[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: digest-auth negotiation issue

To: "Beck01, Wolfgang" <BeckW@t-systems.com>
Subject: Re: digest-auth negotiation issue
From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Wed, 11 Jan 2006 00:33:26 +0100 (CET)
Cc: radiusext@ops.ietf.org
In-reply-to: <97A461F3EE5284469E41ED3728202F41121F1A@S4DE9JSAAMW.ost.t-com.de>
References: <97A461F3EE5284469E41ED3728202F41121F1A@S4DE9JSAAMW.ost.t-com.de>

On Mon, 9 Jan 2006, Beck01, Wolfgang wrote:

RADIUS client configuration
A RADIUS client choosing nonces has to maintain some configuration datafor each RADIUS server it may send requests to: - the algorithms (MD5,MD5-sess, etc) supported by the RADIUS server

Indeed. It isn't too unlikely there will be radius servers only supportingMD5-sess, and additionally only in scenario 2 mode of operations. Thiswould be due to second level user directory integration requirements wherethe radius server itself can not get raw access to the MD5 H(A1) as it israther security sensitive piece of information, only session hashescoupled with a unique sesson nonce generated by the user directoryservice.

- the quality of protection (qop) levels supported by the RADIUS serverThis configuration may be done manually or by protocols not covered inthis document.

auth vs auth-int is mainly a property of the RADIUS client, not the RADIUSserver. Having this decided by the RADIUS server in either mode would be abit odd. But indeed possible in scenario 2 mode operations.

What is missing here is to clarify that in both cases the client shouldinclude a Digest-Qop attribute in the first message (or to be precise allmessages) indicating which of auth or auth-int is desired. If notspecified auth is assumed. The radius server MAY override the clientwishes, but it can not be expected that all clients supports auth-int.

can we add this without starting a new round of Last Calls?

Hope so.

Proposal 2:

remove scenario 1 from the draft, go back to WGLC

Hmm.. can't really make up my mind on this one. It is a quite usefuloptimization of the protocol, in lack of useable MD5-sess sessionsupport..

But at the same time it's a quite dangerous mode of operation if addingMD5-sess session support as it could allow theft of the session hash viaanother authorized RADIUS client.

Additionally scenario 1 mode of operations have a minor security issue inthat it allows for probing to verify if the password is still the same bysimply replaying the exact same digest message, provided one has gainedauthorization to talk to the RADIUS server directly.

Additionally the strength of the Digest hashing as such is also partly aproperty of the how well the RADIUS client chooses it's nonces in thismode of operation.. If the client is really poorly implemented and onlyselects between a small set of nonces it could make Digest open to replayattacks, no matter how good the RADIUS server implementation is. But theopposite is also true in that in scenario 2 the client can not choosestronger nonces if it is found the RADIUS server is poorly implemented...

Regards
Henrik

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: digest-auth negotiation issue
  - From: "Alan DeKok" <aland@ox.org>

References:
- digest-auth negotiation issue
  - From: "Beck01, Wolfgang" <BeckW@t-systems.com>

Prev by Date: Diameter Maintanence & Extensions WG mailing lis
Next by Date: Re: digest-auth negotiation issue
Previous by thread: digest-auth negotiation issue
Next by thread: Re: digest-auth negotiation issue
Index(es):
- Date
- Thread