IETF Logo Mail Archive

Re: [radext] Proposed charter text based on IETF-115 BoF

Bernard Aboba <bernard.aboba@gmail.com> Wed, 23 November 2022 23:59 UTC

Return-Path: <bernard.aboba@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEB20C14CF16 for <radext@ietfa.amsl.com>; Wed, 23 Nov 2022 15:59:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CffXC1hGMZrE for <radext@ietfa.amsl.com>; Wed, 23 Nov 2022 15:59:10 -0800 (PST)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 068E5C14CF12 for <radext@ietf.org>; Wed, 23 Nov 2022 15:59:10 -0800 (PST)
Received: by mail-ed1-x529.google.com with SMTP id b8so405131edf.11 for <radext@ietf.org>; Wed, 23 Nov 2022 15:59:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=oB5c1d/bvSxz51gXSLXseZTnZk+PGp4n114FQbQsVuE=; b=hwBiIqmMeE9dvenuqkBanLIEVhV324ZdHb1gyXQrDXjA1J3A7za5ZRHv7zCuO3Qm1d yUi2gra0cc7BgXwfn7wNXzn/rCcRD7RmCTCaoGKdwch/6tLfkcAt05FMmbbB2Ii+sCw/ GgeFuzOBl9S7pC3GhSbLaG1iHS8aoGuxxcVrXOhXrEOlBdGOJSWTmmbj/5q9Hao2OVNU AYmJ3Tx7VNwPN0zMpzo/sINokeLyB14MNAztp8MWMKF7rUye+q6WVlZr2Tr3sZBivxBr ecHpsGzMMlti3qHR8WMykfA8xfaiSAQG1MqJvxq0KlM0d13GjPKqrZpK5vaneN8HMtFl LaAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=oB5c1d/bvSxz51gXSLXseZTnZk+PGp4n114FQbQsVuE=; b=aYz75441kqkZgX98QGcevBEnXGjGIMn3rFywdcKwZaURJVdsER8fKRNHLtnP/2wa5r fOF/IZUec/980TJJz8vHckjhQxuxJflMBfvudzZmcI4aA9p8fFevM78HSYIEnleD0iRa 3SkCOoHFNsF/Lw6LGwegkLSb3GXiEHppjBoLdFbaO6r9RaaKdKLxd3/Hdrkkdkg30Beh WrYVkwTtZEwIIZ07qC7tC3ugK6BhTdsOBwVhWimf91xQjACtLpy096m59SmVM/CSq99/ YU1cy2WNN6OvTqqCTy1nH0KLrK2H/j1o9nOzcJVXU/1WWqHWZIwQihOe8f+9PYlgcpFF jDZQ==
X-Gm-Message-State: ANoB5pnriK06vaV0G9ODAXHCkt66g4Sdoaj4hxuSeBlgYq6H/Y3Gwsg8 i4cwyybSGb2HhU6zaDL5j0cDmQTb4we2TQyMtEg=
X-Google-Smtp-Source: AA0mqf7ycqWA9uCL8RwWLHi+5itIqaX7DA3oslE9ncoBFsAgPOwZA2qOPJsbzFPDSd/ZQb7sb3CIVWE1y6JyOcksS4I=
X-Received: by 2002:a05:6402:4a:b0:461:aa10:cb0c with SMTP id f10-20020a056402004a00b00461aa10cb0cmr27941042edu.383.1669247948110; Wed, 23 Nov 2022 15:59:08 -0800 (PST)
MIME-Version: 1.0
References: <FD0507D4-2C1D-478A-97E0-ECEEF1A5613B@deployingradius.com> <E82B0ECD-4580-4F35-B07B-35685CFC5C44@aiven.io> <883f3572-121f-5ed8-7378-1a91c5525f88@iea-software.com> <EAAC2507-5D29-4453-8881-BC8D9D5314D8@deployingradius.com>
In-Reply-To: <EAAC2507-5D29-4453-8881-BC8D9D5314D8@deployingradius.com>
From: Bernard Aboba <bernard.aboba@gmail.com>
Date: Wed, 23 Nov 2022 15:58:56 -0800
Message-ID: <CAOW+2dsKg_H9f3zRUnanCpgGO+G=VPyxzWa9hsrCJCpsnoBsxA@mail.gmail.com>
To: Alan DeKok <aland@deployingradius.com>
Cc: Peter Deacon <peterd@iea-software.com>, Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org>, "radext@ietf.org" <radext@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fd408405ee2c1291"
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/jAe5EQxOhfBlvvYjNd9qqeyRe4U>
Subject: Re: [radext] Proposed charter text based on IETF-115 BoF
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Nov 2022 23:59:14 -0000

Alan said:

"Please read the SRADIUS draft.  It explains all of these issues very
clearly.  There are very good reasons for removing MD5 from RADIUS.  There
are very good reasons for not calling the resulting protocol "RADIUS"."

[BA] I have read the SRADIUS draft. There are some good ideas in there.

If the intent is to integrate those portions of the draft that garner WG
consensus into the RADIUS over (D)TLS specifications, then the document
represents a useful contribution.

But if the end result is a specification for each transport in addition to
a separate SRADIUS specification, then this seems problematic to me,
because you'd effectively have 4+ protocol variants (2 transports +
SRADIUS on or off), each of which could declare itself a "Proposed
Standard".

The process set out by RFC 6421 was designed to only advance a small set of
deployed, interoperable specifications to Proposed Standard.

It will be hard enough to get one specification per transport widely
deployed. Getting that done will require testing and certification programs
along the lines of what was done for IEEE 802.11 security.

Since protocol variants and "options" greatly expand the test matrix and
certification cost, if the WG produces 4+ variants of "secure RADIUS" there
will be a temptation for industry consortia to produce their own "profiles"
of SRADIUS + (D)TLS in order to reduce the complexity.

There was a time when the IETF took pride in producing concise, "Simple"
interoperable specifications with as few options as possible and no
"profiles".  That still seems like a worthy goal for this effort.











But there is also an awful lot of "amateur lawyering" in the document,
including statements relating to the implications of FIPS-140 requirements
that differ very substantially from NIST documentation and official
guidance.





On Tue, Nov 22, 2022 at 7:36 AM Alan DeKok <aland@deployingradius.com>
wrote:

> On Nov 22, 2022, at 9:49 AM, Peter Deacon <peterd@iea-software.com> wrote:
> > What I'm not clear on is where in any applicable security standards are
> such algorithms prohibited in applications for reasons other than security?
>
>   NIS SP 800-140Cr1 lists the allowed digest algorithms in FIPS-140-3:
> https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140Cr1.pdf.
> MD5 isn't on the list
>
>   i.e. they list the allowed ciphers, digests, etc.  Everything else is
> explicitly forbidden.
>
>   So you can't use MD5 for *any* purpose and be FIPS compliant.
>
> > I am concerned with the idea of multiple seemingly identical
> incompatible versions of RADIUS.  SRADIUS naming in particular is likely to
> be a source of avoidable operator confusion.
>
>   SRADIUS is a transport profile for RADIUS.   We've already added TCP,
> TLS, and DTLS to the original UDP-only RADIUS.  The potential for confusion
> is relatively small.
>
> > Hey isn't RADIUS over TLS S(ecure)RADIUS?
>
>   It's true that TLS allows for transport-layer security.  But if names
> are a problem, why are we using RadSec or RADIUS/TLS?  Why not just RADIUS
> for everything?
>
>   For me, the point of choosing a new name is to highlight the differences
> between this transport and normal RADIUS transport.  Names matter, and
> names have meaning.
>
> >  It connects ok but why does the connection keep dropping as soon as I
> send an authentication request? Presumably some operators wouldn't even
> have a choice to select non-SRADIUS and interopability would be impossible.
>
>   Why wouldn't people have a choice with interoperability?  You're making
> assumptions without explaining why those assumptions are true.
>
>   You're also assuming that operators and administrators have no tools
> with which to debug network connections.  I don't see that as true.
>
> > I would prefer there be only one RADIUS over TLS standard not multiple
> incompatible ones.
>
>     Please read the SRADIUS draft.  It explains all of these issues very
> clearly.  There are very good reasons for removing MD5 from RADIUS.  There
> are very good reasons for not calling the resulting protocol "RADIUS".
>
>    Alan DeKok.
>
>

v2.23.0 | Report a Bug | By Email