Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges

Bernard Aboba <aboba@internaut.com> Wed, 24 August 2005 21:22 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E82hi-0006cY-6J; Wed, 24 Aug 2005 17:22:38 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E80TQ-0005hs-VC for secmech@megatron.ietf.org; Wed, 24 Aug 2005 14:59:45 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA11448 for <secmech@ietf.org>; Wed, 24 Aug 2005 14:59:43 -0400 (EDT)
Received: from outbound.mailhop.org ([63.208.196.171] ident=mailnull) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E80Tn-0003Rn-Sx for secmech@ietf.org; Wed, 24 Aug 2005 15:00:08 -0400
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.51) id 1E80TO-000NJG-Py; Wed, 24 Aug 2005 14:59:43 -0400
Received: by internaut.com (Postfix, from userid 1000) id E38C560DC2; Wed, 24 Aug 2005 11:59:41 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by internaut.com (Postfix) with ESMTP id D5CC260DAD; Wed, 24 Aug 2005 11:59:41 -0700 (PDT)
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
Date: Wed, 24 Aug 2005 11:59:41 -0700 (PDT)
From: Bernard Aboba <aboba@internaut.com>
To: Ali Fessi <ali.fessi@uni-tuebingen.de>
Subject: Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges
In-Reply-To: <430CA545.3020109@uni-tuebingen.de>
Message-ID: <Pine.LNX.4.61.0508241113420.16086@internaut.com>
References: <Pine.GSO.4.60.0508191330380.16954@ismene> <20050819210308.GI6659@binky.Central.Sun.COM> <20050820031035.GA5352@isc.upenn.edu> <43074F76.8000604@cs.umd.edu> <20050822044255.GC27685@isc.upenn.edu> <Pine.GSO.4.60.0508220801430.1114@ismene> <35850EE42DFD2824F0DDBBC8@cumulus> <Pine.GSO.4.60.0508221008260.1174@ismene> <1DCACCAC04655B3AFE9733A8@cumulus> <Pine.GSO.4.60.0508221047001.1307@ismene> <20050822154044.GE7789@binky.Central.Sun.COM> <430CA545.3020109@uni-tuebingen.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac
X-Mailman-Approved-At: Wed, 24 Aug 2005 17:22:36 -0400
Cc: secmech@ietf.org
X-BeenThere: secmech@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security mechanisms BOF <secmech.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/secmech>
List-Post: <mailto:secmech@lists.ietf.org>
List-Help: <mailto:secmech-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=subscribe>
Sender: secmech-bounces@lists.ietf.org
Errors-To: secmech-bounces@lists.ietf.org

> - What is the benefit of having a TGT as a result of the authentication for
> EAP?!! With native Kerberos, the TGT is used to get a service ticket from the
> TGS to access kerberized services. What would be here the kerberized service?!
> is it just the "network access"?! or is anyone planning to realize different
> kerberized services at layer 2? Is this a new requirement for 802.11?

IEEE 802.11i at one point mandated the use of Kerberos for network 
access using EAP-GSS and IAKERB.  The model was for the EAP peer to obtain 
both a TGT and TGS via EAP-GSS, then for the peer to authenticate to the 
NAS using the TGS.  This required the NAS devices (APs) to support 
Kerberos.

There was some discussion about whether the TGS would apply only to a 
single NAS, or to the "Network Access Service" in general.  That is, 
whether a TGS obtained for one NAS could be used at another NAS.  
If the TGS were reusable at multiple NASes, this would imply that those 
NASes shared a secret with the Kerberos server which represents poor 
hygene.  If the TGS is not reusable, then this implies that the EAP peer 
would need to obtain a new TGS for each NAS it wished to connect to, 
requiring a round-trip to the Kerberos server. 

In any case, after a great deal of investigation and negotiation with the 
IETF, IEEE 802.11i decided to remove mandatory support for Kerberos.  
Since this required a 75% vote, very strong sentiment against Kerberos was 
required for this.  As a result, I doubt that you will see 802.11 wishing 
to revisit Kerberos support in the near future. 

> - What would be the benefit of such a EAP-Kerberos (or EAP-IAKERB) method
> compared to existing EAP methods that are currently used, e.g. EAP-TTLS+PAP
> with a radius/diameter server at the end (except that this method might be a
> "misuse" of kerberos as mentioned earlier in this mailing list). What would be
> the arguments that would motivate operators to substitute their infrastructure
> with a new one supporting EAP-Kerberos or EAP-IAKERB?

EAP-Kerb/IAKERB/GSS is inherently different other EAP methods 
because it requires support for the method on the NAS.  That is, the NAS 
needs to support Kerberos for a peer to be able to submit a TGS to the NAS 
in order to obtain network access. 

Once an EAP peer has obtained a TGS and authenticated to one 
NAS, if proper Kerberos hygene is required, then for the EAP peer to do 
a handoff it needs to obtain TGSes for other NASes in the vicinity.  If 
there were a way to obtain multiple TGSes in an efficient way (as part of 
the original EAP authentication, or via a single request), then this could 
be the foundation of an approach to low latency handoff. 

However at this point, this is all water under the bridge, since Kerberos 
without PKINIT does not meet the security requirements of RFC 4017, and 
thus is not permitted within IEEE 802.11i.  This leaves vendors with 
little motivation to support it. 

> - Would PKINIT really be an advantage for EAP?! The point with PKINIT is that
> it supports authentication of the client with public key cryptography. But
> isn't this already covered by EAP-TLS?

PKINIT is the only acceptable Kerberos usage mode within RFC 4017.  
However, EAP-GSS with PKINIT requires changes to the NAS, 
which EAP-TLS does not.

> - Wouldn't be helpful to talk to the authors of the EAP GSS draft (Aboba) and
> find out why they stopped to work on this document?

We stopped work on the document because:

a) Kerberos did not meet the security criteria of RFC 4017 without PKINIT.
b) IEEE 802.11i did not want to require use of certificates. 
c) The CAT WG refused to advance IAKERB even after it had been included as 
   an implementation requirement within IEEE 802.11i and had been 
   implemented by at least one vendor.  This made it impossible for
   IEEE 802.l1i to satisfy its IETF dependencies since EAP-GSS depended
   on IAKERB. 
d) GSSAPI did not include a PRF function, which made it difficult to 
   generate an MSK/EMSK with the properties required by RFC 3748. 

> IMHO, it seems that it makes sense to combine different frameworks with
> different authentication mechanisms as intended by secmech. But I just would
> like to have some clarification, why this would be useful.

_______________________________________________
SECMECH mailing list
SECMECH@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/secmech