> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Katrin Höper > Sent: Friday, October 31, 2008 8:22 AM > To: emu@ietf.org > Subject: [Emu] Review of Requirements for a Tunnel Based EAP Method > > Hi, > > I have problems with some of the cryptographic binding claims > in the curent document (draft-ietf-emu-eaptunnel-req-00.txt) > and would like to discuss them on the list. > Basically it is about claiming cryptographic bindings for > MitM protection even if the inner method(s) does not derive keys. > > Section 3.1 Password Authentication > "The tunnel method MUST meet this use case. However, it MUST > NOT expose the username and password to untrusted parties and > it MUST provide protection against man-in-the-middle and > dictionary attacks." > > KH: How is the last MUST possible? The considered password > authentication methods typically do not derive keying > material. As result, the cryptographic binding key has only > the tunnel key as input, i.e. no actual binding is provided. > Consequently, MitM attacks are still feasible. > The only way to ensure that MitM attacks are prevented for > inner method that do NOT derive keys is to enforce a policy > that does not allow those EAP methods to be executed outside > a tunnel. However, this is a policy and cannot be ensured by > a tunnel-based EAP method itself. > [Joe] What we want to say is that the tunnel itself MUST provide MitM protection and MUST not weaken any MitM protection provided by an inner method.
> Section 3.2 Protect Weak EAP Methods > "The tunnel method MUST support protection of weak inner > methods and protect against man-in-the-middle attacks > associated with tunneled authentication." > > KH:Same comment as above. If the EAP methods does not derive > a key -> no binding takes place. If the key exchange is weak > and can be broken by an MitM during the protocol execution, > the attack still succeeds. > Again only enforcing a security policy can prevent these attacks. > [Joe] Same text as above. Protection from MitM offered by the tunnel method combined with an inner method MUST NOT be worse than the inner method run outside the tunnel. > I don't know how to address this problem since a candidate > tunnel method cannot enforce policies. > However, the MUST statements cannot be met as stated in the > current draft. > > Any thoughts??? > > Regards, > Katrin > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu > _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
