Re: Crypto-agility requirement and draft-zorn-radius-encattr/draft-zorn-radius-keywrap

[Alan DeKok <aland@nitros9.org>]

Bernard Aboba wrote:
> WIth DTLS, in the absence of DNSSEC, I think that an attacker in the
> middle could subvert the DTLS up-negotiation, so as to cause a client
> and server that support DTLS to negotiate plain RADIUS.

  Yes.  The failure cases for DTLS negotiation are:

  a) server doesn't support DTLS (and thinks it's a bad RADIUS packet)
  b) server is slow / down
  c) attacker is faking (a) or (b)

>  So some sort of
> policy pre-configuration is required (e.g. RADIUS server requires DTLS
> on these NASes).  With DNSSEC, it is possible to specify whether a
> NAS/Server supports DTLS in a DNS SRV RR, so it seems like protected
> negotiation would be possible.

  Yes.

  If the NAS has a static server certificate configured for DTLS, it can
assume that this means the server supports DTLS.  If the server accepts
"known" NASes by certificate rather than by IP, an attacker can start
many DTLS sessions.  This may DoS the server.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>