Re: [radext] PSK identity in draft-ietf-radext-tls-psk-01
Alan DeKok <aland@deployingradius.com> Thu, 17 August 2023 17:26 UTC
Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F10FDC151533 for <radext@ietfa.amsl.com>; Thu, 17 Aug 2023 10:26:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pv5FYbzAoW-C for <radext@ietfa.amsl.com>; Thu, 17 Aug 2023 10:26:34 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAA19C151531 for <radext@ietf.org>; Thu, 17 Aug 2023 10:25:59 -0700 (PDT)
Received: from smtpclient.apple (135-23-95-173.cpe.pppoe.ca [135.23.95.173]) by mail.networkradius.com (Postfix) with ESMTPSA id A7E90126; Thu, 17 Aug 2023 17:25:54 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <CAA7Lko8W5T+7KQ0fr3KwvuBJM0_D-6NTAe9gZNvi8h5apPHLxw@mail.gmail.com>
Date: Thu, 17 Aug 2023 13:25:52 -0400
Cc: radext@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <10343A98-2E69-4838-8776-736265CF68FE@deployingradius.com>
References: <CAA7Lko8W5T+7KQ0fr3KwvuBJM0_D-6NTAe9gZNvi8h5apPHLxw@mail.gmail.com>
To: Heikki Vatiainen <hvn@radiatorsoftware.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/dJgU3Kmg7qK7oS7pR7CgemAp8C8>
Subject: Re: [radext] PSK identity in draft-ietf-radext-tls-psk-01
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2023 17:26:36 -0000
On Aug 17, 2023, at 12:13 PM, Heikki Vatiainen <hvn@radiatorsoftware.com> wrote: > > draft-ietf-radext-tls-psk-01 currently says: > > RADIUS systems implementing TLS-PSK MUST support identities as per [RFC4279] Section 5.3, and MUST enable configuring TLS-PSK identities in management interfaces as per [RFC4279] Section 5.4. > > RFC 4279 requires UTF-8 encoded identity. It also hints that a PSK identity is a human readable string. Later draft-ietf-radext-tls-psk-01 says: > > It is RECOMMENDED that systems follow the directions of [RFC9257] Section 6.1.1 for the use of external PSK identies in TLS. > > RFC 9257 refers to RFC 7925 and RFC 8446 where the former recommends byte-by-byte operations and the latter specifies PSK identity as an opaque octet string. The same difference is visible, for example, in OpenSSL PSK APIs: There is a lot of disagreement between the specifications. In this case, since the PSK identity isn't being sent in RADIUS, it should be possible to treat it as an opaque sequence of octets. > Some thoughts: While UTF-8 RFC 4279 format identity must be supported, I would clarify that a PSK identity must be handled as hostile data. It's not a source IP address, which is typically a safe lookup key, nor a value from a trusted certificate, which may be at least a bit trusted. A TLS PSK identity is an unauthenticated octet string that's fully under the control of the sender and is not vetted in any way before it's passed to function that needs to use it for a lookup. A PSK identity may: > - have incorrect UTF-8 format > - contain SQL or LDAP injection > - contain shell metacharacters targetting system() and other similar functions > - contain embedded ASCII NUL-octets that can be incompatible with C string APIs > - be a combination of all the above, and whatever else too, up to 65535 octets long That's worth noting in the doc. I'll update it and issue a new revision shortly. > Client authentication with certificates is typically not visible to a radsec server because the TLS stack does all the work. With PSKs the server must be aware that it handles data from unauthenticated clients during the TLS handshake. Radsec servers can also verify / use the identities in client certs for policies, logging etc.. But that's a minor issue. Alan DeKok.
- [radext] PSK identity in draft-ietf-radext-tls-ps… Heikki Vatiainen
- Re: [radext] PSK identity in draft-ietf-radext-tl… Alan DeKok
- Re: [radext] PSK identity in draft-ietf-radext-tl… Heikki Vatiainen
- Re: [radext] PSK identity in draft-ietf-radext-tl… Alan DeKok