IETF Logo Mail Archive

Re: [radext] BoF request for IETF 115

Alan DeKok <aland@deployingradius.com> Thu, 22 September 2022 23:24 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE9A5C14F74A for <radext@ietfa.amsl.com>; Thu, 22 Sep 2022 16:24:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5RjehOUvLSZ2 for <radext@ietfa.amsl.com>; Thu, 22 Sep 2022 16:24:47 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EC5BC14F743 for <radext@ietf.org>; Thu, 22 Sep 2022 16:24:46 -0700 (PDT)
Received: from smtpclient.apple (135-23-95-173.cpe.pppoe.ca [135.23.95.173]) by mail.networkradius.com (Postfix) with ESMTPSA id 47DE0124; Thu, 22 Sep 2022 23:24:41 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <CAOW+2dsGe45VByajY85tv6-iZScYcQuoFXEL5_xg3b0r2ApVTg@mail.gmail.com>
Date: Thu, 22 Sep 2022 19:24:39 -0400
Cc: radext@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <CD6DFA47-CD04-479E-ABEB-186526F93ACA@deployingradius.com>
References: <LNXP123MB2569B8F0432A96CA9ED5F506887E9@LNXP123MB2569.GBRP123.PROD.OUTLOOK.COM> <1375C9A8-6ADD-4168-B0F7-5AF718C1EA06@painless-security.com> <CAOW+2dsGe45VByajY85tv6-iZScYcQuoFXEL5_xg3b0r2ApVTg@mail.gmail.com>
To: Bernard Aboba <bernard.aboba@gmail.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/nfbyYbt2YwsmUUG4k8VSSOxfhbY>
Subject: Re: [radext] BoF request for IETF 115
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Sep 2022 23:24:51 -0000

On Sep 22, 2022, at 5:50 PM, Bernard Aboba <bernard.aboba@gmail.com> wrote:
> Just today, the CyberSecurity & Infrastructure Security Agency (CISA) issued an Alert relating to threats to operational technology: 
> https://www.cisa.gov/uscert/ncas/alerts/aa22-265a
> 
> A question: Will the revision to RFC 6421 cover post-quantum considerations?  

  My preference would be to just punt the problem to TLS.  That is also the historical approach (chosen implicitly) by prior discussions in RADEXT.

  i.e. If TLS transport is required, then any issues related to MD4 / MD5 are "papered over" by the TLS encapsulation.  If the TLS layer is resistant to post-quantum considerations, then the application data encapsulated inside of TLS is safe, too.

  The driver for crypto agility was a post by the AD (Russ Housely) to RADEXT in 2006.  It's quoted in RFC 6421:

      The RADEXT WG will review the security requirements for crypto-
      agility in IETF protocols, and identify the deficiencies of the
      existing RADIUS protocol specifications against these
      requirements.  Specific attention will be paid to RFC 4962 [RFC4962].

      The RADEXT WG will propose one or more specifications to remediate
      any identified deficiencies in the crypto-agility properties of
      the RADIUS protocol.  The known deficiencies include the issue of
      negotiation of substitute algorithms for the message digest
      functions, the key-wrap functions, and the password-hiding
      function.  Additionally, at least one mandatory to implement
      cryptographic algorithm will be defined in each of these areas, as
      required.

  To  my recollection, the RADEXT WG never seriously discussed any of those points.  Instead, once the RADIUS / TLS work was started, all of the crypto agility requirements were silently dropped.  The preference was to not design any new cryptographic primitives in RADEXT.

  That is, RFC 6421 was published, and was resoundingly ignored.  It would be worth perhaps explaining why in a new document.  Perhaps the one which deprecates RADIUS / UDP.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email