Presumably, a crypto-agility solution would provide authentication/integrity protection for every packet, including Access-Requests.
However, this would still allow an Access-Request to be replayed.
RFC 5176 Section 6.3 has a discussion of replay protection, which would seem to apply here. Basically, that section talks about either using transmission layer security for replay protection, or including an Event-Timestamp attribute.
IMHO, one way to address this portion of Pasi's review would be to require that solutions support replay-protection for every packet.
From: bernard_aboba@hotmail.com
To: radiusext@ops.ietf.org
Subject: Crypto-agility requirements: Replay protection concern
Date: Sun, 28 Jun 2009 13:59:48 -0700
Replay protection:
Section 4.2 says "Proposals MUST support replay protection. The
existing mechanisms for replay protection are considered adequate and
should be maintained." I think the latter sentence needs some
clarification. If the intent is to say replay protection provided by
the current mechanisms (i.e., basically none for Access-Request
messages) is good enough, I would disagree with that (or at least
would expect to see an explanation why that's the case for
Access-Requests). If the intent is something else, the text needs
to be clearer.
|