IETF Logo Mail Archive

Re: [radext] WGLC for draft-ietf-radext-tls-psk-04

Alan DeKok <aland@deployingradius.com> Fri, 12 January 2024 21:43 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CE7FC14F60B for <radext@ietfa.amsl.com>; Fri, 12 Jan 2024 13:43:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F6GGxpvsWG07 for <radext@ietfa.amsl.com>; Fri, 12 Jan 2024 13:43:47 -0800 (PST)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B70BFC14F602 for <radext@ietf.org>; Fri, 12 Jan 2024 13:43:47 -0800 (PST)
Received: from smtpclient.apple (135-23-95-173.cpe.pppoe.ca [135.23.95.173]) by mail.networkradius.com (Postfix) with ESMTPSA id 122E7340; Fri, 12 Jan 2024 21:43:43 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <e34c5a26-079d-4988-83b0-c53c3708ef2e@switch.ch>
Date: Fri, 12 Jan 2024 16:43:42 -0500
Cc: radext@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <57B035CF-64CA-4B93-9FEE-929D7DD80D32@deployingradius.com>
References: <005901da242e$f623d550$e26b7ff0$@smyslov.net> <6172ba00-6793-4393-9466-37b52fe1e25b@switch.ch> <651E26F6-B0B2-40A7-B636-88569CFEFCB3@deployingradius.com> <e34c5a26-079d-4988-83b0-c53c3708ef2e@switch.ch>
To: Fabian Mauchle <fabian.mauchle@switch.ch>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/pB2_ELguCOTG8-sYMrtSR_U4HGY>
Subject: Re: [radext] WGLC for draft-ietf-radext-tls-psk-04
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jan 2024 21:43:50 -0000

On Jan 12, 2024, at 11:56 AM, Fabian Mauchle <fabian.mauchle@switch.ch> wrote:
> If a server chooses to reject non-UTF8 identities it very explicitly does NOT support identities as a set of undistinguished octets.
> Supporting 'PSK identities as a set of undistinguished octets' to me means that I have to accept random stuff as an identity - even a zero-byte 0x00 - but if I reject this identity because it's not UTF-8, I'm violating this provision.

  The discussion should be clarified then:

- PSK identities are opaque blobs, and must be supported as such

- PSK identities used for resumption are automatically generated, so no one cares what they are

- long-lived PSK identities provisioned by an admin are likely best as UTF-8, which makes them easier to manage.

> Turning this on its head:
> Section 5.1 mandates support for UTF-8 identities on the client side. So why do we need a MUST requirement on the server side to support random (non-UTF-8) identities?

  TLS requires that PSK identities be opaque blobs.  I'll clarify the text.

> From the TLS1.3 protocol point of view, PSK and resumption are the same thing - it does not care if identity and key were provided by an admin or established using a session ticket.

  The server has to be able to distinguish between them.  IIRC from the hallway conversations in Prague, the server must simple "make them different" somehow, using a method up to the server.  It can then either examine the PSK identity to determine resumption (or not).  Or, the server can examine a database to determine if the identity is resumed (or not).

  The difference for the server is that the resumed PSK session must re-use (or re-run) the cached policies from the original session.  It therefore likely needs to associate the original PSK identity with the resumption identity.

  In contrast, the client simple knows "I can resume using identity A, and do a full auth using identity B".

  I'll update the text to clarify these issues.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email