Re: [Emu] Notes on session resumption with TLS-based EAP methods

2019-02-22 Thread Arran Cudbard-Bell 

>  In my opinion, the document MUST give guidance for implementors and site 
> administrators:
> 
> * if resumption is used, the implementation MUST cache sufficient information 
> for the system to make appropriate policy decisions on resumption

Maybe something about not relying on the outer identity to apply any kind of 
autz policies?  Administrators may assume some kind of binding between the 
outer identity, the original session, and the resumed session, and assume it'll 
be consistent. In reality the user can provide any outer identity they like.

I know this is covered by the above point, but I feel it's worth documenting 
this case explicitly.

> * resumption MUST be rejected if no cached information is available, as we 
> have no idea what policies to apply

I'd argue if cached information is expected and non is available, resumption 
MUST be rejected.  For the majority of cases the security policies applied to 
the different TLS based EAP methods will be identical.

I agree with the rest of the points.

-Arran



signature.asc
Description: Message signed with OpenPGP
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Re: [Emu] Notes on session resumption with TLS-based EAP methods

2019-02-22 Thread Alan DeKok 
On Feb 22, 2019, at 2:46 AM, John Mattsson  wrote:
> 
> I think Section 2.2 of RFC 5216 do discuss this issue, but it does not 
> explicitly mention resumption. The text is also too soft. 

  I think that section discusses an entirely different issue, that has nothing 
to do with resumption.

> Suggestion to add to Section 2.2 of EAP-TLS 1.3
> 
> "The identity presented in the EAP-Response/Identity is unauthenticated 
> information, and SHALL NOT be used for access control or accounting purposes. 
> Note that this also applies to resumption."

  This text means that resumption is impossible in all practical networks.

  Why?  Because the user was originally authenticated via the credentials they 
provide: the certificate.  As per Section 2.2, any policies applied to that 
user are applied based on those credentials.

  When resumption happens, those credentials are not supplied.  The only ID 
provided is the EAP-Response/Identity, which systems are forbidden from 
trusting.

  So we now have resumption where we don't know the identity of who is 
resuming.  We don't know what policies were applied to them previously.  We 
don't know what policies to apply to them now.

  Therefore, any *practical* resumption is impossible.


  In my opinion, the document MUST give guidance for implementors and site 
administrators:

* if resumption is used, the implementation MUST cache sufficient information 
for the system to make appropriate policy decisions on resumption

* resumption MUST be rejected if no cached information is available, as we have 
no idea what policies to apply

* the document MUST discuss the use of EAP-TLS in other protocols such as PPP, 
PANA, RADIUS, and Diameter.  Just a mention that they exist is fine.

* These protocols MAY carry additional information about the user and/or the 
machine involved.e.g. MAC, switch IP, port, etc.

* When systems make policy decisions on that additional information, the 
systems MUST be aware that the additional information can be different between 
the original authentication and any resumption

* This difference creates a "Time of check, time of use" (TOCTOU) security 
issue with the policies.  i.e. The user can leverage the TOCTOU issue to get 
one policy applied for the original authentication, and a different policy 
applied for resumption.

* That difference allows users to exploit the system, and get access that they 
should not have.

* Implementations SHOULD add such information to the above cache for the 
session, so they can look for discrepancies between the original authentication 
and resumption

* where there are discrepancies, the resumption SHOULD be rejected.

  I don't understand why there's so little concern about people being able to 
PWN your network.  It's a disaster.

  We can't just paper over this issue.  It's a major security flaw that's 
designed into the protocol.  It needs to be addressed.

  Alan DeKok.

___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

[Emu] EAP-NOOB at the IETF 104 hackathon

2019-02-22 Thread Aleksi Peltonen 

Dear all,

My colleagues and I will be working on the EAP-NOOB protocol during the 
hackathon. Feel free to join our table!


Please find the project details below or in the hackathon wiki 
https://trac.ietf.org/trac/ietf/meeting/wiki/104hackathon.


 *
   Champions:
 o Aleksi Peltonen 
 o Eduardo Inglés Sánchez 
 o Tuomas Aura 
 *
   Project:
 o
   EAP-NOOB
 +
   EAP-NOOB is an EAP method where the authentication is based
   on a user-assisted out-of-band (OOB) channel between the
   server and peer.
 +
   It is intended as a generic bootstrapping solution for
   Internet-of-Things devices which have no pre-configured
   authentication credentials and which are not yet registered
   on the authentication server. Consider devices you just
   bought or borrowed.
 o
   Working open source implementation with wpa_supplicant and
   hostapd on github: https://github.com/tuomaura/eap-noob
 o
   During the hackathon we plan to work on the following:
 +
   Various bug fixes
 + Interop testing between implementations
 +
   Testing the code with new kinds of IoT devices and OOB
   channels such as audio
 +
   User experience in real deployment

Regards,
Aleksi
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu