IETF Logo Mail Archive

Re: [aboba@internaut.com: Re: [SIP] draft-calhoun-sip-aaa-req]

Pat Calhoun <Pat.Calhoun@eng.sun.com> Wed, 03 January 2001 20:33 UTC

Received: from lists.bell-labs.com (share.research.bell-labs.com [204.178.16.58]) by ietf.org (8.9.1a/8.9.1a) with SMTP id PAA04301 for <sip-archive@odin.ietf.org>; Wed, 3 Jan 2001 15:33:17 -0500 (EST)
Received: from share.research.bell-labs.com (localhost.localdomain [127.0.0.1]) by lists.bell-labs.com (Postfix) with ESMTP id 5946944373; Wed, 3 Jan 2001 14:32:08 -0500 (EST)
Delivered-To: sip@lists.bell-labs.com
Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by lists.bell-labs.com (Postfix) with ESMTP id D6DD844338 for <sip@lists.bell-labs.com>; Wed, 3 Jan 2001 14:31:32 -0500 (EST)
Received: from engmail3.Eng.Sun.COM ([129.144.170.5]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id MAA05950; Wed, 3 Jan 2001 12:31:15 -0800 (PST)
Received: from nasnfs.eng.sun.com (nasnfs.Eng.Sun.COM [10.6.84.20]) by engmail3.Eng.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id MAA11108; Wed, 3 Jan 2001 12:31:14 -0800 (PST)
Received: from mordor (mordor [129.146.120.122]) by nasnfs.eng.sun.com (8.9.3+Sun/8.9.1) with SMTP id MAA19579; Wed, 3 Jan 2001 12:31:08 -0800 (PST)
From: Pat Calhoun <Pat.Calhoun@eng.sun.com>
Reply-To: Pat Calhoun <Pat.Calhoun@eng.sun.com>
Subject: Re: [aboba@internaut.com: Re: [SIP] draft-calhoun-sip-aaa-req]
To: Michael Thomas <mat@cisco.com>
Cc: Pat Calhoun <Pat.Calhoun@eng.sun.com>, Stephen Thomas <stephen.thomas@transnexus.com>, SIP List <sip@lists.bell-labs.com>
In-Reply-To: "Your message with ID" <14931.25708.455779.464579@thomasm-u1.cisco.com>
Message-ID: <Roam.SIMC.2.0.6.978553658.6342.pcalhoun@nasnfs>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET="US-ASCII"
Sender: sip-admin@lists.bell-labs.com
Errors-To: sip-admin@lists.bell-labs.com
X-BeenThere: sip@lists.bell-labs.com
X-Mailman-Version: 2.0beta6
Precedence: bulk
List-Help: <mailto:sip-request@lists.bell-labs.com?subject=help>
List-Post: <mailto:sip@lists.bell-labs.com>
List-Subscribe: <http://lists.bell-labs.com/mailman/listinfo/sip>, <mailto:sip-request@lists.bell-labs.com?subject=subscribe>
List-Id: IETF SIP Mailing List <sip.lists.bell-labs.com>
List-Unsubscribe: <http://lists.bell-labs.com/mailman/listinfo/sip>, <mailto:sip-request@lists.bell-labs.com?subject=unsubscribe>
List-Archive: http://lists.bell-labs.com/pipermail/sip/
Date: Wed, 03 Jan 2001 12:27:38 -0800

>    The problem is that you're proposing to
>    backhaul most (all?) of the SIP message 
>    back as an opaque blob. That sort of begs
>    the question of why don't you just send it
>    as a SIP message as Henning suggests; the
>    AAA is, if nothing else, going to have quite
>    a bit of proxy logic to determine whether
>    it should authorize the request. Looks like
>    duck, walks like duck... probably is duck.

I *assume* that you understand how RADIUS and/or DIAMETER works. The NAS pulls
specific items out of the request (SIP message), and inserts them into what we
commonly call AVPs (or attribute value pairs). The AAA server takes this
information to make its authorization decision. The only reason why the SIP
request is sent at all is for authentication reasons, since the SIP server
doesn't have the mobile's long term secret.

> 
>  > In fact, the
>  > following was done: 1. Allow the mobile to have an NAI as its identifier,
> as
>  > opposed to a home address (something that is already supported in SIP, so
> no
>  > change required). 2. Allow the mobile to share a secret with its AAAH, as
>  > opposed to its Home Agent (something that is VERY easy to do, and probably
>  > requires NO protocol changes in SIP).
> 
>    I assume that you're talking about
>    draft-ietf-mobileip-aaa-key-01.txt?
yes.

>    Assuming that I'm
>    reading the draft correctly, I have to tell you that the
>    entire idea makes me extremely queasy: shipping the user's
>    long term key from the AAA to other entities of
>    which have questionable and/or unknown security
>    practices seems *extremely* dangerous.

Perhaps a re-read is in order? In fact, perhaps section 6.0 of
draft-calhoun-diameter-mobileip-11.txt would be a better read.
draft-ietf-mobileip-aaa-key-01.txt carries the ephemeral keys created in the
former document.

(btw, I'll try not to take offense that you would even think that I would be
passing around a mobile's long term secret to other network entities).

> 
>    Kerberos, for this very reason, does not do this; instead
>    a short term ephemeral secret is created for use between
>    the client and server. That you even call the AAAH
>    a "KDC" (to which I don't disagree) should give pause
>    that the AAA should at least learn the lessons of "real"
>    KDC's which consumes endless hours of lots of
>    smart security folks. FYI, I'm in the process
>    of writing a draft which has the functionality
>    you're looking for but uses Kerberos mechanisms 
>    to create an ephemeral session key. 

Thanks for the Kerberos tutorial :)

Seriously, this is precisely what the AAAH does.

PatC


_______________________________________________
SIP mailing list
SIP@lists.bell-labs.com
http://lists.bell-labs.com/mailman/listinfo/sip

v2.23.0 | Report a Bug | By Email