: [HOKEY] Review of draft-gaonkar-radext-erp-at… Alan DeKok
- RE: [HOKEY] Review of draft-gaonkar-radext-erp-at… Narayanan, Vidya
- Re: [HOKEY] Review of draft-gaonkar-radext-erp-at… Alan DeKok
- RE: [HOKEY] Review of draft-gaonkar-radext-erp-at… Dan Harkins
- RE: [HOKEY] Review of draft-gaonkar-radext-erp-at… Narayanan, Vidya
- Re: [HOKEY] Review of draft-gaonkar-radext-erp-at… Bernard_Aboba
- AAA Routing with EAP-ER Hannes Tschofenig
- RE: [HOKEY] Review of draft-gaonkar-radext-erp-at… Dan Harkins
- RE: [HOKEY] Review of draft-gaonkar-radext-erp-at… Bernard Aboba
- RE: AAA Routing with EAP-ER Bernard Aboba
- Re: [HOKEY] Review of draft-gaonkar-radext-erp-at… Dan Harkins
- Re: [HOKEY] Review of draft-gaonkar-radext-erp-at… Yoshihiro Ohba
- RE: [HOKEY] Review of draft-gaonkar-radext-erp-at… Narayanan, Vidya
- Re: [HOKEY] Review of draft-gaonkar-radext-erp-at… Yoshihiro Ohba
- Re: [HOKEY] Review of draft-gaonkar-radext-erp-at… Yoshihiro Ohba
- Re: [HOKEY] Review of draft-gaonkar-radext-erp-at… Yoshihiro Ohba
- Re: [HOKEY] Review of draft-gaonkar-radext-erp-at… Alan DeKok
- Re: AAA Routing with EAP-ER Hannes Tschofenig