Re: [Emu] Comments on the eap-tunnel-method-00 draft

[Sam Hartman]

 Hao == Hao Zhou hz...@cisco.com writes:

Hao Rereading the updated chbind draft, it has already defined the
Hao mechanism for two way communication and tunnel EAP draft just
Hao defined a TLV container to carry the Channel binding data
Hao defined in Section 5.3, so we should be ok.  No change is
Hao needed on the tunnel EAP draft on this, other maybe called out
Hao Section 5.3.


And to indicate it's two-way.
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Re: [Emu] Comments on the eap-tunnel-method-00 draft

[Jim Schaad]

 -Original Message-
 From: Hao Zhou [mailto:hz...@cisco.com]
 Sent: Wednesday, October 19, 2011 12:31 PM
 To: Jim Schaad; draft-ietf-emu-eap-tunnel-met...@tools.ietf.org
 Cc: emu@ietf.org
 Subject: Re: [Emu] Comments on the eap-tunnel-method-00 draft
 
 Jim:
 
 Thanks for reviewing the draft in detail and comments provided. Please see
 my response inline below.
 
 
 On 10/17/11 6:08 PM, Jim Schaad i...@augustcellars.com wrote:
 
  I have gathered these comments over time and therefore some of them
  are not fully fleshed out.  If you have any questions I will try and
  reconstruct my ideas at the time.
 
  Jim
 
 
 
  Version Negotiation - terminate the conversation - w or w/o a fail?
  Edge case - what if peer only supports a higher version than the
  server supports?  NAK?
 
 [HZ] It depends. Server might want to proceed with other EAP type
 negotiation by proposing a different EAP type, or terminate the
conversation
 with an EAP-Failure. I will clarify that in the next rev.

Yes - but in this case I would expect a NAK from the client - possibly
proposing other methods.  Is this correct?

 
  EAP Server Name Checking - On what basis does the client accept or not
  accept the EAP server name?You are suggesting that it is signed by a
CA
  controlling the intended domain, but what does this mean?   Are you
  suggesting that the CA should have a DNS subject alt name in it for
  the domain in question?
 
 [HZ] It's up to client's policy, especially if the server cert is issued
by a public
 CA. Client needs not only verify that the server cert presented is a valid
cert
 signed by the trusted CA, but also the server name presented in the cert
is
 matching the domain it tried to authenticate with. A FQDN in the CN or SAN
 would be a way to do it.
 
  If no embedded EAP methods run, then no crypto check and thus no
  version # checking is done.
 [HZ] That's true.

Ok - this would be in violation of the last paragraph in section 3.1 which
says that the version numbers MUST be done.

 
 Also no checking done if only one inner EAP method is  used as this
 only sends the Result TLV and not the Crypto-Binding TLV
 
 [HZ] That's not true. Crypto-binding would still be exchanged with Result
TLV.
 Actually using of the Result TLV in lieu of IM-Result TLV is for legacy
reason in
 EAP-FAST, which could be removed in next rev since we are designing a new
 EAP method.

Please tell me where it says this is done.  All I can see is that one CAN
send intermediate-result, result and crypto-binding TLVs in the same
message.  (Unless of course only one is sent in which case the
Intermediate-Reuslt TLV MUST NOT be sent).   However these is nothing that
says that the Crypto-binding TLV would be sent after the first and only EAP
method - or indeed after a sequence of EAP methods.


  'serially in a sequence' is redundant - section 3.3.1
 
 [HZ] Ok. The text is trying to distinguish from running multiple EAP
methods
 in parallel.
 
  Not only does it not allow initiating multiple EAP methods in
  parallel, it requires that they not be running in parallel.  This is a
  more strict condition
 
 [HZ] For simplicity, otherwise implementation would need to trace when the
 1st method finishes and applies the key from the authentication to the
 crypto-binding. Supporting them in complete sequence makes it simpler and
 securer, as 2nd method might not be safe to run if the crypto-binging
after
 1st method fails.

Do you ever expect a version to allow multiple EAP sequences to be run at
the same time?  If not then just the statement that they MUST be executed
serially is probably sufficient.

 
  Para #3 - can the peer return an error and treat the failure of a
  specific EAP method as a total failure for the overall process - or at
  least recommend that it should be an overall failure?
 
 [HZ] Yes it can. It is actually described in Section 3.6.2, peer can send
up some
 Fatal Error TLV and Result TLV to indicate the end.

Ok - either I don't see the text or my comment is not sufficiently clear.

Consider:
Client is running EAP-BLAH and returns inside of the EAP-BLAH method a
failure. 
If the client wants an overall failure rather than leaving it up to the
server, does it send both the Result TLV failure and the EAP-Message w/ the
failure - or just the result TLV failure or is this not reasonable for the
client?

 
  Confused messages in 3.3.1 and 3.3.3 about sending intermediate
  results and final results at the same time.  Specifically 3.3.1 says
  MUST NOT for one inner EAP method,  but text is not reflected in
  section 3.3.3
 
 [HZ] I think we can change to always send IM result after each inner EAP
 method, if only one inner method, then Result TLV could be sent as well.
See
 explanation above.


  Conflict between 3.3.3 and security considerations (7.5) about sending
  a different value in the Result TLV and the clear result in the event
  of not doing a Request-Action TLV from the client.  Is the server
  required

Re: [Emu] Comments on the eap-tunnel-method-00 draft

[Sam Hartman]

 Jim == Jim Schaad i...@augustcellars.com writes:
  Section 4.2.10 - How can I know if the server does or does not
 process  the channel binding TLV?  This may be part of my policy
 as a peer  depending on circumstances.
 
[HZ] Currently, the Channel-binding TLV is an optional TLV,
doesn't
 require
acknowledgement, and is designed to be only one way, for client
to send some channel binding data to the server for verification
purpose. There is
 no
feedback provided. The indication of whether the server supports
channel- binding and/or validated the channel-binding could be
conveyed in other TLVs to be added, if the WG agrees to be
valuable.


JimSam - do you see this as being an issue for abfab?


It's an issue for EMU actually.
See  Section 5.3 of draft-ietf-emu-chbind.
Channel binding must be two-way and must follow the semantics of that
section.

And yes, draft-ietf-abfab-gss-eap depends on those semantics.
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Re: [Emu] Comments on the eap-tunnel-method-00 draft

[Hao Zhou]

Rereading the updated chbind draft, it has already defined the mechanism for
two way communication and tunnel EAP draft just defined a TLV container to
carry the Channel binding data defined in Section 5.3, so we should be ok.
No change is needed on the tunnel EAP draft on this, other maybe called out
Section 5.3.


On 10/19/11 8:22 PM, Sam Hartman hartmans-i...@mit.edu wrote:

 Jim == Jim Schaad i...@augustcellars.com writes:
 Section 4.2.10 - How can I know if the server does or does not
 process  the channel binding TLV?  This may be part of my policy
 as a peer  depending on circumstances.
 
 [HZ] Currently, the Channel-binding TLV is an optional TLV,
 doesn't
  require
 acknowledgement, and is designed to be only one way, for client
 to send some channel binding data to the server for verification
 purpose. There is
 no
 feedback provided. The indication of whether the server supports
 channel- binding and/or validated the channel-binding could be
 conveyed in other TLVs to be added, if the WG agrees to be
 valuable.
 
 
 JimSam - do you see this as being an issue for abfab?
 
 
 It's an issue for EMU actually.
 See  Section 5.3 of draft-ietf-emu-chbind.
 Channel binding must be two-way and must follow the semantics of that
 section.
 
 And yes, draft-ietf-abfab-gss-eap depends on those semantics.

___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu