[radext] Re: Selfie Attack on TLS-PSK

Alan DeKok <aland@deployingradius.com> Thu, 25 July 2024 22:57 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68DB3C14F5E9 for <radext@ietfa.amsl.com>; Thu, 25 Jul 2024 15:57:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2xSB4PCWfjJt for <radext@ietfa.amsl.com>; Thu, 25 Jul 2024 15:57:12 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64D2BC14EB17 for <radext@ietf.org>; Thu, 25 Jul 2024 15:55:50 -0700 (PDT)
Received: from smtpclient.apple (dhcp-8fa9.meeting.ietf.org [31.133.143.169]) by mail.networkradius.com (Postfix) with ESMTPSA id B48D1893; Thu, 25 Jul 2024 22:55:47 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <3CB916DF-48E0-4CD1-826B-18ED98BBE118@gmail.com>
Date: Thu, 25 Jul 2024 15:55:45 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <2F24206F-B2AC-4D83-8CE5-7A74B96DD333@deployingradius.com>
References: <0265E702-4220-42F5-9B42-DD8DB0F44EDE@deployingradius.com> <3CB916DF-48E0-4CD1-826B-18ED98BBE118@gmail.com>
To: Margaret Cullen <mrcullen42@gmail.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Message-ID-Hash: APJITKHUBZMT52TVRUXG3H6ZTGUMRF3J
X-Message-ID-Hash: APJITKHUBZMT52TVRUXG3H6ZTGUMRF3J
X-MailFrom: aland@deployingradius.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-radext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: josh.howlett@gmail.com, Bernard Aboba <bernard.aboba@gmail.com>, radext@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [radext] Re: Selfie Attack on TLS-PSK
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/KF15Nj7u5RQnXV8cJLy2jxkQjpw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Owner: <mailto:radext-owner@ietf.org>
List-Post: <mailto:radext@ietf.org>
List-Subscribe: <mailto:radext-join@ietf.org>
List-Unsubscribe: <mailto:radext-leave@ietf.org>

On Jul 25, 2024, at 3:43 PM, Margaret Cullen <mrcullen42@gmail.com> wrote:
> As I understood Stefan’s message, he was talking about copying the raw packet as received from the transport, not proxying the packet as you described.  I don’t know why this would be done, nor do I know of anyone who is doing it. I’m assuming Stefan does, because he brought this up as a use case for why binding the TLS and RADIUS layers would be undesirable.

  If a system is copying raw packets, then all bets are off.

> I was attempting to point out that security implications of “dumb copying” a RadSec packet (with a secret of “radsec”) are different than the implications of dumb copying a RADIUS/UDP packet (with a non-constant secret), because in the RadSec case, the contents can be converted to plaintext using the “radsec” secret value, but in the RADIUS/UDP, you need to crack MD5 to see the full contents.
> 
> That _is_ a _real_ difference.  Without knowing who is doing “dumb copying” in what situations, we can’t know if it is a significant difference.

  I would argue that raw copying is forbidden, and is outside of the scope of normal RADIUS practices.  It's not something I would worry about.

  People can always do bad things, and we can't always prevent them.

  Alan DeKok.