Re: [radext] RADIUS/TLS with NULL cipher suites

Alan DeKok <aland@deployingradius.com> Mon, 28 August 2023 01:05 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12888C151075 for <radext@ietfa.amsl.com>; Sun, 27 Aug 2023 18:05:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8zZP0ufg-_Wi for <radext@ietfa.amsl.com>; Sun, 27 Aug 2023 18:05:26 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8054C14E515 for <radext@ietf.org>; Sun, 27 Aug 2023 18:05:25 -0700 (PDT)
Received: from smtpclient.apple (135-23-95-173.cpe.pppoe.ca [135.23.95.173]) by mail.networkradius.com (Postfix) with ESMTPSA id 6AB6351D; Mon, 28 Aug 2023 01:05:22 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <4516BEAF-3922-40F8-A15D-C3D648912D25@jisc.ac.uk>
Date: Sun, 27 Aug 2023 21:05:22 -0400
Cc: "radext@ietf.org" <radext@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1A085D71-030C-4A04-BE2D-4BEEB92D0B3C@deployingradius.com>
References: <ACDF13CC-1529-49EE-8251-7BB7AEE9DED3@deployingradius.com> <4516BEAF-3922-40F8-A15D-C3D648912D25@jisc.ac.uk>
To: Stefan Paetow <Stefan.Paetow=40jisc.ac.uk@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/N4gC-o8ua95TXmE0I9xV-TWJZrU>
Subject: Re: [radext] RADIUS/TLS with NULL cipher suites
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Aug 2023 01:05:29 -0000

On Aug 27, 2023, at 8:49 PM, Stefan Paetow <Stefan.Paetow=40jisc.ac.uk@dmarc.ietf.org> wrote:
> 
> Just out of interest...
> 
> Do we know which directorate inside the EU is responsible for this? This definitely should be raised there. I guess this is industry (SCADA industry to be precise) trying to head off regulation of their systems security? It's daft to say the least!

  The International Electrotechnical Commission.

  There is some text which somewhat addresses the security issues:

	• Any cipher suite that specifies NULL for encryption shall not be used for communication outside the administrative domain if the encryption of this communication connection by other means cannot be guaranteed.

  But that doesn't really help.  Given that RFC 6614 suggests the use of a fixed shared secret "radsec", this means that anyone in your local domain can see and decode the User-Password.

  Furthermore text says:

	• The application of no-encrypting cipher suites allows for traffic inspection, while still retaining an end-to- end authentication and integrity protection of the traffic.

  They also allow the following cipher suites for TLS 1.3:

	• –  TLS_SHA256_SHA256 (RFC 9150)
	• –  TLS_SHA384_SHA384 (RFC 9150)

  If there is a need to monitor traffic, just use RADIUS/UDP.  RADIUS/TLS with NULL encryption is worse than UDP in every possible way.

  The document contains no warnings that the use of "radsec" as a shared secret will result in compromised passwords.  I think whatever committee put the document together didn't have a clear grasp of the issues involved.

  I believe that 6614bis needs to be updated to address these issues.

  Alan DeKok.