Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges
Bernard Aboba <aboba@internaut.com> Thu, 25 August 2005 15:06 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E8JJL-0005Yk-Hs; Thu, 25 Aug 2005 11:06:35 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E8BBq-0001UH-53 for secmech@megatron.ietf.org; Thu, 25 Aug 2005 02:26:18 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA01839 for <secmech@ietf.org>; Thu, 25 Aug 2005 02:26:17 -0400 (EDT)
Received: from outbound.mailhop.org ([63.208.196.171] ident=mailnull) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E8BCJ-0007zY-8V for secmech@ietf.org; Thu, 25 Aug 2005 02:26:47 -0400
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.51) id 1E8BBo-000CvE-OO; Thu, 25 Aug 2005 02:26:17 -0400
Received: by internaut.com (Postfix, from userid 1000) id 1042060DDD; Wed, 24 Aug 2005 23:26:16 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by internaut.com (Postfix) with ESMTP id 037E760DDC; Wed, 24 Aug 2005 23:26:16 -0700 (PDT)
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
Date: Wed, 24 Aug 2005 23:26:15 -0700
From: Bernard Aboba <aboba@internaut.com>
To: Nicolas Williams <Nicolas.Williams@sun.com>
Subject: Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges
In-Reply-To: <20050825042105.GW10174@binky.Central.Sun.COM>
Message-ID: <Pine.LNX.4.61.0508242244440.1628@internaut.com>
References: <Pine.GSO.4.60.0508220801430.1114@ismene> <35850EE42DFD2824F0DDBBC8@cumulus> <Pine.GSO.4.60.0508221008260.1174@ismene> <1DCACCAC04655B3AFE9733A8@cumulus> <Pine.GSO.4.60.0508221047001.1307@ismene> <20050822154044.GE7789@binky.Central.Sun.COM> <430CA545.3020109@uni-tuebingen.de> <Pine.LNX.4.61.0508241113420.16086@internaut.com> <20050824213010.GO10174@binky.Central.Sun.COM> <Pine.LNX.4.61.0508241436250.21720@internaut.com> <20050825042105.GW10174@binky.Central.Sun.COM>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 73734d43604d52d23b3eba644a169745
X-Mailman-Approved-At: Thu, 25 Aug 2005 11:06:33 -0400
Cc: secmech@ietf.org
X-BeenThere: secmech@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security mechanisms BOF <secmech.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/secmech>
List-Post: <mailto:secmech@lists.ietf.org>
List-Help: <mailto:secmech-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=subscribe>
Sender: secmech-bounces@lists.ietf.org
Errors-To: secmech-bounces@lists.ietf.org
> No, I used "weak" to mean mechanisms that are subject to off-line > dictionary attacks by eavesdroppers or MITMs. If the EAP method generates a key and the tunneling mechanism supports cryptographic binding and satisfies the other RFC 4017 requirements (e.g. key strength, etc.) then I don't think that offline dictionary or MITM attack should be possible. Here is a brief summary of RFC 4017 requirements: MANDATORY [1] Key derivation. [2] Effective Key strength of at least 128-bits. [3] Mutual authentication. [4] Shared state equivalence. See RFC 4017 for details. [5] Resistance to dictionary attacks. [6] Protection against man-in-the-middle attacks. [7] Protected ciphersuite negotiation. RECOMMENDED [8] Fragmentation. [9] End-user identity hiding. OPTIONAL [10] Channel binding. [11] Fast reconnect. My guess is that Kerberos tunneled in TLS should be able to satisfy most if not all of these, assuming that cryptobinding is used. > Summary: IAKERB and EAP-GSS are dead at this time, mostly for lack of > people willing to do the work, not for any political or technical > reasons. >From a technical perspective, there are some challenges to securely providing authentication simultaneously with fast handoff. One issue is how the EAP peer figures out what Kerberos principals it needs to request a ticket for. Remember that EAP operates of a layer 2 protocol such as 802.11, and since the peer doesn't yet have IP connectivity, it may not know the IP Address or name of the NAS it is trying to connect to. In 802.11i, all the station knows is the BSSID of the AP; it doesn't know what NAS that BSSID is associated with, let alone the IP address, service name, etc. In the original IEEE 802.11i documents, it was assumed that the peer would request a ticket to the "Network Access Service" but this required all NAS devices to share a secret with the KDC so that a ticket, once granted, could be reused with any NAS. While this was very convenient for handoff, it was not so great from a shared secret hygene point of view. To enable the peer to figure out what tickets it needs, it seems like the AP would need to advertise its Kerberos Service Name, which might or might not be the same as the NAS-Identifier sent to the AAA server. Also, having to request a new ticket for each NAS, with a roundtrip to the KDC for each attempt, may not meet the stringent timing requirements of VOIP applications (handoff times <50 ms). So I think you'd need to figure out how to optimize the exchange, such as allowing an EAP peer to simultaneously request tickets to multiple NAS devices. However, if you can figure all this out, there could be some tangible benefits -- in particular with Kerberos it is possible to ensure proper key binding, which is not easy to do with current approaches. For example, a Kerberos ticket cannot easily be used by a NAS device other than the one it was created for. > I.e., I'm pretty sure there'd be no opposition from the IETF, the > Internet Security Area Directors or the IESG as a whole to a revival of > IAKERB and/or EAP-GSS, provided someone does the work. See below. Remember that at one time Kerberos was mandatory to implement in IEEE 802.11i. During that period there were lots of people will to work on Kerberos network access issues. However after it became clear that Kerberos by itself could not meet the 802.11 security requirements, and also that work in the IETF was not moving forward at a reasonable pace, IEEE 802.11i voted to remove Kerberos as the mandatory to implement method. At this point, I doubt you will find much interest within the 802.11 vendor community in revisiting Kerberos unless it can be demonstrated that Kerberos can provide some tangible benefit that isn't available with the fast handoff schemes being investigated in IEEE 802.11r. _______________________________________________ SECMECH mailing list SECMECH@lists.ietf.org https://www1.ietf.org/mailman/listinfo/secmech
- [SECMECH] Framework Bindings Vs. Mechanism Bridges Salowey, Joe
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
- RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Salowey, Joe
- RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Salowey, Joe
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
- RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Shumon Huque
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Shumon Huque
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Shumon Huque
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Josh Howlett
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Josh Howlett
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Josh Howlett
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Shumon Huque
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
- RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Salowey, Joe
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Ali Fessi
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Josh Howlett
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Jari Arkko
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Jari Arkko
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Jari Arkko
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Shumon Huque
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Josh Howlett
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
- RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Shumon Huque
- RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Josh Howlett
- RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
- RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Salowey, Joe
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
- RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
- RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
- RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Salowey, Joe
- RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
- RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
- RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
- RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Clint Chaplin
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… 1und1
- Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy