Re: [radext] Fwd: New Version Notification for draft-dekok-radext-tls-psk-00.txt
Bernard Aboba <bernard.aboba@gmail.com> Mon, 13 March 2023 10:09 UTC
Return-Path: <bernard.aboba@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D94DC14CE25 for <radext@ietfa.amsl.com>; Mon, 13 Mar 2023 03:09:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZXmCfGF6W4vg for <radext@ietfa.amsl.com>; Mon, 13 Mar 2023 03:09:43 -0700 (PDT)
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5F97C14CE3F for <radext@ietf.org>; Mon, 13 Mar 2023 03:09:43 -0700 (PDT)
Received: by mail-ed1-x52b.google.com with SMTP id fd5so12480638edb.7 for <radext@ietf.org>; Mon, 13 Mar 2023 03:09:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1678702181; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=jP1akt7r/vgFxcX03dic46KAF7ezACWGcTLNF7cIT8Y=; b=Z8WaVigdiUPTYM9mPTlwQ24b9VMMmv26jPZmQ1S8oznHvARhT0RzdLWWRboto1djhe Y5MizsDzH48Nn4VzA1XHFlNMChQq2YeBRKQcjnpqx4aW5cRVT9UPkqc8u5Y3CAbRqMQD FxjRc5lYwIhqT3kFX7Py2NIYCGHc5dpUfa3fet4UfgKsEvlwqeIBPp+Syx+kjwlwuPs/ LJifBsMU67vgc9raJ/WX5J7MCfur8WKABoLJRqhseyfyamTrUbvv4wos0l4pRSz9ko8y J+mbzxw2jkoLaclD9/R+HgqWBWGEsJ8eRBKH6NfqTCYS/pRFJiZRj1jaqIr+cfBRNQxk BIUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678702181; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jP1akt7r/vgFxcX03dic46KAF7ezACWGcTLNF7cIT8Y=; b=JhQA1KbpNEJhQGF3X0tfJiRwKwLPnnlxc8nPFrhWDcsmUy2MI+jb5jSgBlh0lJmmVz lKjPQ6P2QKGYF9GJnAToIuspmLFR3a8Mh0C3VDVjIrEOB2h0a1WOxGT+zCUB4u1syg1F kXdw2BgzM7r0unP71UkXAT9LlQAqMM8/fTu36RouxMBX2SXc4+yOlcGp0l1wLe/VbLMP +zLKmaDU78t3oI9y22C4LL4y99EIyN7XSkOjofwLa3aeK/ZIpuRSvHAZczP/d5W634uW xwq8JRVGgUw05V1K5e7484MuH1ECqa0kQCaYQhKrL/aCf6j636y+G9c+QzFOFkNdr9Hb caFg==
X-Gm-Message-State: AO0yUKXNw9egxcqdxo7CkPW9+Xfhga2e+u3WJlSlzcaDRHqhZTUtXX/e IGu7dozwo1lAIGwSvy+Dr13g6KYcdzjdmQkDTWnx+5cvD8hRLU0y
X-Google-Smtp-Source: AK7set8JY68JRPkqJZ6N9iqvPyQ8Ya/o09tNE5y8c6uJg/kUq4tEQdFbkuRgrgcQ/VgXs8IPlEZD75BHtCIIKYDOoqY=
X-Received: by 2002:a17:907:7d8c:b0:8f5:2e0e:6def with SMTP id oz12-20020a1709077d8c00b008f52e0e6defmr6664917ejc.0.1678702181204; Mon, 13 Mar 2023 03:09:41 -0700 (PDT)
MIME-Version: 1.0
References: <167785628035.47190.15791139665197204009@ietfa.amsl.com> <1D6E0485-D1BF-4DAE-97A9-F4CCC4DB5F31@deployingradius.com>
In-Reply-To: <1D6E0485-D1BF-4DAE-97A9-F4CCC4DB5F31@deployingradius.com>
From: Bernard Aboba <bernard.aboba@gmail.com>
Date: Mon, 13 Mar 2023 06:09:29 -0400
Message-ID: <CAOW+2dsnso_M+7Pt7MnvRJ3XqK8yB2tYWyC09zg2gwDB5OFBVQ@mail.gmail.com>
To: Alan DeKok <aland@deployingradius.com>
Cc: radext@ietf.org
Content-Type: multipart/alternative; boundary="00000000000031c95e05f6c54f05"
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/jx9Y1R03e4VN5EW_dHDSw-rNXL8>
Subject: Re: [radext] Fwd: New Version Notification for draft-dekok-radext-tls-psk-00.txt
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2023 10:09:47 -0000
Here is my review. Section 3 "Certificates are hard to manage, but there is no guidance in [RFC6614 <https://www.rfc-editor.org/info/rfc6614>] and [RFC7360 <https://www.rfc-editor.org/info/rfc7360>] for using TLS-PSK."¶ <https://datatracker.ietf.org/doc/html/draft-dekok-radext-tls-psk#section-3-1> [BA] How about this? "TLS deployments rely on certificates in most common uses. However, we recognize that it may be difficult to fully upgrade client implementations to allow for certificates to be used with RADIUS/TLS and RADIUS/DTLS. Unfortunately, "Transport Layer Security (TLS) Encryption for RADIUS" [RFC6614] and " Datagram Transport Layer Security (DTLS) as a Transport Layer for RADIUS" [RFC7360] do not provide guidance for using TLS-PSK." "Implementations can ensure safety from cross-protocol related output by not reusing PSKs between TLS 1.3 and TLS 1.2. [BA] Not sure what "cross-protocol related output" means. How about this? "Reuse of a PSK in multiple versions of TLS (e.g. TLS 1.2 and TLS 1.3) is considered unsafe <insert reference>, due to <insert justification>. ¶ <https://datatracker.ietf.org/doc/html/draft-dekok-radext-tls-psk#section-4-7> "It would be unnecessarily complex for management interfaces and administrators to manage multiple PSKs depending on the TLS version. Therefore, we mandate that when TLS-PSK is used, TLS 1.3 or later MUST be used in RADIUS/TLS and RADIUS/DTLS.¶ <https://datatracker.ietf.org/doc/html/draft-dekok-radext-tls-psk#section-4-8> " [BA] I don't think it is helpful to prohibit use of TLS 1.2. Also, won't we have the same issue if an implementation can reuse a PSK with TLS 1.3 and a future version? How about this? "In order to prevent reuse of a PSK with multiple TLS versions, implementations configuring TLS -PSK MUST require negotiation of the highest TLS version that they support. For example, if a TLS implementation supports both 1.2 and 1.3, the implementation MUST require that TLS 1.3 be negotiated in RADIUS/TLS and RADIUS/DTLS." "Implementations MUST use ECDH cipher suites:¶ <https://datatracker.ietf.org/doc/html/draft-dekok-radext-tls-psk#section-4-9> - TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256¶ <https://datatracker.ietf.org/doc/html/draft-dekok-radext-tls-psk#section-4-10.1> - TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256¶ <https://datatracker.ietf.org/doc/html/draft-dekok-radext-tls-psk#section-4-10.2> - TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384¶ <https://datatracker.ietf.org/doc/html/draft-dekok-radext-tls-psk#section-4-10.3> - TBD: other TLS ECDH PSK suites¶ <https://datatracker.ietf.org/doc/html/draft-dekok-radext-tls-psk#section-4-10.4> " [BA] In general, ciphersuite mandates have not aged well, because new ciphersuites are introduced with each TLS version, and others are deprecated. So I'd try to couch the guidance in terms of a specific TLS version. Section 4.1 "A RADIUS client implementing TLS-PSK MUST update their management interfaces and application programming interfaces (APIs) to label the PSK field as "PSK" or "TLS-PKS, and MUST NOT label the PSK field as "shared secret".¶ <https://datatracker.ietf.org/doc/html/draft-dekok-radext-tls-psk#section-4.1-3> [BA] UI mandates are out of scope for IETF specifications. How about this? "RADIUS shared secrets cannot safely be used as TLS-PSKs. To prevent confusion between shared secrets and TLS-PSKs, management interfaces and APIs need to label PSK fields as "PSK" or "TLS-PSK", rather than "shared secret". Section 5.1 "A RADIUS server which accepts TLS-PSK MUST support a unique PSK identifier per RADIUS client. There is no reason to use the same identifier for multiple clients. A RADIUS server which accepts TLS-PSK MUST have a unique PSK per RADIUS client.¶ <https://datatracker.ietf.org/doc/html/draft-dekok-radext-tls-psk#section-5.1-8> " [BA] I think this requirement could be stated more clearly and should be placed at the front of the section. How about this? "Each RADIUS client MUST be configured with a unique TLS-PSK, which implies a unique PSK identifier for each RADIUS client. To enforce the use of unique TLS-PSKs, RADIUS servers accepting TLS-PSK MUST require a unique TLS-PSK and PSK identifier for each RADIUS client." Section 6 I'd retitle this as "PSKs and Shared Secrets" and move it closer to the front of the document, given its importance. On Fri, Mar 3, 2023 at 10:21 AM Alan DeKok <aland@deployingradius.com> wrote: > A basic TLS-PSK document giving initial guidance on using TLS-PSK. > > Begin forwarded message: > > *From: *internet-drafts@ietf.org > *Subject: **New Version Notification for > draft-dekok-radext-tls-psk-00.txt* > *Date: *March 3, 2023 at 10:11:20 AM EST > *To: *"Alan DeKok" <aland@freeradius.org> > > > A new version of I-D, draft-dekok-radext-tls-psk-00.txt > has been successfully submitted by Alan DeKok and posted to the > IETF repository. > > Name: draft-dekok-radext-tls-psk > Revision: 00 > Title: RADIUS and TLS-PSK > Document date: 2023-03-03 > Group: Individual Submission > Pages: 7 > URL: > https://www.ietf.org/archive/id/draft-dekok-radext-tls-psk-00.txt > Status: > https://datatracker.ietf.org/doc/draft-dekok-radext-tls-psk/ > Html: > https://www.ietf.org/archive/id/draft-dekok-radext-tls-psk-00.html > Htmlized: > https://datatracker.ietf.org/doc/html/draft-dekok-radext-tls-psk > > > Abstract: > This document gives implementation and operational considerations for > using TLS-PSK with RADIUS/TLS (RFC6614) and RADIUS/DTLS (RFC7360). > > > > > The IETF Secretariat > > > > _______________________________________________ > radext mailing list > radext@ietf.org > https://www.ietf.org/mailman/listinfo/radext >
- [radext] Fwd: New Version Notification for draft-… Alan DeKok
- Re: [radext] Fwd: New Version Notification for dr… josh.howlett
- Re: [radext] New Version Notification for draft-d… Alan DeKok
- Re: [radext] New Version Notification for draft-d… josh.howlett
- Re: [radext] New Version Notification for draft-d… Alan DeKok
- Re: [radext] Fwd: New Version Notification for dr… Bernard Aboba
- Re: [radext] New Version Notification for draft-d… Alan DeKok
- Re: [radext] New Version Notification for draft-d… josh.howlett
- Re: [radext] New Version Notification for draft-d… Alan DeKok
- Re: [radext] Fwd: New Version Notification for dr… Alexander Clouter
- Re: [radext] New Version Notification for draft-d… Alan DeKok
- Re: [radext] New Version Notification for draft-d… Alexander Clouter