IETF Logo Mail Archive

Re: [secdir] Secdir review of draft-hollenbeck-rfc4930bis-02

Nicolas Williams <Nicolas.Williams@sun.com> Wed, 15 July 2009 18:48 UTC

Return-Path: <Nicolas.Williams@sun.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B04EB3A6F3D; Wed, 15 Jul 2009 11:48:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.758
X-Spam-Level:
X-Spam-Status: No, score=-5.758 tagged_above=-999 required=5 tests=[AWL=0.288, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZmTC-9MmUtTr; Wed, 15 Jul 2009 11:48:19 -0700 (PDT)
Received: from brmea-mail-1.sun.com (brmea-mail-1.Sun.COM [192.18.98.31]) by core3.amsl.com (Postfix) with ESMTP id 5149A3A693A; Wed, 15 Jul 2009 11:48:19 -0700 (PDT)
Received: from dm-central-02.central.sun.com ([129.147.62.5]) by brmea-mail-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id n6FHjTxw006566; Wed, 15 Jul 2009 17:45:29 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL,v2.2) with ESMTP id n6FHjT7P020940; Wed, 15 Jul 2009 11:45:29 -0600 (MDT)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n6FHZ6XM008775; Wed, 15 Jul 2009 12:35:06 -0500 (CDT)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n6FHZ2iS008774; Wed, 15 Jul 2009 12:35:02 -0500 (CDT)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Wed, 15 Jul 2009 12:35:02 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: "Hollenbeck, Scott" <shollenbeck@verisign.com>
Message-ID: <20090715173502.GO1274@Sun.COM>
References: <046F43A8D79C794FA4733814869CDF07025CD275@dul1wnexmb01.vcorp.ad.vrsn.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <046F43A8D79C794FA4733814869CDF07025CD275@dul1wnexmb01.vcorp.ad.vrsn.com>
User-Agent: Mutt/1.5.7i
Cc: secdir@ietf.org, iesg@ietf.org
Subject: Re: [secdir] Secdir review of draft-hollenbeck-rfc4930bis-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2009 18:48:20 -0000

On Tue, Jul 14, 2009 at 08:08:32PM -0400, Hollenbeck, Scott wrote:
> Doesn't TLS provide protections for this issue?

Provided you authenticate the server, yes.

>  -----Original Message-----
> From: 	Sandy Murphy [mailto:sandy@tislabs.com]
> Sent:	Tuesday, July 14, 2009 07:15 PM Eastern Standard Time
> To:	catherine.meadows@nrl.navy.mil; iesg@ietf.org; sandy@tislabs.com; secdir@ietf.org; Hollenbeck, Scott
> Subject:	Re: [secdir] Secdir review of draft-hollenbeck-rfc4930bis-02
> 
> >A secure authenticThe tie is what is called channel binding.
> 
> OK, obvious blip here.
> 
> A secure authenticated transport connection is established between
> 10.1.0.0 to the other end where the login is being attempted, say
> 10.2.0.0.
> 
> The trouble is that that 10.2.0.0 might be a man in the middle.
> The MITM has another secure authenticated transport connection to
> Bob's host, 10.3.0.0.

If the channel authenticates the server, then there can be no MITM
(assuming the channel's security is not broken).

> Bob sends the "login Bob bobscleartextpassword" over its secure
> transport connection, which ends at the MITM at 10.2.0.0.
> 
> The MITM retransmits the "login Bob bobscleartextpassword" over the
> secure transport connection to 10.1.0.0, impersonating Bob.
> 
> This is possible because there is no tie between the EPP ID of "Bob"
> and the secure transport id of 10.2.0.0.
> 
> The tie is what is called channel binding.

If the channel does not authenticate the server, then yes, you have this
problem, and channel binding is one way to solve it.  But any
authentication mechanism that depends on sending a password in cleartext
(or cleartext equivalent) cannot be used with channel binding.  The
other solution is to have the channel authenticate the server.

> You can look at RFC5056 for more information or at 
> http://www.saunalahti.fi/~asokan/research/mitm.html for another
> discussion with a rather detailed example for PEAP.
> 
> It might be worth pointing out that draft-ietf-sasl-gs2-14 talks
> about Using GSS-API Mechanisms in SASL, and supports channel binding.

I don't know anything about EPP, but it may very well be the case that
an open set of authentication mechanisms would be useful to have in EPP,
in which case I'd recommend SASL or the GSS-API.  Where authentication
mechanisms are used that support channel binding then channel binding
should be used: it allows you to use anon-anon channels, it allows you
to not worry about the strength of authentication infrastructures for
the channels, and it allows you to not have to worry about making sure
that the server ID is equivalent in the channel as in the authentication
mechanism.

Nico
--

v2.23.0 | Report a Bug | By Email