Sam Hartman [mailto://hartmans-i...@mit.edu] writes:
> Hi. At IETF 77, I agreed to edit draft-ietf-emu-chbind. Also, at that > meeting, I sat down with Glen to understand his concerns with the > document. I'd like to write up my notes on that meeting and to discuss > what I think the critical next steps are for the document. > > > I presented two motivating examples, one of which is I think directly > within the previous discussions of channel binding and one of which is > my motivation for caring about the problem. > > Consider a corporation that has an internal network and that also has > agreements with WIFI hotspots to provide its employees connectivity. > Policy requires that people use a different set of firewall rules and > VPN configuration when connecting at the WIFI hotspots than when > connecting to the home network. Typically clients determine which > network is in use by the SSID. They use the same EAP credentials in > both cases. > > You can imagine that the corporation would know the identities of its > own access points. In particular, a combination of configuration on the > AAA servers and at the boundary firewall could mean that the AAA servers > know whether a given request for access is coming from the corporate > network or a WIFI hotspot. Today, however, the corporate AAA > infrastructure does not know what the client thinks it is connecting > to. If the client disclosed the SSID it sees then the corporation would > be in a position to enforce the security policy. > > Glen agreed that channel binding could address this. Indeed it could, but all you really seem to be asking for is a way for the corporation to be able to control the configuration of the client. As you point out, it is reasonable to expect that the corporation knows the identity of its own access points; why does it matter what the client _thinks_ (for lack of a better word) that it is attached to? I cannot see any purpose for the client sending the SSID of the network to which it attached. In fact, it seems that all that is necessary is the ability to remotely modify the configuration of a client; why is the job of EAP, again? > We'll come back to > whether it's a good idea in a bit. > > My motivation is related to the technology being developed by the > Moonshot project (http://www.project-moonshot.org ). > We'd like to use EAP as part of application authentication. With network > access, there are a lot of situations where one network is much the same > as another. However with application authentication the party you're > talking to matters a lot, especially in federations with relatively > liberal membership policies. I might well be willing to send > information to my company's ERP system that I should not send to a rogue > machine at a competitor that is part of the same federation. I'd like to > know the difference in who I'm talking to. > > Glen described several significant concerns about the way channel > binding has been handled. > > First, there is the basic complexity concern. > EAP has grown and evolved over the years, in many cases with design > taking place after the fact. Adding a new facility has a high > cost. However, there are some things in the current draft that make that > cost even higher. > > I, and a few others have argued that all EAP methods should gain channel > binding support. Glen points out that is a lot of work and argues it is > unnecessary. > > Glen is also concerned that each EAP method will handle channel binding > differently.His assumption is that each method would have a different > set of channel binding attributes that it carried, a different mechanism > for carrying them, and different names/numbers for the attributes. So, > rather than just supporting channel binding in some deployment of EAP, > you would need to tie it to a particular method or small set of > methods. He acknowledged that we could have some standardized way of > dealing with new EAP methods but points out that we have a lot of > existing methods. > > Glen and I had a long discussion about channel binding in EAP vs channel > binding as part of the secure association protocol. > That was a very useful discussion. > > The interesting question is what favors one approach vs another. > > Channel binding always requires changing the client and the home AAA > server/EAP server. > > Using a SAP requires: > 1) changing all the NASes > 2) Specifying an extension to each lower layer that may be used > 3) Specifying AAA transport for this extension. > > [As an aside, Glen proposed a mechanism for doing this at the AAA layer > that should get written up somewhere. I thought it was quite clever and > easier than any attempt to do this I had seen before. Of course I'm a > relative novice when it comes to AAA.] > > Using channel binding inside EAP requires: > > 1) Changing/specifying channel binging for the EAP methods in use. > > For most of the applications I care about (with the exception of the EAP > for non-network-access use case), avoiding having to change the NAS is a > huge advantage. > Also, from where I sit, not having to update the link layers is a big > deal. > However, the conversation was really useful because I now understand > situations in which both of those assumptions about complexity of change > would be different. > > So, here are some ideas going forward for areas I'd like to improve the > draft: > > 1) The introduction does discuss use cases. However I don't think it > does a particularly good job of describing concrete use cases; I'd like > to provide some explicit examples. > > 2) The draft doesn't currently motivate the secure association protocol > version of channel binding. I will admit that my reaction when I read > that section of the draft was roughly "that's a stupid idea there to > placate people who don't think we can do this in EAP." I think that it has been fairly well established that people can & will do virtually _anything_ in/to EAP; the question is whether or not it's a good idea to do it (Hint: "it's just so convenient" is _not_ a justification IMO). > At this point I > feel I understand the use case well enough to describe it and would like > to attempt doing so. > > 3) It's not actually true that you need to cover all EAP methods in > order to use channel binding inside EAP. In particular, if you have a > tunneled configuration, only one of the methods needs to support channel > binding. There are complexities here: you either need cryptographic > binding or you need the channel binding to be part of the method that > provides authentication of the client to the server. Still, it seems > like this is an area where we should explicitly consider what's going on > and see if we can use tunnel methods to reduce cases where we need to > implement channel bindings. 3) has me really confused. Would you mind explaining a bit further. > > 4) It seems clear to me that we want one namespace of channel binding > attributes that we carry in EAP methods and secure association > protocols. The current draft implies that but doesn't really give > concrete mappings for how that will be carried in existing EAP methods. > It's my understanding that there has been work done in this space. I > think that we need to go through that work and make sure it is sound to > address Glen's concern that we don't want the set of attributes to be > method-specific, nor do we want applications consuming channel binding > to need to pay attention to what their method supports. Some methods > will support channel binding; some will not. However for those that do, > we want a consistent interface provided to the lower layer. > > > There may be other open issues with the document. I have not inherited > any such list if there is one. > > I'd appreciate comments from the WG and chairs on this proposed > approach. > > --Sam > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
