Re: [saag] Would love some feedback on Opportunistic Wireless Encryption

"Dan Harkins" <dharkins@lounge.org> Wed, 26 August 2015 22:11 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F69F1B346B for <saag@ietfa.amsl.com>; Wed, 26 Aug 2015 15:11:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Level:
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nIlnxbcs6SEu for <saag@ietfa.amsl.com>; Wed, 26 Aug 2015 15:11:17 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 9C8B81B3469 for <saag@ietf.org>; Wed, 26 Aug 2015 15:11:17 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 3921C1022404A; Wed, 26 Aug 2015 15:11:17 -0700 (PDT)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Wed, 26 Aug 2015 15:11:17 -0700 (PDT)
Message-ID: <511ec4fef968dcf87bb42912360e37f1.squirrel@www.trepanning.net>
In-Reply-To: <CAHw9_iKt39m+tCHYxN4VuVFkJf65Go_V2x0udOtEn32ke+nrkQ@mail.gmail.com>
References: <CAHw9_iKt39m+tCHYxN4VuVFkJf65Go_V2x0udOtEn32ke+nrkQ@mail.gmail.com>
Date: Wed, 26 Aug 2015 15:11:17 -0700 (PDT)
From: "Dan Harkins" <dharkins@lounge.org>
To: "Warren Kumari" <warren@kumari.net>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/h0GYy8rZFzTiziBrA3nk8ZaepWc>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] Would love some feedback on Opportunistic Wireless Encryption
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2015 22:11:19 -0000

  Hi Warren,

On Wed, August 26, 2015 7:53 am, Warren Kumari wrote:
> Hi there all,
>
> I'd appreciate it if folk could have a look at this draft and provide
> any feedback.
> I'm not sure that SAAG is the right place for it, but I couldn't think
> of anywhere better.
>
> https://tools.ietf.org/html/draft-wkumari-owe-01
>
>
> Note that this is NOT intended to be the be all and end all of secure
> wireless, it is simply intended to make open wifi suck somewhat less.
> We are not claiming great security (the WPA2 4-way handshake
> significantly limits what can be achieved), and so much of the draft /
> idea is making sure that users do not get a false (or any) sense of
> security - this should be transparent to them.

  It might suck less but it still kind of sucks. You could make it
suck even less by using SAE (an 802.11 authentication protocol that
uses a PAKE to establish pairwise keys). This would address the
limitations you mention in your draft that have to do with WPA2-PSK.

> We also want it to be *really* simple, so that commodity CPE vendors
> will include "support" (basically a flag in the beacon) - this removes
> other solutions like .1X, etc.

  Another option might be to define another vendor-specific Element
to carry DH exponentials. Just tag one on the end of the first two
messages of the 4-way handshake and have each side derive a "pairwise
master key" (PMK, the thing used with the nonces in the 4-way handshake
to derive the data encryption keys) from the DH shared secret. Instead
of having everyone use the SSID as the password, just get rid of the
password!

  regards,

  Dan.

> Appreciate your time,
> W
>
> --
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
>    ---maf
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>