[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Password-based user authentication with Netconf over TLS

To: Phil Shafer <phil@juniper.net>
Subject: Re: Password-based user authentication with Netconf over TLS
From: Mohamad Badra <badra@isima.fr>
Date: Tue, 11 Dec 2007 10:42:23 +0100
Cc: charliek@exchange.microsoft.com, dromasca@avaya.com, netconf@ops.ietf.org
In-reply-to: <200712110322.lBB3MEPl044415@idle.juniper.net>
References: <200712110322.lBB3MEPl044415@idle.juniper.net>
User-agent: Thunderbird 1.5.0.13 (Windows/20070809)

Hi Phil,

Phil Shafer writes :

badra@isima.fr writes:

RFC4279 supports authentication based on pre-shared keys (PSKs). These
pre-shared keys are symmetric keys, shared in advance among the
communicating parties.


I'm not a security dude, but just wanted to confirm that this is a
new pre-shared key per user, and the normal CLI passwords will not
be usable in this scheme, given that the passwords are not stored
on the router (or anywhere else), rather the salted or hashed version
of the password is stored, ala unix.  Deploying new PSKs will be
an impediment to deployment.

So what about using the stored hash or about replacing the password withthe hash version as shown in the following formula?


PSK = SHA-1(stored-hash + "Key Pad for Netconf" + psk_identity_hint)

Also: what is the impact of section 7.3 of rfc4279?

  7.3.  Identity Privacy

   The PSK identity is sent in cleartext.  Although using a user name or
   other similar string as the PSK identity is the most straightforward
   option, it may lead to problems in some environments since an
   eavesdropper is able to identify the communicating parties.  Even
   when the identity does not reveal any information itself, reusing the
   same identity over time may eventually allow an attacker to perform
   traffic analysis to identify the parties.  It should be noted that
   this is no worse than client certificates, since they are also sent
   in cleartext.

Does this mean we'll be announcing our netconf users' information
to would-be crackers?  Is this identity as in "phil" or something
else?

The traffic analysis by here means that an intruder can learn who isreaching the network, when, and from where, and hence can correlate theuser identity to the connection location.

RFC4279 does not provide credentials protection and then any inforelated to the user identity is sent in clear text. However TLSrenegotiation (re-handshake) implements a way to avoid sending the useridentity and credentials in clear text: doing a TLS Handshake with onlyserver authentication, and then a second authentication with mutualauthentication (all second handshake messages are sent encrypted).


Best regards,
--
Mohamad Badra
CNRS - LIMOS Laboratory


--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

References:
- Re: RE: Password-based user authentication with Netconf over TLS
  - From: Phil Shafer <phil@juniper.net>

Prev by Date: Re: RE: Password-based user authentication with Netconf over TLS
Next by Date: schema discovery
Previous by thread: Re: RE: Password-based user authentication with Netconf over TLS
Next by thread: schema discovery
Index(es):
- Date
- Thread