Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges

Charles Clancy <clancy@cs.umd.edu> Thu, 25 August 2005 01:29 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E86Yy-0005Lw-Cd; Wed, 24 Aug 2005 21:29:52 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E86Yw-0005Lr-Ka for secmech@megatron.ietf.org; Wed, 24 Aug 2005 21:29:50 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA08220 for <secmech@ietf.org>; Wed, 24 Aug 2005 21:29:49 -0400 (EDT)
Received: from sccrmhc12.comcast.net ([63.240.76.22]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E86ZM-0000KX-9O for secmech@ietf.org; Wed, 24 Aug 2005 21:30:17 -0400
Received: from [192.168.0.2] (pcp04510339pcs.gambrl01.md.comcast.net[68.49.199.146]) by comcast.net (sccrmhc12) with ESMTP id <20050825012841012000d7t3e>; Thu, 25 Aug 2005 01:28:42 +0000
Message-ID: <430D1EB5.2040806@cs.umd.edu>
Date: Wed, 24 Aug 2005 21:28:21 -0400
From: Charles Clancy <clancy@cs.umd.edu>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Bernard Aboba <aboba@internaut.com>
Subject: Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges
References: <43074F76.8000604@cs.umd.edu> <20050822044255.GC27685@isc.upenn.edu> <Pine.GSO.4.60.0508220801430.1114@ismene> <35850EE42DFD2824F0DDBBC8@cumulus> <Pine.GSO.4.60.0508221008260.1174@ismene> <1DCACCAC04655B3AFE9733A8@cumulus> <Pine.GSO.4.60.0508221047001.1307@ismene> <20050822154044.GE7789@binky.Central.Sun.COM> <430CA545.3020109@uni-tuebingen.de> <Pine.LNX.4.61.0508241113420.16086@internaut.com> <20050824213010.GO10174@binky.Central.Sun.COM> <Pine.LNX.4.61.0508241436250.21720@internaut.com> <430D0D2B.8050405@cs.umd.edu> <Pine.LNX.4.61.0508241724080.26080@internaut.com>
In-Reply-To: <Pine.LNX.4.61.0508241724080.26080@internaut.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 50a516d93fd399dc60588708fd9a3002
Content-Transfer-Encoding: 7bit
Cc: secmech@ietf.org
X-BeenThere: secmech@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security mechanisms BOF <secmech.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/secmech>
List-Post: <mailto:secmech@lists.ietf.org>
List-Help: <mailto:secmech-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=subscribe>
Sender: secmech-bounces@lists.ietf.org
Errors-To: secmech-bounces@lists.ietf.org

Bernard Aboba wrote:
>>If the EAP server is the service, then it can do a passthrough Kerberos
>>authentication for the EAP client.  The client can obtain a TGT and a service
>>ticket for the EAP server, and then authenticate to the EAP server using the
>>service ticket.  The key contained within that service ticket is known only by
>>the client and the EAP server, so it could theoretically then be used to
>>bootstrap an EAP key derivation, including the info needed by TTLS to do the
>>crypto binding.  TTLS would then augment the security of these keys using its
>>own entropy, and poof.
>>
>>... or am I missing something?
> 
> 
> EAP methods need to be "mode independent" which implies that they need to 
> work the same way regardless of whether an authentication server is 
> present or not.  If an AS is not present, then the EAP server resides on 
> the NAS, and the EAP peer would be providing a clear text password to the 
> NAS. 
> 
> "AAA Key Management" (draft-housley-aaa-key-mgmt-00.txt) talks about 
> preventing cascading vulnerabilities.  One of the requirements is that 
> compromise of one NAS not compromise long-term credentials. 
> 
> Providing a cleartext password to a NAS seems like it would violate that 
> requirement. 

Why would the cleartext password ever end up on a NAS?

Maybe a picture would help:

EAP Client          EAP Server           KDC
--------------------------------------------

     TTLS Negotiation
<----------------------->

krb5 authentication (EAP server is passthrough)
<------------------------------------------>

                          TGT, service ticket
<-------------------------------------------

       service auth
<----------------------->

{MK,MSK} = PRF(service key)

[ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ]
[ computer science ]-----[ university of maryland | college park ]

_______________________________________________
SECMECH mailing list
SECMECH@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/secmech