ietf
[Top] [All Lists]

Re: comments on draft-houseley-aaa-key-mgmt-07.txt

2007-02-19 20:43:02
Sam,

Please read the thread again and make a convincing case as to why my message -- and please consider the entire message -- is disgusting, and I shall apologize.

Some notes inline:

Sam Hartman wrote:
"Lakshminath" == Lakshminath Dondeti <ldondeti(_at_)qualcomm(_dot_)com> writes:

    Lakshminath> Dan, We are discussing the case of the authenticator
    Lakshminath> providing a different identity to the peer and the
    Lakshminath> server here.  Sam raised that issue.

This is probably the last message you'll hear from me for the next
week.  I'm supposed to be on vacation but I made the mistake of
reading my ietf mail.

However, I was so disgusted by your message that I had to reply.  I
will not make the mistake of reading ietf mail until I return again.

We're discussing Dan's last call comment.  There's no way Dan can be
wrong about what problem we're discussing.H We may not understand him,
but it is completely inappropriate to correct him and tell him that
he's bringing up the wrong problem.

First, a fact to consider: Dan's last call comment never really made it to my mailbox and it is not available in the archive (perhaps he was/is not subscribed to the IETF list; I have 1 message from him in my mailbox that was cc'ed to the IETF list, but that is not in the archive either).

This thread started with your message calling the list's attention to Dan's message; unfortunately, Dan's message was not included in your message either. Vidya was kind enough to summarize the problem for the list based on the long discussion on this topic in the HOKEY list.

You responded to Vidya's message saying that "the model you proposed didn't fit what Dan was talking about very well." You went on to summarize the problem as "Dan wants to focus on problems
resulting from the fact that the name of the authenticator used
between the peer and the authenticator may be different than the name
of the authenticator used between the authenticator and the AAA
server."

Now I haven't seen Dan's original message and so I don't know whether you are capturing the entirety of Dan's message. In my response, I was in fact bringing in Dan's concern (as I understood it on the HOKEY list) back into the discussion.

I responded to you and noted that there are two problems, 1) the entity in the middle giving a different identity to the peer and the server (which may be solved by including the identity in the key derivation; there are other solutions) and 2) the entity in the middle giving the same wrong identity to both sides.

I went on to say "Let me put it this way, both issues are considered problems to address/solve in this case."

By the way, I think #2 above briefly and correctly summarizes what Dan is describing. Below is the attack in his own words.

Here is Dan's summary of the problem: "No, there is a problem even if the identity is part of the key
derivation. The reason is that this is a _symmetric_ key that is used
by the client to gain network access. If it is possible for some
entity to lie about its identity to obtain one of these keys, then that
key can be used to impersonate the client to the authenticator whose
identity was lied about and/or attack a connection the client makes to
the authenticator whose identity was lied about.

  Any security properties you're trying to assign to this key have been
thrown out the window.

  Dan."

My message that you were so "disgusted" by was in response to Dan's email above.

I was attempting to say to Dan that the reference to including the identity as part of key derivation came about as a response to your summary of the problem. I went on to talk about the problem he has described in the HOKEY list as well in this thread in the second paragraph and concluded "Please provide your thoughts on whether her proposed text covers the issue adequately. Otherwise, please provide text. "

I did not correct him, I was merely saying the focus of the thread at that moment was on a slightly different problem (and that was from your summary of the issue, btw) than the one he has described.

I did not "tell him that he's bringing up the wrong problem." What gave you that impression?

So where do I think we are? At the risk of repeating myself, there is the problem of an entity in the middle giving different identities to the peer and the server and there is the problem of the entity in the middle giving the wrong identity to the server and the peer (giving the wrong identity to the server alone may also be sufficient in some cases, but requiring that the peer trigger the key delivery mitigates that aspect of it).

This is my opinion; last I checked I can express my opinion on any of the IETF lists, just as anyone else. I am also quite fallible.

I look forward to other summaries of where we are in the discussion and what needs to be added to draft-housley-aaa-key-mgmt. I may have overly simplified something or understood the threat incorrectly; please point out what I got wrong.

Finally, if someone cares to explain in what way my messages (I sent all of two in this thread) are sidetracking (I guess that's what Sam is saying below) or otherwise disrupting the discussion, I am willing to learn.

thanks,
Lakshminath


Please stop trying to refocus the discussion.  Bringing up a model to
think about an issue can be a useful tool, but it can also be a tool
used to add obscurity.  In this instance, I think you and Vidya may be
having the ladder effect.

--Sam



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>