Re-review of draft-ietf-hokey-erx-13.txt
<Bernard_Aboba@hotmail.com> Wed, 12 March 2008 14:54 UTC
Return-Path: <owner-radiusext@ops.ietf.org>
X-Original-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Delivered-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 25DF728C6BA for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Wed, 12 Mar 2008 07:54:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.062
X-Spam-Level:
X-Spam-Status: No, score=0.062 tagged_above=-999 required=5 tests=[AWL=0.556, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Trf28QO8wixs for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Wed, 12 Mar 2008 07:54:52 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id A772B28C1B5 for <radext-archive-IeZ9sae2@lists.ietf.org>; Wed, 12 Mar 2008 07:54:51 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.68 (FreeBSD)) (envelope-from <owner-radiusext@ops.ietf.org>) id 1JZSEm-0008sB-Q9 for radiusext-data@psg.com; Wed, 12 Mar 2008 14:47:24 +0000
Received: from [65.55.175.215] (helo=blu139-omc3-s15.blu139.hotmail.com) by psg.com with esmtp (Exim 4.68 (FreeBSD)) (envelope-from <bernard_aboba@hotmail.com>) id 1JZSEa-0008nB-EF for radiusext@ops.ietf.org; Wed, 12 Mar 2008 14:47:18 +0000
Received: from BLU137-DS3 ([65.55.162.189]) by blu139-omc3-s15.blu139.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 12 Mar 2008 07:47:11 -0700
X-Originating-IP: [130.129.19.169]
X-Originating-Email: [bernard_aboba@hotmail.com]
Message-ID: <BLU137-DS3EAA88CC94748F23197EB93080@phx.gbl>
From: Bernard_Aboba@hotmail.com
To: Jari Arkko <jari.arkko@piuha.net>, 'eap-WG' <eap@frascone.com>, ldondeti@qualcomm.com, clancy@ltsnet.net, radiusext@ops.ietf.org, "Tim.Polk@nist.gov" <tim.polk@nist.gov>, Sam Hartman <hartmans-ietf@mit.edu>, pasi.eronen@nokia.com
Subject: Re-review of draft-ietf-hokey-erx-13.txt
Date: Wed, 12 Mar 2008 07:47:23 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0028_01C88415.4ED969B0"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 12.0.1606
X-MIMEOLE: Produced By Microsoft MimeOLE V12.0.1606
X-OriginalArrivalTime: 12 Mar 2008 14:47:11.0918 (UTC) FILETIME=[F47D14E0:01C8844F]
Sender: owner-radiusext@ops.ietf.org
Precedence: bulk
Re-Review of draft-ietf-hokey-erx-13.txt I went through the draft again. Note that these comments only reflect my own review; the author still needs to follow up with other reviewers. Here are some overall comments: 1. I think you need to deal with the potential fraud issues in the document. This would involve describing the precautions that a AAA server should take in authorizing domains to receive DSRKs, and validating subsequent accounting records. 2. I think you need to specify the applicability of this specification. I'm still somewhat uncertain about whether we're talking about intra-media, inter-media, inter-domain (with some meaning of domain), etc. Please clear this up. Some details: Note that this may introduce some delay in starting EAP. In some lower layers, the delay can be minimized or even avoided by the peer initiating EAP by sending messages such as EAPoL-Start in the IEEE 802.1X specification [10]. [BA] Since ERX is not compatible with IEEE 802.1X (whose state machine doesn't support peer-initiated messages) I don't see how this is possible. It might be better to omit the reference. When the EAP-Request/Identity times out, the authenticator MUST NOT close connection if an ERP exchange is in progress or has already succeeded in establishing a reauthentication MSK. [BA] What does "close connection" mean? Is the document making normative statements about link layers specified outside the IETF? The authenticator uses the realm in the keyName-NAI [4] field to send the message to the appropriate ER server. [BA] Do you really mean that the authenticator is using the realm to determine the IP address of the ER server? Or is the keyname-NAI field just copied into the User-Name attribute so that routing happens normally? The local ER server SHALL request the home AAA server for the DSRK by sending the domain name in the AAA message that carries the EAP-Initiate/Reauth bootstrap message. The local ER server MUST be in the path from the peer to the home ER server. If it is not, it cannot request the DSRK. [BA] Since the local ER server does not determine whether it is on the path how is "path pinning" to be achieved? How does the AAA server know whether an ER server is on the path or not? What does it do if it is not on the path? In other words, what does the MUST imply? Also, how is the mapping from domain name to IP address to be achieved? Is this via an A/AAAA RR? A SRV RR lookup? Section 4.3 In case of ERP with the home ER server, the peer uses the realm from its original NAI; in case of a local ER server, the peer uses the domain name received at the lower layer or through a ERP bootstrapping exchange. [BA] Which "original NAI" are we talking about? The NAI used in the EAP-Response/Identity in the original EAP conversation? The NAI in the Peer-Id? The NAI in the ERX conversation? Section 5.1 o In addition, the rMSK is sent along with the EAP-Finish/Re-auth message, in a AAA attribute [12]. [BA] Transport of the MSK is already specified in existing AAA documents, such as RFC 4072 (Diameter EAP). Why is reference 12 being given here rather than those existing documents? This document does not update those specifications. Section 8 Authenticate all parties The EAP Re-auth protocol provides mutual authentication of the peer and the server. Both parties need to possess the keying material that resulted from a previous EAP exchange in order to successfully derive the required keys. Also, both the EAP re- authentication Response and the EAP re-authentication Information messages are integrity protected so that the peer and the server can verify each other. When the ERP exchange is executed with a local ER server, the peer and the local server mutually authenticate each other via that exchange in the same manner. The peer and the authenticator authenticate each other in the secure association protocol executed by the lower layer just as in the case of a regular EAP exchange. [BA] I think you mean "ERX" not "EAP re-authentication" or ERP, right? One thing that is left out here is authentication between the ERX local server and the ERX home server. This exists if they are one hop apart, but otherwise not. So I think there is an assumption that the ERX server is only willing to provide keys to domains that it is explicitly authorized to deal with. It is RECOMMENDED that the AAA protocol be protected using IPsec or TLS so that the keys are protected in transit. Note however that keys may be exposed to AAA proxies along the way and compromise of any of those proxies may result in compromise of keys being transported through them. [BA] I think you just want to say "It is RECOMMENDED that the AAA protocol protect the keys in transit. This can be accomplished via transmission layer security (IPsec or TLS), or via an application-layer mechanism." Confidentiality of identity Deployments where privacy is a concern may find the use of rIKname-NAI to route ERP messages serves their privacy requirements. Note that it is plausible to associate multiple runs of ERP messages since the rIKname is not changed as part of the ERP protocol. There was no consensus for that requirement at the time of development of this specification. If the rIKname is not used and the Peer-ID is used instead, the ERP exchange will reveal the Peer-ID over the wire. [BA] The rest of the spec does not talk about use of the Peer-Id. Since not all EAP method deriving keys have a Peer-Id, do you really want this mentioned here? To prevent such DoS attacks, an ERP failure should not result in deletion of any authorization state established by a full EAP exchange. [BA] Is this purely up to this specification to determine? Typically the lower layer defines the authorization state and how it is installed/removed. This may not necessarily involve EAP (e.g. 802.11 4-way handshake).
- Re-review of draft-ietf-hokey-erx-13.txt Bernard_Aboba
- Re: [eap] Re-review of draft-ietf-hokey-erx-13.txt Bernard_Aboba