IETF Logo Mail Archive

Re: [secdir] SECDIR review of draft-ietf-hokey-key-mgm

"Hoeper Katrin-QWKN37" <khoeper@motorola.com> Wed, 12 August 2009 14:51 UTC

Return-Path: <khoeper@motorola.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 714123A6A59; Wed, 12 Aug 2009 07:51:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z9viCqFLXKpj; Wed, 12 Aug 2009 07:51:35 -0700 (PDT)
Received: from mail128.messagelabs.com (mail128.messagelabs.com [216.82.250.131]) by core3.amsl.com (Postfix) with SMTP id 478523A67D9; Wed, 12 Aug 2009 07:51:35 -0700 (PDT)
X-VirusChecked: Checked
X-Env-Sender: khoeper@motorola.com
X-Msg-Ref: server-15.tower-128.messagelabs.com!1250088453!1202750!1
X-StarScan-Version: 6.1.3; banners=-,-,-
X-Originating-IP: [136.182.1.14]
Received: (qmail 18164 invoked from network); 12 Aug 2009 14:47:34 -0000
Received: from motgate4.mot.com (HELO motgate4.mot.com) (136.182.1.14) by server-15.tower-128.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 12 Aug 2009 14:47:34 -0000
Received: from il27exr04.cig.mot.com (il27exr04.mot.com [10.17.196.73]) by motgate4.mot.com (8.14.3/8.14.3) with ESMTP id n7CElX4a026403; Wed, 12 Aug 2009 07:47:33 -0700 (MST)
Received: from de01exm68.ds.mot.com (de01exm68.am.mot.com [10.176.8.24]) by il27exr04.cig.mot.com (8.13.1/8.13.0) with ESMTP id n7CElS1Y019924; Wed, 12 Aug 2009 09:47:33 -0500 (CDT)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 12 Aug 2009 10:47:06 -0400
Message-ID: <3A241A6B234BE948B8B474D261FEBC2F06555DF9@de01exm68.ds.mot.com>
In-Reply-To: <010e01ca1afe$d9c82b70$8d588250$@net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
thread-topic: [secdir] SECDIR review of draft-ietf-hokey-key-mgm
thread-index: AcoZ6RjwgdOHSJLUTSaXyXUToQZhhgAKfEsgAC8KAkAAC4hLEAAXTyvg
References: <369289D9-6E39-4673-B50E-0090BBBB6EB2@Isode.com> <00bf01ca19e0$1b703e70$5250bb50$@net> <B1002512-9406-4681-965C-17A7C189DF98@Isode.com> <004f01ca1a22$56af4de0$040de9a0$@net> <3A241A6B234BE948B8B474D261FEBC2F06555C24@de01exm68.ds.mot.com> <010e01ca1afe$d9c82b70$8d588250$@net>
From: Hoeper Katrin-QWKN37 <khoeper@motorola.com>
To: Glen Zorn <gwz@net-zen.net>, Glen Zorn <glenzorn@comcast.net>, Kurt Zeilenga <Kurt.Zeilenga@Isode.com>
Cc: draft-ietf-hokey-key-mgm@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] SECDIR review of draft-ietf-hokey-key-mgm
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Aug 2009 14:51:36 -0000

To sum up the previous discussion, here my proposed 3 changes to
draft-ietf-hokey-key-mgm-09.txt to address Kurt's and Glen's comments.
Please let me know if the changes are sufficient.

1.
OLD (Section 5, second paragraph)
In this case, the local ER server requesting the DSRK MUST include a
KDE-Request message in the first EAP-Response message from the peer.

NEW 
In this case, the local ER server requesting the DSRK MUST include a
KDE-Request message in the AAA packet encapsulating the first
EAP-Response message from the peer.  

2.
OLD (Section 5, third paragraph)
Here, EAP-Initiate and EAP-Finish messages are exchanged between the
peer and the home AAA server, with the bootstrapping flag in the
EAP-Initiate message set. In this case, the local ER server (acting as
KRS) MUST include a KDE-Request message in the AAA message that carries
an EAP-Initiate message with the bootstrapping flag turned on.  

NEW 
Here, the peer sends an EAP-Initiate message with the bootstrapping flag
turned on. The local ER server (acting as KRS) MUST include a
KDE-Request message in the AAA message that carries the peer's
EAP-Initiate message and sends it to the peer's home AAA server.

3.
OLD (Section 6, first paragraph) 
This section provides security requirements and an analysis on
transporting EAP keying material using an AAA protocol.

NEW
This section provides security requirements and a discussion of
distributing RK without peer consent.

Best regards,
Katrin


> -----Original Message-----
> From: Glen Zorn [mailto:gwz@net-zen.net]
> Sent: Tuesday, August 11, 2009 10:42 PM
> To: Hoeper Katrin-QWKN37; 'Glen Zorn'; 'Kurt Zeilenga'
> Cc: secdir@ietf.org; iesg@ietf.org; draft-ietf-hokey-key-
> mgm@tools.ietf.org
> Subject: RE: [secdir] SECDIR review of draft-ietf-hokey-key-mgm
> 
> Hoeper Katrin-QWKN37 [mailto:khoeper@motorola.com] writes:
> 
> ...
> 
> > > Thanks for pointing that out.  In fact, the document should _not_
> > talk
> > > about
> > > the use of KDE in ERP, since it doesn't exist ;-).
Re-re-re-reading
> > ;-)
> > > section 6 (which is what I think you are talking about?), I
noticed
> > > A couple of other errors, too.  For example, section 3 says "Here,
> > > EAP-Initiate and EAP-Finish messages are exchanged between the
peer
> > and
> > > the
> > > home AAA server, with the bootstrapping flag in the EAP-Initiate
> > message
> > > set"; unfortunately, this is impossible, since the peer and AAA
> > server
> > do
> > > not speak the same protocol.  Another example of the same kind of
> > fuzzy
> > > writing is in the second paragraph of the same section: "In this
> > case,
> > the
> > > local ER server requesting the DSRK MUST include a KDE-Request
> > message
> > in
> > > the first EAP-Response   message from the peer".  This _should_
say "
> > In
> > > this case, the local ER server requesting the DSRK MUST include a
> > > KDE-Request message in the AAA packet encapsulating the first
> > EAP-Response
> > > message from the peer" in order to agree with RFC 5296 (in fact,
> > though,
> > > there's no need for the local ERP server to be involved in this at
> > all,
> > > except that that is (erroneously, I think) specified in 5296).
> > >
> > > ...
> > >
> > [KH] Glen, I think you are talking about Section 5 not 3, are you
> > looking at the current version
> >
(http://ietfreport.isoc.org/all-ids/draft-ietf-hokey-key-mgm-09.txt)?
> >
> > Could you please re-check? I am sure your comments still apply, but
I'd
> > like to know which parts are affected.
> 
> Yes, you're right.  I really hate it when people change documents in
the
> middle of reviews. It's really annoying, especially since I just did
it
> myself a couple of days ago ;-).
> 
> >
> > AFAIK, Section 5 is in complete alignment with RFC 5296 and uses the
> > same terminology and same protocol description. I understand that
there
> > are some problems in RFC 5296 and there is a request for errata
> > (http://www.rfc-editor.org/errata_search.php?rfc=5296&eid=1825).
> >
> > Should I wait until this (and possibly other) errata has been
approved
> > and then modify the key management draft accordingly? If I make
changes
> > now, with the current RFC 5296, we would have a description on how
to
> > use KDE with ERP that does not match the description in RFC 5296.
> 
> The problem is that RFC 5296 says to do things that just aren't
possible,
> so
> we have a situation where we can either continue to create incorrect
> specifications or correctly specify behavior that contradicts a
published
> RFC.  Personally, I'd go for the latter: change the draft to specify
what
> the authors of 5296 obviously _meant_ to say & update 5296 later.

v2.23.0 | Report a Bug | By Email