RE: [Emu] WGLC comments for draft-simon-emu-rfc2716bis

To: "Bernard Aboba" <bernard_aboba at hotmail.com>, <Pasi.Eronen at nokia.com>, <emu at ietf.org>
Subject: RE: [Emu] WGLC comments for draft-simon-emu-rfc2716bis
From: "Joseph Salowey \(jsalowey\)" <jsalowey at cisco.com>
Date: Tue, 9 Jan 2007 12:20:42 -0800
Authentication-results: sj-dkim-4; header.From=jsalowey@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
Cc:
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=3044; t=1168374044; x=1169238044; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey@cisco.com; z=From:=20=22Joseph=20Salowey=20\(jsalowey\)=22=20<jsalowey@cisco.com> |Subject:=20RE=3A=20[Emu]=20WGLC=20comments=20for=20draft-simon-emu-rfc27 16bis |Sender:=20; bh=K3E2YJcnRI4dEcPcj47b6muAsOc71wuB4S2BlUgHheY=; b=JsbC8iueiRG4RpENpqDzDKQn27fVaW0+/x5HagOVCS/kdfdNHHw0iIwUQNidamqjtu92nf/5 JB7TRSb5BoOVhtfuWLf8iORHZ3pML5akHv1y3zolXHMvPmZxneY/yqD0;
In-reply-to: <BAY117-F12BF1B15A9FC00046CC1EA93B30@phx.gbl>
List-archive: <http://www1.ietf.org/pipermail/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
Thread-index: AcczoALRNdUd0MFjR+Sd9q2Po7WI7QAhlpCg
Thread-topic: [Emu] WGLC comments for draft-simon-emu-rfc2716bis

> > >    Comparing the Server-Id in the certificate to the 
> expected server
> > >    name limits the damage that will result from an 
> attacker compromising
> > >    a server private key.  If the peer does not check the 
> Server-Id, then
> > >    the peer would accept a compromised server certificate 
> chaining to
> > >    any of the configured trust anchors.
> > >
> >
> >[Joe] If the server key is compromised then it seems checking the 
> >server-ID will not help discover this or limit damage.
> 
> Maybe this should have been "compromising a trust anchor 
> private key".  I think the idea was to prevent a compromise 
> of a trust anchor from enabling attackers to carry out "rogue 
> authenticator" attacks across the board.

[Joe] I don't think so, since a compromised trust anchor is a bigger
problem.  This text appears to mostly deal with authorization issues.
Here is a proposal for some modifications to the text:

In section 5.2, we may want to rethink the recommendation to use the TLS
WWW EKU, I'm not sure it is appropriate. Right now I suggest we remove
this paragraph. The text for the rest of the section could be replaced
by the following text. 

"Once the endpoints of the EAP-TLS conversation have been authenticated
and have had their certificates validated they then must be authorized.
The authorization process makes use of the contents of the certificates
as well as other contextual information.  While authorization
requirements will vary from deployment to deployment it is RECOMMENDED
that implementations be able to authorize based on the EAP Peer and EAP
Server identities defined above. 

Certificate extensions for use with EAP-TLS are discussed in
"Certificate Extensions and Attributes Supporting Authentication in
Point-to-Point Protocol (PPP) and Wireless Local Area Networks (WLAN)"
[RFC4334].  These extensions enable certificate usage to be restricted
to use with lower layers such as PPP or IEEE 802.11.  An EAP-TLS
implementation MAY make these and other certificate fields available to
the lower layer.

Since authorization based on specific identities may not scale well in a
large environment implementations may make use of other fields in the
certificate.  For example an implementation may be configured to accept
all certificates issued by a CA with a certain name format as trusted.
In another example the peer may test whether the EAP server certificate
is signed by a CA controlling the destination network and whether the
Server-Id matches the format expected for that network.  For example, an
EAP peer connecting to the "EXAMPLE" SSID may check whether the
Server-Id matches the regular expression "*.example.com", in addition to
checking whether the server certificate chains to the example.com CA.
However, it is important to realize that any certificate matching the
above criteria will be authorized, so this method should only be used in
environments where this is guaranteed to be accurate."



_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu

References:
- RE: [Emu] WGLC comments for draft-simon-emu-rfc2716bis
  - From: Bernard Aboba

Prev by Date: Re: [Emu] I-D ACTION:draft-ietf-emu-eap-gpsk-02.txt
Next by Date: [Emu] Open issues with draft-simon-emu-rfc2716bis-06.txt
Previous by thread: RE: [Emu] WGLC comments for draft-simon-emu-rfc2716bis
Next by thread: [Emu] I-D ACTION:draft-simon-emu-rfc2716bis-06.txt
Index(es):
- Date
- Thread

RE: [Emu] WGLC comments for draft-simon-emu-rfc2716bis

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.