[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Issue] RFC 3576 Usage of Message-Authenticator

To: "'Bernard Aboba'" <aboba@internaut.com>, <radiusext@ops.ietf.org>
Subject: RE: [Issue] RFC 3576 Usage of Message-Authenticator
From: "Glen Zorn \(gwz\)" <gwz@cisco.com>
Date: Mon, 31 Jan 2005 11:59:51 -0800
In-reply-to: <Pine.LNX.4.56.0501281630001.12940@internaut.com>
Reply-to: <gwz@cisco.com>

Bernard Aboba <> supposedly scribbled:

> RFC 3576 calculation of the Request and Response Authenticator is
> modelled after RFC 2866 (RADIUS Accounting).  However, the
> Message-Authenticator attribute is not allowed in
Accounting-Request
> and Accounting-Response messages, because these messages do not
> contain a random Request Authenticator, as specified in RFC 3579:

> 
>       Message-Authenticator = HMAC-MD5 (Type, Identifier, Length,
>       Request Authenticator, Attributes)

The word "random" is not present in RFC 3579; therefore it's hard to
see how one can claim that a random Request Authenticator is
"specified" thereby.  Maybe a better phrase would be "tacitly
assumed by the authors"?  In any case, however, I agree that the use
of the accounting-style Request Authenticator in the generation of
the Message-Authenticator Attribute is probably inappropriate.

> 
> It therefore would appear that a Message-Authenticator attribute
is
> not allowed in CoA-Request, CoA-ACK, CoA-NAK, Disconnect-Request,
> Disconnect-ACK or Disconnect-NAK messages.  
> 
> This is contrary to the table in Section 3.2, which has the
following
> entry for both CoA and Disconnect messages: 
> 
>    Request   ACK      NAK   #   Attribute
>    0-1       0-1      0-1  80   Message-Authenticator
> 
> Proposed Resolution:
> 
> My proposal is that we submit an errata to RFC 3576, changing the
> "0-1" 
> entries to "0" entries.

Given the existence of the above-mentioned and undocumented
assumption in RFC 3579 and the effect that the absence of the
Message-Authenticator Attribute on the already less-than-stellar
security properties of RFC 3576, I think that more than just a
change in a table is required.  For example, the usage of the
Event-Timestamp for replay detection in 3576 would seem to be
weakened.  I really think that the assumption in RFC 3579 needs to
be laid bare; I'm not sure whether an erratum is sufficient for this
or if an applicability statement needs to be published.  

Hope this helps,

~gwz

Why is it that most of the world's problems can't be solved by
simply
  listening to John Coltrane? -- Henry Gabriel

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- RE: [Issue] RFC 3576 Usage of Message-Authenticator
  - From: Bernard Aboba <aboba@internaut.com>

References:
- [Issue] RFC 3576 Usage of Message-Authenticator
  - From: Bernard Aboba <aboba@internaut.com>

Prev by Date: Re: [Issue] RFC 3576 Usage of Message-Authenticator
Next by Date: RE: [Issue] RFC 3576 Usage of Message-Authenticator
Previous by thread: [Issue] RFC 3576 Usage of Message-Authenticator
Next by thread: RE: [Issue] RFC 3576 Usage of Message-Authenticator
Index(es):
- Date
- Thread