IETF Logo Mail Archive

Re: [radext] BoF request for IETF 115

Stefan Winter <stefan.winter@restena.lu> Wed, 28 September 2022 07:11 UTC

Return-Path: <stefan.winter@restena.lu>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51289C14CE3B for <radext@ietfa.amsl.com>; Wed, 28 Sep 2022 00:11:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23mTFi9aBi37 for <radext@ietfa.amsl.com>; Wed, 28 Sep 2022 00:11:26 -0700 (PDT)
Received: from smtprelay.restena.lu (smtprelay.restena.lu [IPv6:2001:a18:1::62]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65EEEC14CE2F for <radext@ietf.org>; Wed, 28 Sep 2022 00:11:25 -0700 (PDT)
Received: from smtprelay.restena.lu (localhost [127.0.0.1]) by smtprelay.restena.lu (Postfix) with ESMTP id 8C86830288B for <radext@ietf.org>; Wed, 28 Sep 2022 07:11:20 +0000 (UTC)
Received: from [IPV6:2001:a18:1:10:9d36:264:75a8:a3d6] (unknown [IPv6:2001:a18:1:10:9d36:264:75a8:a3d6]) by smtprelay.restena.lu (Postfix) with ESMTPSA id 7EEEC302885 for <radext@ietf.org>; Wed, 28 Sep 2022 07:11:20 +0000 (UTC)
Message-ID: <41dc9d36-7601-8628-851c-7e171cbd6125@restena.lu>
Date: Wed, 28 Sep 2022 09:11:20 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.13.0
Content-Language: en-US
To: radext@ietf.org
References: <CAOW+2ds134ZJ+somFXsL=27=pvtUT2hNU6G9_8cpM3VoWEcN9Q@mail.gmail.com> <ab874879-3cdd-6cdb-e9a0-07a405272088@iea-software.com> <788eea99-21ab-4cc7-8e3e-67a2f8f480d6@www.fastmail.com> <F773A4A3-99C3-4216-8813-45DA5606B8C9@deployingradius.com>
From: Stefan Winter <stefan.winter@restena.lu>
In-Reply-To: <F773A4A3-99C3-4216-8813-45DA5606B8C9@deployingradius.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-AV-Checked: ClamAV using ClamSMTP
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/NGOt1huugsHYuvTtRtoyW4N8Mhw>
Subject: Re: [radext] BoF request for IETF 115
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Sep 2022 07:11:28 -0000

Hi,


> TBH, we should just deprecate PSKs. Perhaps allow the use of a PSK, 
> but mark it as NOT RECOMMENDED. And require that all implementations 
> MUST support client certificates. That won't solve the problem, but it 
> will at least embarrass insecure implementations. 

 From what I see in operations, the biggest problem people have with certificates seems to be that they have an expiry date you need to attend to.

Configure a client->server with a shared secret or PSK: it will keep running forever

Configure a client->server with an X.509 certificate: the connection will "totally unexpectedly and unpredictably" break when it reaches its Not-After. And the person that requested the original certificate x years ago has long left, and the knowledge about renewals is gone.

If PSKs are too low-entropy then one of the more recent public/private keypair constructs could be an alternative: RFC7250, "Using Raw Public Keys in TLS and DTLS".

This reduces "certificates" to the pure public/private keypair, with no expiry, no names in need of vetting, and able to meet all the expectations on entropy etc. It also integrates nicely into TLS, so no custom code beyond TLS itself is needed on client nor server.

Greetings,

Stefan Winter

-- 
This email may contain information for limited distribution only, please treat accordingly.

Fondation Restena, Stefan WINTER
Chief Technology Officer
2, avenue de l'Université
L-4365 Esch-sur-Alzette

v2.23.0 | Report a Bug | By Email