IETF Logo Mail Archive

Re: [TLS] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)

Mohit Sethi M <mohit.m.sethi@ericsson.com> Mon, 04 January 2021 10:02 UTC

Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B9DA3A0ADE; Mon, 4 Jan 2021 02:02:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.712
X-Spam-Level:
X-Spam-Status: No, score=-0.712 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.262, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4VM0D4w8GIJj; Mon, 4 Jan 2021 02:02:01 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2050.outbound.protection.outlook.com [40.107.21.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1E803A0ADD; Mon, 4 Jan 2021 02:02:00 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Voc83r1qfbklso71yGfngT+lyon6Gw0TK4Ksl0ThZeymA7aFg7FJJELTjlZUjrqlRNVmV7sE8DnRm6Yr5F4JrpiYsORxn9z+/UzGDoL38VTK9Aasa1XIJopo0ZB3L2vI3Rjkhe1HSZtmU8kgKXduhL7X+YsZFcVEckSacpxM7MhByWoXMEdkcec4Zz3d4Dc/98+JMwm3XIZ3fjY0weZd+sPvTszsfxXSBpPSgVs0nEf/63qGEcbq+XVHIo6ZrKqav9QVQW1BHCUa/tQa5Ty5Tz473QSwC+KV1YJFVJdUs6swwQn1CxQ/yVWSvirG4Ju0jS+e09yxmpSbxdHaAuLzwQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eza049GIaEbOLKp1llbTCmxXL4OGso4a8rPWslVSDgg=; b=SSkwxV3kQfLKTtd2jEuD+HRNqvUc4s0DGblAtglL++bEadO+mY2oZl6yAoJYiDK5ffZC+QG9dT8L5sndc2WZ3XWQfzaxPoF1Cu3XQaVteNTMLzcp9+zj7nQa0w9m2Ghzx/tNEbzCkQCLmGeU5zXSveAlOK8ZaK0Z0f27cW4WN2ObcbSaO2D64rsVKmk56rH2g8Yz7boeU/61aUoxQS2SzGO2+nvsCfkH8Pv9rqKST2J67U/Yi/goDQhzvs/UN2+fS4PlDCV6Xi7+yBqopxdedgXV4sKP41s20wB4PI/Boutzvho+taEMc3kdgpK1fug5KWS2ifR8C3eK+/QgbhFGpQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eza049GIaEbOLKp1llbTCmxXL4OGso4a8rPWslVSDgg=; b=YFA6GQODYIY+qyWFFqX+D+7kv4Ih7t1ETrjfti+jLkdMuw59j3QfDegJ8sAsuGFNs88q0MmcIncGPIUgxBy3zJcPL88FH8cHRb9o7Yadbhm8jbfoZxiFcMq5RcMQIRQT00sMQiAxB8aQyxyNH5R0AT4WK3S4CD2Cw2aJ9p+BOTA=
Received: from HE1PR0701MB2394.eurprd07.prod.outlook.com (2603:10a6:3:70::13) by HE1PR0701MB2617.eurprd07.prod.outlook.com (2603:10a6:3:90::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.2; Mon, 4 Jan 2021 10:01:57 +0000
Received: from HE1PR0701MB2394.eurprd07.prod.outlook.com ([fe80::a012:f1c5:3df:a9d7]) by HE1PR0701MB2394.eurprd07.prod.outlook.com ([fe80::a012:f1c5:3df:a9d7%12]) with mapi id 15.20.3742.006; Mon, 4 Jan 2021 10:01:57 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: Martin Thomson <mt@lowentropy.net>, 'Benjamin Kaduk' <kaduk@mit.edu>, "tls@ietf.org" <tls@ietf.org>
CC: "emu@ietf.org" <emu@ietf.org>
Thread-Topic: [TLS] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)
Thread-Index: AQHW0/v3Sc9XnYEKVU2ViWlCU2YXag==
Date: Mon, 04 Jan 2021 10:01:56 +0000
Message-ID: <7745bb87-a946-c739-007d-9d3be1212e19@ericsson.com>
References: <160815821055.25925.15897627611548078426@ietfa.amsl.com> <20201216223842.GR64351@kduck.mit.edu> <0f2b05db-5c98-43d4-aae3-cf620814bacc@www.fastmail.com>
In-Reply-To: <0f2b05db-5c98-43d4-aae3-cf620814bacc@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
authentication-results: lowentropy.net; dkim=none (message not signed) header.d=none;lowentropy.net; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [188.67.160.225]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2d767489-a64d-4cff-b947-08d8b097c569
x-ms-traffictypediagnostic: HE1PR0701MB2617:
x-microsoft-antispam-prvs: <HE1PR0701MB2617E46C26F58CB7B0622C8DD0D20@HE1PR0701MB2617.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:568;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: iCvfgjmqKruy3mmE6XHT5p1wn6fIdlRwiQ/LcuY3lQvulOdtmGHf9mA5n21kXbK2yMaouY2dtQAmlLnqud00JO43TpturggdiN1qDsceYAat3DPt98uhcK88k/9ReJtBFPFU9rzgzuZDghfzyE462tzh6i++dfLJStPvm1HeeEKuJIorDyO+By79qmGycwwjwfAO1Tv9fQiETTmCiSRpgI/nOIYU708V/uKlb72djeSGp7LaPd55Ie2a4/33IQyu8yg3iqI3EJibCXBhGNWIWLpVL+0/WVpAqyK/QyercI8p3z9SBsAgutdfUJD2LA/YL5CWsRC2ZM2uNyeMo+ZBGkkblsLTC32W+7Cdl6uqCG74B6TskchuOfgA6CB0GxVcLE87ouBkPUX9Bh+ZlZGRvNgYG78rqfqBkKhWCt5LKRH5EoN48/XxMbcOZMbkQjCrNH+7MFqGNOFBxXLML7ZcIxrTmo6p7okQm6j4/YmmzJfdtZtop63BRVt18xKHEjgU3b3e2DkhhdDp0ocE3zD8ygSE2rYp3AyDKjHD1msA6iE=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB2394.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(136003)(376002)(39860400002)(346002)(396003)(6506007)(26005)(8936002)(316002)(86362001)(2616005)(2906002)(4326008)(53546011)(83380400001)(166002)(6486002)(186003)(110136005)(8676002)(66476007)(966005)(71200400001)(478600001)(36756003)(66556008)(76116006)(66946007)(31686004)(31696002)(6512007)(5660300002)(64756008)(66446008)(45980500001)(43740500002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 9/xCEOPKoss4DXLyjrXCj37Y7XLyUmNGTR0DRJq73rdZQlxHoddHou5PhNqCIegMarmPD3gtIgmOlLKTsqbaOP1tU5awc52cvmt7S1X/u3EeReczs1ZiqarhV1ktTzCc+6CXVWF98kPV2Q93vxOueCfzX46Daux4UxU55glqWfebhrWMTxqbc+lElKX09myO32QRxBnc0vp906jJNrLihgai+2OXqCzpT+DTjnN0/TbjIXg2VEocFzDqKXx6MPBDqjAgcmgJN7t7qsHJ1Xmhf8j1htLwYFeTJs/2dMI0dmunDko+aTWesAvZHTMvhTYd6BujE8xySAMcYyijmXYR5Ev4e3AHV6oyKxKUSIrfKaj2Ey+r0aKyb7zaf3oZXl3CkJWL2D571gqiaB6d4c6QUucsfYqRlYsGHDb/ptQDQE0VvNc73ng/17mAFH0sNo+q4cNpLojh2dGRLWN0zTneNnVz+Wzsb+gRLXz0iSxCIznkkNbANnfIqHB79fFPc/wLBR6Vc4FJqzUfZ2GgKRv+FVtwti9at7zqUVodiIT2zjG2DBO2Qd7luORCUaRsW6P8WDCGEwg+g+SeDU0sIKQ/nTHWiGBtYK7YmZOcqUZijfEP3EihRXdzppaRL0hfQigWGDPRaDCGXncg6+A0Zv4VgA5tJJhz7M5gk9b5hbb5ew0qf9mO5t6IrckLAVulWEqs7XUB/qh51JwIrH2QcylyL4H9dVMPzhWpH5ivdxjgBBt6ui/VFMaxEtiUP2xGZtsr57UWSuEjKRxkSSY6S5VpFxlYDBBayvjbMSMDKht8iUNG3irfj0jh8dcH0eDt+GS8xzPrtr0HXoHmabjfu0SNWIGKeAYOGJHmLyNPd2nZMVBZitnd28TTrJvmHBQz6iO1IZBerMgLIrSo4bC2IrKOfxEBVvvYSfFKNZOEoj2Z0N5ikMfIrajN3D4YxytWx46zwyE4EU70buLKTuXVyM7otl7BycbAj+sSjbochN1kPsY=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_7745bb87a946c739007d9d3be1212e19ericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB2394.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2d767489-a64d-4cff-b947-08d8b097c569
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jan 2021 10:01:56.9986 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: RZP9kM4jPGW3++sMT2IZnqAEquaQ63iJxlhjsjqkQUGGtO8Lrus1LewDtqGeqlL+kwayv7s9RlU0PftuSANeo+t09f76g1nq/pmB5a0wXng=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2617
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/TKLCkwg4-Ii02lLUcO4fLk7KUlg>
Subject: Re: [TLS] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jan 2021 10:02:03 -0000

Top posting to explain the need for a reliable notification of protocol completion:

On 1/4/21 5:44 AM, Martin Thomson wrote:

 I have a much simpler one: the EAP layer has a signal that the protocol is complete: EAP-Success

Alan Dekok explained in a separate email thread why this is not the case (https://mailarchive.ietf.org/arch/msg/emu/uMNKV_vfov7ASob6_Qu3FlCNcT0/). He wrote: "The EAP-Success and EAP-Failure messages are *not* protected.  i.e. they are 4-bytes of data which can be spoofed rather trivially.".

There are two more quirks as to why EAP-Success cannot be used as an indication of protocol completion:

a) Section 2.2 of RFC 3748 says https://tools.ietf.org/html/rfc3748#section-2.2:

   EAP packets with Codes of Success or Failure do not include a Type
   field, and are not delivered to an EAP method.

What this means is that the EAP-Success is delivered to EAP (the framework) and not to EAP-TLS (the authentication method/protocol). Thus, EAP methods cannot rely on EAP-Success or EAP-Failure as an indication of anything since they never receive that message.

b) Section 3.1 (https://tools.ietf.org/html/rfc3748#section-3.1)  and 4.2 (https://tools.ietf.org/html/rfc3748#section-4.2) of RFC 3748 says:

   Note that EAP Success and Failure packets are not retransmitted.
   Without a reliable lower layer, and with a non-negligible error rate,
   these packets can be lost


   Implementation Note: Because the Success and Failure packets are not
   acknowledged, they are not retransmitted by the authenticator, and
   may be potentially lost.  A peer MUST allow for this circumstance as
   described in this note.

The knee-jerk reaction would be that EAP is bad and it should be fixed/updated. I have myself wondered if we can add some payload to the EAP-Success message. But EAP has been around for over a decade now and is used in many networks so the threshold for change is naturally high.

I also think that this should not be treated as an issue for EAP-TLS only. I can imagine other deployments which use TLS for making authorization decisions but do not use the TLS for sending message. So I am glad that Ben has brought this to the TLS working group for further discussion. Whether we use this 1-byte of application data (as done in this draft) or some other mechanism (such as close_notify), we need a reliable way of telling that no further post handshake messages will be sent.

--Mohit

v2.23.0 | Report a Bug | By Email