Re: [Emu] Notes on session resumption with TLS-based EAP methods

[John Mattsson]

 Alan DeKok <al...@deployingradius.com>;; wrote:

 >This security bug was completely missed in RFC 5216.  This new draft should 
 >rectify that error.
>
 >i.e. using an NAI of "example.org" in the first session, and "example.com" in 
 >the second session.
>
 >Not only is this entirely permitted by the current spec, it's not even 
 >discussed as an issue.  And it means that the protocol is open to a large 
 >number of time of use, time of check" security bugs which could cause serious 
 >breaches of networks.

I think Section 2.2 of RFC 5216 do discuss this issue, but it does not 
explicitly mention resumption. The text is also too soft. 

----------------
 2.2.  Identity Verification

   As noted in Section 5.1 of [RFC3748]:

      It is RECOMMENDED that the Identity Response be used primarily for
      routing purposes and selecting which EAP method to use.  EAP
      Methods SHOULD include a method-specific mechanism for obtaining
      the identity, so that they do not have to rely on the Identity
      Response.

   As part of the TLS negotiation, the server presents a certificate to
   the peer, and if mutual authentication is requested, the peer
   presents a certificate to the server.  EAP-TLS therefore provides a
   mechanism for determining both the peer identity (Peer-Id in
   [KEYFRAME]) and server identity (Server-Id in [KEYFRAME]).  For
   details, see Section 5.2.

   Since the identity presented in the EAP-Response/Identity need not be
   related to the identity presented in the peer certificate, EAP-TLS
   implementations SHOULD NOT require that they be identical.  However,
   if they are not identical, the identity presented in the EAP-
   Response/Identity is unauthenticated information, and SHOULD NOT be
   used for access control or accounting purposes.
----------------

Suggestion to add to Section 2.2 of EAP-TLS 1.3

"The identity presented in the EAP-Response/Identity is unauthenticated 
information, and SHALL NOT be used for access control or accounting purposes. 
Note that this also applies to resumption."

/John

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu