IETF Logo Mail Archive

[radext] Re: Lack of Channel Bindings in RADIUS/(D)TLS

Alan DeKok <aland@deployingradius.com> Tue, 30 July 2024 14:35 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E2BEC14F6BB for <radext@ietfa.amsl.com>; Tue, 30 Jul 2024 07:35:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w8krukHFkboc for <radext@ietfa.amsl.com>; Tue, 30 Jul 2024 07:35:07 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D863CC14F5E6 for <radext@ietf.org>; Tue, 30 Jul 2024 07:35:06 -0700 (PDT)
Received: from smtpclient.apple (unknown [75.98.136.130]) by mail.networkradius.com (Postfix) with ESMTPSA id D22BD17F3; Tue, 30 Jul 2024 14:35:03 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <CAOW+2dtmPRL6CoeUZJSMHee+ae=DUMhEyJqzYtVHod4hgQ8xEA@mail.gmail.com>
Date: Tue, 30 Jul 2024 10:35:02 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <E77247DC-B329-4805-9F3B-EA7B8C9A0093@deployingradius.com>
References: <3A0631E2-9679-4AC6-82DC-0ECD5DDCBE03@gmail.com> <06c787ed-b989-f0ea-5a1e-0762fa63053b@iea-software.com> <84133.1721926586@dyas> <CAOW+2dtmPRL6CoeUZJSMHee+ae=DUMhEyJqzYtVHod4hgQ8xEA@mail.gmail.com>
To: Bernard Aboba <bernard.aboba@gmail.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Message-ID-Hash: BPEOC43735YB3AJFFZ53OLT2A47YI25N
X-Message-ID-Hash: BPEOC43735YB3AJFFZ53OLT2A47YI25N
X-MailFrom: aland@deployingradius.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-radext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Michael Richardson <mcr+ietf@sandelman.ca>, Peter Deacon <peterd@iea-software.com>, Margaret Cullen <mrcullen42@gmail.com>, radext@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [radext] Re: Lack of Channel Bindings in RADIUS/(D)TLS
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/rm9cnktQoU07-VIYXgl99-7cSmQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Owner: <mailto:radext-owner@ietf.org>
List-Post: <mailto:radext@ietf.org>
List-Subscribe: <mailto:radext-join@ietf.org>
List-Unsubscribe: <mailto:radext-leave@ietf.org>

On Jul 26, 2024, at 6:00 PM, Bernard Aboba <bernard.aboba@gmail.com> wrote:
> This deserves some careful consideration.  As Alan has noted, dynamic discovery opens up potential routing attacks that have not triggered much concern in RADIUS/UDP "static routing" systems. 

  I'll add some comments in the "deprecating insecure practices" document about this.  I think that document is the best place to discuss the security of RADIUS systems.

> In 2024, many of the security assumptions that were commonplace in 2017 no longer feel as rock solid.  Overall, the pace of change appears to be accelerating, which implies that we need to look "further down the road" than we have been used to doing. 

  I agree.

> Once NIST issues initial PQC standards, I am expecting there to be considerable demand for support in TLS 1.3 libraries.  So we should not just think of TLS 1.3 deployment as being motivated by issues with TLS 1.2. PQC will also be a deployment motivator. Also, note the addition of "pessimistic migration" in PQUIP "migration use cases": 
> https://datatracker.ietf.org/meeting/120/materials/slides-120-pquip-post-quantum-cryptography-migration-use-cases

  I see many reasons to mandate support for TLS 1.3.

  One additional reason for mandating TLS 1.3 support is that the major RADIUS servers already support it.

  Alan DeKok.

v2.35.0 | Report a Bug | By Email | System Status