IETF Logo Mail Archive

Re: [radext] FW: New Version Notification for draft-xue-radext-key-management-01.txt

Xueli <xueli@huawei.com> Fri, 12 July 2013 10:17 UTC

Return-Path: <xueli@huawei.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 387AB21F9C06 for <radext@ietfa.amsl.com>; Fri, 12 Jul 2013 03:17:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yix05G8R44IO for <radext@ietfa.amsl.com>; Fri, 12 Jul 2013 03:17:31 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) by ietfa.amsl.com (Postfix) with ESMTP id 4355621F9B97 for <radext@ietf.org>; Fri, 12 Jul 2013 03:17:30 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml203-edg.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.5-GA FastPath queued) with ESMTP id ATJ40707; Fri, 12 Jul 2013 10:17:29 +0000 (GMT)
Received: from LHREML401-HUB.china.huawei.com (10.201.5.240) by lhreml203-edg.huawei.com (172.18.7.221) with Microsoft SMTP Server (TLS) id 14.1.323.7; Fri, 12 Jul 2013 11:16:49 +0100
Received: from NKGEML406-HUB.china.huawei.com (10.98.56.37) by lhreml401-hub.china.huawei.com (10.201.5.240) with Microsoft SMTP Server (TLS) id 14.1.323.7; Fri, 12 Jul 2013 11:17:27 +0100
Received: from NKGEML512-MBS.china.huawei.com ([169.254.8.134]) by nkgeml406-hub.china.huawei.com ([10.98.56.37]) with mapi id 14.01.0323.007; Fri, 12 Jul 2013 18:17:22 +0800
From: Xueli <xueli@huawei.com>
To: Stefan Winter <stefan.winter@restena.lu>, "radext@ietf.org" <radext@ietf.org>
Thread-Topic: [radext] FW: New Version Notification for draft-xue-radext-key-management-01.txt
Thread-Index: AQHOfsqT7bHIAJnAqE6vK9PcjJUA95lg1EWw
Date: Fri, 12 Jul 2013 10:17:21 +0000
Message-ID: <01FE63842C181246BBE4CF183BD159B448525CC5@NKGEML512-MBS.china.huawei.com>
References: <01FE63842C181246BBE4CF183BD159B448525BE5@NKGEML512-MBS.china.huawei.com> <51DFA493.5000005@restena.lu>
In-Reply-To: <51DFA493.5000005@restena.lu>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.96.95]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Cc: gaobo <gaobo@sttri.com.cn>
Subject: Re: [radext] FW: New Version Notification for draft-xue-radext-key-management-01.txt
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2013 10:17:36 -0000

Hi, Stefan

Thanks for your comments..
And please see my reply in line.

BR
Li 

>-----Original Message-----
>From: radext-bounces@ietf.org [mailto:radext-bounces@ietf.org] On 
>Behalf Of Stefan Winter
>Sent: Friday, July 12, 2013 2:39 PM
>To: radext@ietf.org
>Subject: Re: [radext] FW: New Version Notification for 
>draft-xue-radext-key-management-01.txt
>
>Hello,
>
>> There is a new version for RADIUS Extensions for Key Management in 
>> WLAN
>network.
>>
>>
>> It is a general case that authenticator is deployed on gateway 
>> instead of AC. So In this scenario, the encryption/decryption node  
>> can't obtain Pairwise Master Key (PMK) information during Extensible 
>> Authentication Protocol (EAP) procedure, it is not sufficient to 
>> achieve traffic
>encryption/decryption requirement in Wireless Local Area Network (WLAN) 
>network.
>>
>> This document analyzes the requirement and issue for key management 
>> that has arisen so far during authentication process in WLAN network.
>> Meanwhile, the control messages for key management are defined.
>>
>> This drat is updated with China-telecom as co-author.
>> Your comments are appreciated.
>
>When you submitted -00, you got substantial criticism as per the use 
>cases for this document; the approach taken to offload the 
>authenticator function to the SGW was seen as a rather odd move.
>Now, in -01, you don't really react to this; the only statement in that 
>direction I see is that you repeatedly make the assertion that "It is a 
>general case in operators networks".

>I simply doubt that this is generally true; merely making an unbacked 
>assertion that it is so doesn't make it true.

[xueli] I appreciated the comments to scenario to offload the authenticator function to SGW.
There are two reasons, which I clarified the scenario in the document version 01 as :
   "In EAP framework, SGW could act as the Authenticator instead of AC
   because of several reasons.  First of all, a powerful AC that
   aggregates the Authenticator function is not a appreciated choice for
   some operators. There are large numbers of AC devices in the operators
   existing network.  The Authentication Server (AS) will overload the communication with large
   numbers of AC devices if ACs acts as the Authenticator.  On the other
   hand, SGW MUST support the RADIUS proxy function when AC acts as the
   Authenticator in EAP framework.  In this scenario, both SGW and AC
   should be responsible for authentication procedure.  For operators,
   it is cost in large-scale upgraded deployment."

Meanwhile, this requirement is also mentioned in the draft " http://tools.ietf.org/html/draft-cao-capwap-eap-00"

It is described as
"AR acts as authenticator in the EAP framework.  After authentication, the AR
   receives the EAP keying message for the session.  But AC is supposed
   to delieve these keying messages to the AP, and AR has no standard
   interface to ship them to the AP or the AC.  This is unacceptable in
   the scenario of EAP-based auto-authentication.
" AR is the access router. 


>I also can't help but notice that many of your normative references are 
>old and obsolete.
>* For key exchange, you reference an unapproved draft of IEEE-802.11i!
>All of the features from that draft are meanwhile part of IEEE
>802.11-2012 (and I hope you don't implement an old draft version in 
>your products!).
>* The next reference is the IEEE 802.1X version from 2001 - it has two 
>successors meanwhile.
>* RFC3576 is obsoleted by RFC5176. You mention both in the normative 
>references; the main text uses the Authenticator field from 3576, but 
>the type definition from 5176. That's probably an oversight; the 
>calculation of Authenticator hasn't changed between the two revs.

[xueli] thanks a lot. 
802.11i is already approved in 2004. I am not sure why you say it is an unapproved draft.
For other references, I will update. 

>Your security considerations are very inadequate. You simply state that 
>the link between SGW and AC must be secure. From my (skimming) 
>understanding of the draft, these two entities are not typically 
>located inside the same premises, right? If they aren't, simply 
>assuming securtiy on the link blindly is an extremely bad idea. IMHO, 
>not protecting the keys and sending them in the clear is a no-go.
[xueli] I don't think I mentioned that the link between AC and SGW is secure. 
I have already recognized the key transported in the link must be encrypted. 
>
>In the same section, you state roughly "Oh, if you need security, use 
>IPSec!" - which is too superficial a statement to be useful; you should 
>at least discuss how the IPSec endpoints are supposed to negotiate 
>IPSec keying material to be able to communicate confidentially.

[xueli] I totally agree with you and this part of work will be presented in the next version. 
>
>BTW, if I recall correctly your draft was motivated by the "fact" (or 
>so you presented it) that changing the AC to take over the 
>authenticator role is too costly in terms of implementation or 
>computing power. Now in security considerations, you generously 
>recommend to implement the entire IPSec stack on the AC. I would argue 
>that it's easier to implement the authenticator function of IEEE 802.1X than it is to implement IPSec.

[xueli] I see. I just give a possible solution to address the security problem. I agree that there could be more optimal solutions. 
I would like to mention during the meeting and collect comments from the security guys. Is that fair enough?

>
>The same section also suggests MD5 encryption/decryption. Here I am 
>completely lost. The KoA and KoA ACK/NAK messages are RADIUS packets, 
>right? As such they are always making use of the MD5 shared secret for 
>integrity checks; if you want to protect the 802.11 keying material 
>then you could use encrypted attributes with the same shared secret 
>(that's the way how User-Password gets encrypted). With little to no 
>additional implementation cost. If that's what you want - don't put a 
>half-sentence into security considerations. *Write in the spec itself 
>that the attribute is to be encrypted*.
>
[xueli] Yes, that is what I want to do.. I will clarify it.

>BTW, even if you do write that in the spec, you'd still get a beating 
>for suggesting MD5 RADIUS crypto in 2013. This encryption method is not 
>contemporary.

[xueli] Thank you for your advice. 
Security is important part of this work. 
It is my plan to go into technique details and give a more concrete security solution by the next IETF meeting. 

>Greetings,
>
>Stefan Winter
>
>--
>Stefan WINTER
>Ingenieur de Recherche
>Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et 
>de la Recherche 6, rue Richard Coudenhove-Kalergi
>L-1359 Luxembourg
>
>Tel: +352 424409 1
>Fax: +352 422473

v2.23.0 | Report a Bug | By Email