Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges

Nicolas Williams <Nicolas.Williams@sun.com> Mon, 22 August 2005 15:38 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E7ENU-0000xS-1w; Mon, 22 Aug 2005 11:38:24 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E7ENS-0000ws-Gx for secmech@megatron.ietf.org; Mon, 22 Aug 2005 11:38:22 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA23278 for <secmech@ietf.org>; Mon, 22 Aug 2005 11:38:19 -0400 (EDT)
Received: from nwkea-mail-1.sun.com ([192.18.42.13]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E7Ey0-0004m0-4Y for secmech@ietf.org; Mon, 22 Aug 2005 12:16:11 -0400
Received: from centralmail2brm.Central.Sun.COM ([129.147.62.14]) by nwkea-mail-1.sun.com (8.12.10/8.12.9) with ESMTP id j7MFcH2B000617 for <secmech@ietf.org>; Mon, 22 Aug 2005 08:38:17 -0700 (PDT)
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by centralmail2brm.Central.Sun.COM (8.12.10+Sun/8.12.10/ENSMAIL, v2.2) with ESMTP id j7MFcGLG011617 for <secmech@ietf.org>; Mon, 22 Aug 2005 09:38:17 -0600 (MDT)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.13.3+Sun/8.13.3) with ESMTP id j7MFcGLI008745; Mon, 22 Aug 2005 10:38:16 -0500 (CDT)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.13.3+Sun/8.13.3/Submit) id j7MFcG83008744; Mon, 22 Aug 2005 10:38:16 -0500 (CDT)
Date: Mon, 22 Aug 2005 10:38:16 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Shumon Huque <shuque@isc.upenn.edu>
Subject: Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges
Message-ID: <20050822153816.GD7789@binky.Central.Sun.COM>
References: <7210B31550AC934A8637D6619739CE6905C06510@e2k-sea-xch2.sea-alpha.cisco.com> <Pine.GSO.4.60.0508191330380.16954@ismene> <20050819210308.GI6659@binky.Central.Sun.COM> <20050820031035.GA5352@isc.upenn.edu> <43074F76.8000604@cs.umd.edu> <20050822044255.GC27685@isc.upenn.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20050822044255.GC27685@isc.upenn.edu>
User-Agent: Mutt/1.5.7i
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9
Cc: secmech@ietf.org
X-BeenThere: secmech@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security mechanisms BOF <secmech.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/secmech>
List-Post: <mailto:secmech@lists.ietf.org>
List-Help: <mailto:secmech-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=subscribe>
Sender: secmech-bounces@lists.ietf.org
Errors-To: secmech-bounces@lists.ietf.org

On Mon, Aug 22, 2005 at 12:42:55AM -0400, Shumon Huque wrote:
> I've read RFC 4017. My discomfort comes from the observation that
> it is at best incomplete to point this out only for wireless LANs, 
> since many of these vulnerabilities are applicable to other link 
> layers too. If I use an EAP method that supports Kerberos on a 
> wired ethernet for example, the dictionary attack threat still
> exists. I do not find the differential magnitude of the threat a 
> very convincing argument. It makes more sense to design security 
> mechanisms with the uniform assumption that the network is always 
> hostile.
> 
> This puts us in a position of having to say (whether we're using
> EAP or not): "use Kerberos normally, except when running over 
> link layers X, Y and Z, in which case you should run it only in 
> a protected, cryptographically bound tunnel". If we need to address 
> the dictionary attack problem, I think we should discuss how to 
> do so in the Kerberos protocol directly. Perhaps that discussion 
> belongs in another group though ..

BTW, and for the benefit of lurkers and future readers of this list, the
password cracking issues, for Kerberos V apply only to the AS KDC
exchanges, and only when using PA-ENC-TIMESTAMP pre-auth.  And that's
relevant to EAP only because we all agree that we'd want to tunnel KDC
exchanges through EAP as that would be the only way to reach the KDC for
EAP client in many, many cases.

> I'm also not a fan of automatically assuming that a tunnel is the 
> right solution for many problems. If we are tunnelling in TLS for 
> example, I now have additional issues to deal with. Such as how to 
> query up-to-date certificate revocation status, and whether my 
> users are properly validating the certificates etc.

Agreed.  But you can do other things too.  Like: ignore this issue at
first and do cryptographic binding between the inner and tunnel layers
and, if the result succeeds in real-time (assuming that offline password
dictionary attacks can't be done in real-time), "learn" the server cert;
the problem is what to do if the password-based mechanism fails...
(e.g., tell the user to call his/her helpdesk, which need not be as
easy for the user to do, or as likely that the user would actually do
it, as one might hope).

Nico
-- 

_______________________________________________
SECMECH mailing list
SECMECH@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/secmech