Re: [radext] FW: New Version Notification for draft-xue-radext-key-management-01.txt
Stefan Winter <stefan.winter@restena.lu> Fri, 12 July 2013 06:39 UTC
Return-Path: <stefan.winter@restena.lu>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8F3C21F9CBD for <radext@ietfa.amsl.com>; Thu, 11 Jul 2013 23:39:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.112
X-Spam-Level:
X-Spam-Status: No, score=-2.112 tagged_above=-999 required=5 tests=[AWL=0.487, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zLCa60MrkLE3 for <radext@ietfa.amsl.com>; Thu, 11 Jul 2013 23:39:23 -0700 (PDT)
Received: from smtprelay.restena.lu (smtprelay.restena.lu [IPv6:2001:a18:1::62]) by ietfa.amsl.com (Postfix) with ESMTP id D2A4921F9C74 for <radext@ietf.org>; Thu, 11 Jul 2013 23:39:22 -0700 (PDT)
Received: from smtprelay.restena.lu (localhost [127.0.0.1]) by smtprelay.restena.lu (Postfix) with ESMTP id 9895B10580 for <radext@ietf.org>; Fri, 12 Jul 2013 08:39:20 +0200 (CEST)
Received: from aragorn.restena.lu (aragorn.restena.lu [IPv6:2001:a18:1:8::155]) by smtprelay.restena.lu (Postfix) with ESMTPS id 867B41057D for <radext@ietf.org>; Fri, 12 Jul 2013 08:39:20 +0200 (CEST)
Message-ID: <51DFA493.5000005@restena.lu>
Date: Fri, 12 Jul 2013 08:39:15 +0200
From: Stefan Winter <stefan.winter@restena.lu>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: radext@ietf.org
References: <01FE63842C181246BBE4CF183BD159B448525BE5@NKGEML512-MBS.china.huawei.com>
In-Reply-To: <01FE63842C181246BBE4CF183BD159B448525BE5@NKGEML512-MBS.china.huawei.com>
X-Enigmail-Version: 1.5.1
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="----enig2XFADBWDFNFSLLLEUKKTS"
X-Virus-Scanned: ClamAV
Subject: Re: [radext] FW: New Version Notification for draft-xue-radext-key-management-01.txt
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2013 06:39:23 -0000
Hello, > There is a new version for RADIUS Extensions for Key Management in WLAN network. > > > It is a general case that authenticator is deployed on gateway instead of AC. So In this scenario, > the encryption/decryption node can't obtain Pairwise Master Key (PMK) information during Extensible > Authentication Protocol (EAP) procedure, it is not sufficient to > achieve traffic encryption/decryption requirement in Wireless Local Area Network (WLAN) network. > > This document analyzes the requirement and issue for key management > that has arisen so far during authentication process in WLAN network. > Meanwhile, the control messages for key management are defined. > > This drat is updated with China-telecom as co-author. > Your comments are appreciated. When you submitted -00, you got substantial criticism as per the use cases for this document; the approach taken to offload the authenticator function to the SGW was seen as a rather odd move. Now, in -01, you don't really react to this; the only statement in that direction I see is that you repeatedly make the assertion that "It is a general case in operators networks". I simply doubt that this is generally true; merely making an unbacked assertion that it is so doesn't make it true. I also can't help but notice that many of your normative references are old and obsolete. * For key exchange, you reference an unapproved draft of IEEE-802.11i! All of the features from that draft are meanwhile part of IEEE 802.11-2012 (and I hope you don't implement an old draft version in your products!). * The next reference is the IEEE 802.1X version from 2001 - it has two successors meanwhile. * RFC3576 is obsoleted by RFC5176. You mention both in the normative references; the main text uses the Authenticator field from 3576, but the type definition from 5176. That's probably an oversight; the calculation of Authenticator hasn't changed between the two revs. Your security considerations are very inadequate. You simply state that the link between SGW and AC must be secure. From my (skimming) understanding of the draft, these two entities are not typically located inside the same premises, right? If they aren't, simply assuming securtiy on the link blindly is an extremely bad idea. IMHO, not protecting the keys and sending them in the clear is a no-go. In the same section, you state roughly "Oh, if you need security, use IPSec!" - which is too superficial a statement to be useful; you should at least discuss how the IPSec endpoints are supposed to negotiate IPSec keying material to be able to communicate confidentially. BTW, if I recall correctly your draft was motivated by the "fact" (or so you presented it) that changing the AC to take over the authenticator role is too costly in terms of implementation or computing power. Now in security considerations, you generously recommend to implement the entire IPSec stack on the AC. I would argue that it's easier to implement the authenticator function of IEEE 802.1X than it is to implement IPSec. The same section also suggests MD5 encryption/decryption. Here I am completely lost. The KoA and KoA ACK/NAK messages are RADIUS packets, right? As such they are always making use of the MD5 shared secret for integrity checks; if you want to protect the 802.11 keying material then you could use encrypted attributes with the same shared secret (that's the way how User-Password gets encrypted). With little to no additional implementation cost. If that's what you want - don't put a half-sentence into security considerations. *Write in the spec itself that the attribute is to be encrypted*. BTW, even if you do write that in the spec, you'd still get a beating for suggesting MD5 RADIUS crypto in 2013. This encryption method is not contemporary. Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
- [radext] FW: New Version Notification for draft-x… Xueli
- Re: [radext] FW: New Version Notification for dra… Stefan Winter
- Re: [radext] FW: New Version Notification for dra… Xueli
- Re: [radext] FW: New Version Notification for dra… Stefan Winter
- Re: [radext] FW: New Version Notification fordraf… gaobo
- Re: [radext] FW: New Version Notification for dra… 高波