Re: [secdir] review of draft-ietf-ipsecme-ikev2bis-10

Tom Yu <tlyu@MIT.EDU> Thu, 06 May 2010 03:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D3A913A69B5; Wed, 5 May 2010 20:16:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.556
X-Spam-Status: No, score=0.556 tagged_above=-999 required=5 tests=[AWL=0.555, BAYES_50=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id r3pshOT55GJj; Wed, 5 May 2010 20:16:48 -0700 (PDT)
Received: from (DMZ-MAILSEC-SCANNER-6.MIT.EDU []) by (Postfix) with ESMTP id B38123A69AD; Wed, 5 May 2010 20:16:47 -0700 (PDT)
X-AuditID: 12074423-b7c0bae0000030f0-2d-4be234925965
Received: from (MAILHUB-AUTH-1.MIT.EDU []) by (Symantec Brightmail Gateway) with SMTP id 11.FC.12528.29432EB4; Wed, 5 May 2010 23:16:34 -0400 (EDT)
Received: from (OUTGOING-AUTH.MIT.EDU []) by (8.13.8/8.9.2) with ESMTP id o463GWlG024739; Wed, 5 May 2010 23:16:32 -0400
Received: from (CATHODE-DARK-SPACE.MIT.EDU []) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by (8.13.6/8.12.4) with ESMTP id o463GT14002159 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 5 May 2010 23:16:30 -0400 (EDT)
Received: (from tlyu@localhost) by ( id o463GTBP022992; Wed, 5 May 2010 23:16:29 -0400 (EDT)
To: Paul Hoffman <>
References: <> <p0624084cc805e21f05f7@[]>
From: Tom Yu <tlyu@MIT.EDU>
Date: Wed, 05 May 2010 23:16:29 -0400
Message-ID: <>
Lines: 32
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Brightmail-Tracker: AAAAARQMCDE=
Subject: Re: [secdir] review of draft-ietf-ipsecme-ikev2bis-10
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 06 May 2010 03:16:49 -0000

Paul Hoffman <> writes:

> At 1:23 AM -0400 5/4/10, Tom Yu wrote:
>>The lengthy paragraph warning about non-key-generating EAP methods is
>>mostly unchanged from RFC 4306.  I do wonder if channel bindings would
>>help with non-key-generating EAP methods tunneled in protected
>>channels, but am not sufficiently familiar with EAP to know whether
>>this is feasible.  (non-key-generating EAP methods might not have any
>>way to perform the additional necessary authentication to achieve
>>channel binding)
> Channel bindings might or might not help here, depending on the current precise definition of "channel bindings". Trying to wind this into a bis document didn't seem prudent, given the loose state of the definition.

I just checked, and RFC 5056 ("On the Use of Channel Bindings to
Secure Channels") deliberately chose to exclude EAP channel bindings
from its recommendations due to the difficulty of meaningfully
identifying the lower-level channel over which EAP runs.

>>The SHOULD in RFC 4306 in the sentence beginning "Implementers SHOULD
>>describe the vulnerabilities of non-key-generating EAP methods..." was
>>demoted to a non-capitalized form.  Is this intentional?  If so, what
>>is the rationale?
> There is no interoperability effect of implementers describing
> something, and the security aspects are not clear. This seemed like
> an over-shooting of RFC 2119 language.

One change that would bring it back into a RFC 2119 scope is making a
recommendation such as "Implementations SHOULD default to disabling
the use of non-key-generating EAP methods", as that recommendation
would then have a useful security impact.