IETF Logo Mail Archive

Re: Review of draft-zorn-radius-keywrap

"Dan Harkins" <dharkins@lounge.org> Fri, 17 December 2010 21:33 UTC

Return-Path: <owner-radiusext@ops.ietf.org>
X-Original-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Delivered-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9A0893A6C43 for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Fri, 17 Dec 2010 13:33:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.265
X-Spam-Level:
X-Spam-Status: No, score=-6.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pLMJ5ShJ8eGt for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Fri, 17 Dec 2010 13:33:49 -0800 (PST)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 5E6063A6C42 for <radext-archive-IeZ9sae2@lists.ietf.org>; Fri, 17 Dec 2010 13:33:49 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-radiusext@ops.ietf.org>) id 1PThu4-000KHK-Pi for radiusext-data0@psg.com; Fri, 17 Dec 2010 21:31:52 +0000
Received: from colo.trepanning.net ([69.55.226.174]) by psg.com with esmtp (Exim 4.72 (FreeBSD)) (envelope-from <dharkins@lounge.org>) id 1PThu2-000KH6-EK for radiusext@ops.ietf.org; Fri, 17 Dec 2010 21:31:50 +0000
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 67ECE1022404C; Fri, 17 Dec 2010 13:31:48 -0800 (PST)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Fri, 17 Dec 2010 13:31:48 -0800 (PST)
Message-ID: <739c8ad72a2c6887ce2b0910c3a3b124.squirrel@www.trepanning.net>
In-Reply-To: <4D079C0D.5000608@deployingradius.com>
References: <4D079C0D.5000608@deployingradius.com>
Date: Fri, 17 Dec 2010 13:31:48 -0800
Subject: Re: Review of draft-zorn-radius-keywrap
From: Dan Harkins <dharkins@lounge.org>
To: Alan DeKok <aland@deployingradius.com>
Cc: 'radext mailing list' <radiusext@ops.ietf.org>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-radiusext@ops.ietf.org
Precedence: bulk
List-ID: <radiusext.ops.ietf.org>

  Hello,

On Tue, December 14, 2010 8:32 am, Alan DeKok wrote:
>   This is a review of the draft-zorn-radius-keywrap document.
>
>   First off, as co-author of the "Guidelines" document, most of the
> comments below come straight from that document.
>
>   The keywrap document defines a new RADIUS packet signature method, at
> a time when TLS and DTLS transport have been worked on for a number of
> years.  This new signature method has had little security analysis, in
> contrast to TLS.

  Neither AES Key Wrap nor (D)TLS are "signature methods". AES Key Wrap
is providing an integrity check and confidentiality only on a random key.
This technique is now new; it's used in 802.11 (you should note that
the draft in question pre-dates the "guidelines" document).

  AES Key Wrap has received quite a bit of analysis. There is a very
good critique of it in "Deterministic Authenticated Encryption: A
Provable Security Treatment of the Key Wrap Problem" by Rogaway and
Shrimpton available at:

            http://web.cecs.pdx.edu/~teshrim/keywrap.pdf

  regards,

  Dan.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

v2.23.0 | Report a Bug | By Email