Re: [secdir] Secdir review of draft-sheffer-emu-eap-eke-06
Yaron Sheffer <yaronf.ietf@gmail.com> Wed, 26 May 2010 12:21 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 38F983A6804 for <secdir@core3.amsl.com>; Wed, 26 May 2010 05:21:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.11
X-Spam-Level:
X-Spam-Status: No, score=-1.11 tagged_above=-999 required=5 tests=[BAYES_05=-1.11]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id anmFOCrL8b4E for <secdir@core3.amsl.com>; Wed, 26 May 2010 05:21:34 -0700 (PDT)
Received: from mail-fx0-f44.google.com (mail-fx0-f44.google.com [209.85.161.44]) by core3.amsl.com (Postfix) with ESMTP id 281253A68EB for <secdir@ietf.org>; Wed, 26 May 2010 05:21:33 -0700 (PDT)
Received: by fxm20 with SMTP id 20so65788fxm.31 for <secdir@ietf.org>; Wed, 26 May 2010 05:21:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=FsmAtGbroxk8JoRGbRPfvgZUQSFx7eR0IehLTtwGeWs=; b=HufBCoqVfunRQuJ4ckjMJEEFAETjScWUBCNskwD5KAjuT40200oATYUw2PXpBg+ZOn /5W0/SRuo1mE1cTJq2KHDaui2eKAVldxR2vs5nfPdlT1F5JIjLspce+ETcQeFSR4rI6t kz7rxowTRf75Vkz+nW20og/JU+1Gq0K9pireU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=IYOuyoijATbYHzh03Kf0AaYX9KDE/S00GvedKkwNpzgaUdkS4/Ajt7NwlYKHhnxeqn RKNt8eBeymaSUAoRZf2yuSImgdH7sGXU6a+dQLnJrXOpK2Hn9KG4QS8Id6fKOtYjFbHa LmLE8Y26/7DROGHPU03VYDAmSdINRmN0JtFDk=
Received: by 10.223.33.218 with SMTP id i26mr7563281fad.58.1274876480342; Wed, 26 May 2010 05:21:20 -0700 (PDT)
Received: from [10.0.0.1] (bzq-79-180-38-209.red.bezeqint.net [79.180.38.209]) by mx.google.com with ESMTPS id g10sm178543fai.12.2010.05.26.05.21.17 (version=SSLv3 cipher=RC4-MD5); Wed, 26 May 2010 05:21:18 -0700 (PDT)
Message-ID: <4BFD123B.6020106@gmail.com>
Date: Wed, 26 May 2010 15:21:15 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100423 Lightning/1.0b1 Thunderbird/3.0.4
MIME-Version: 1.0
To: Brian Weis <bew@cisco.com>
References: <81F9B37E-EDA2-445F-9980-7A468D9172F5@cisco.com>
In-Reply-To: <81F9B37E-EDA2-445F-9980-7A468D9172F5@cisco.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: draft-sheffer-emu-eap-eke@tools.ietf.org, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-sheffer-emu-eap-eke-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 May 2010 12:21:36 -0000
Hi Brian, thanks for your review. I accept all of your comments, with the exception of the last one: I consider channel binding as an important capability, which implies that it needs to be provided in an interoperable manner. There is no standard set of channel binding properties yet, but I expect that eventually we will have one. http://tools.ietf.org/html/draft-clancy-emu-aaapay-04 presents one viable direction for doing that, and I have asked the authors of that draft to add a section that describes how their proposal can integrate with EAP-EKE. In other words, the Channel Binding Value payload should not be seen as a "vendor ID", but rather as a placeholder for a standardized solution. Thanks, Yaron On 05/26/2010 02:19 AM, Brian Weis wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security > area directors. Document editors and WG chairs should treat these > comments just like any other last call comments. > > This document describes a new EAP method based on the Encrypted Key > Exchange (EKE) protocol. The well-defined EKE exchange is preceded by a > new crypto policy negotiation exchange, several of the payloads are > protected by authenticated encryption, and a cryptographic confirmation > that both the server and peer have seen identical messages has been added. > > The document and Security Considerations are comprehensive, and I see no > issues that need to be addressed. I do have the following suggestions > for improvement. > > Section 3.1. The schematic of the EAP-EKE messages (bottom of page 6) > defines a number of terms for the first time, without explanation. The > single sentence following it (top of page 7) seems intended to point the > reader to Section 5 to find those terms. It ought to be a little more > descriptive. At a minimum, I suggest something like "Section 5 explains > the various cryptographic values and how they are derived." > > Section 5.1. The strength of x_s is significantly determined by the > choice of randomness method deriving x_s. It seems that a weak source of > randomness would be a significant implementation flaw for EAP-EKE. This > section does refer to RFC 4086 for randomness recommendations, which > should certainly be helpful to implementors. But perhaps also > referencing some well-known methods (e.g., NIST SP 800-90) would be even > better. > > Section 7.3. The sentence following the table seems to be trying to > define a PRF as something with a "K" and an "S", but doesn't define what > those values mean. This should either be clarified, or have the section > point to a better external definition of a PRF. > > Section 7.6. Defining a registry without any standardized values (other > than a "reserved" value of 0x0) isn't very useful for interoperability. > If the expectation is that private use values will be mainly used, > perhaps the channel binding value should be treated as a vendor-id > payload rather than a registry. > > Brian
- [secdir] Secdir review of draft-sheffer-emu-eap-e… Brian Weis
- Re: [secdir] Secdir review of draft-sheffer-emu-e… Yaron Sheffer
- Re: [secdir] Secdir review of draft-sheffer-emu-e… Sam Hartman