Re: [abfab] Comments on draft-lear-abfab-arch-02

Mon, 02 May 2011 05:46:32 -0700 

>>>>> "Jim" == Jim Schaad <[email protected]> writes:


    Jim> 3.  RP to IdP channel - This is the weakest of the
    Jim> communication channels in terms of authentication and security.
    Jim> Most of these hops are going to be point-to-point and anybody
    Jim> in the middle can play with the data that is being transferred
    Jim> in either direction.  The base architecture is responsible for
    Jim> providing any authentication assurances between the RP and the
    Jim> IdP.  All authentication is fully established prior to the EAP
    Jim> conversation between the client and the IdP.

Note that with RADSEC this may be much stronger than you describe.
In particular you can have a one-hop mutually authenticated channel
between the RP and IDP if your deployment architecture has a suitable
PKI and you do not require intermediate nodes.

Going quite that far is not something Moonshot is focusing on: we expect
that at least one intermediate within the RP organization will be
required for our deployments.
However I believe ABFAB should support this deployment.

    Jim> 4. Client to IdP - This is the EAP channel.  It has the
    Jim> strongest mutual authentication between that exists.  We have
    Jim> stated that the IdP is responsible during this processing to
    Jim> determine that the RP that is communication to the client over
    Jim> channel #3 (Rp to IdP) and the one talking between the client
    Jim> the RP (channel #1?) are going to be the same entity as the
    Jim> client provides the IdP it's version of the RP name during the
    Jim> EAP conversation.  Thus it needs to reconcile the name forms
    Jim> between channel #1 and channel #3 during this authentication
    Jim> process.

No it reconciles names from channel #2 (GSS) with channel #3 (RP to
IDP).

Channel #1 may not exist. If channel #1 exists channel #2 is responsible
for reconciling channel #1 and channel #2.
The IDP never knows about channel #1.

    Jim> At this point channel #2 and channel #4 are known to have
    Jim> cryptographic protections.  Channel #1 and channel #3 may or
    Jim> may not have cryptographic protections.  We need to specify
    Jim> what level of services are provided in these channels and how
    Jim> important those services are.

we assume that channel #3 provides integrity and while this assumption
is unrealistic in some deployments we assume that channel #3 provides
confidentiality of the MSK.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab

Reply via email to