[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Reminder: automated key management is often required for new protocols
Bernard Aboba wrote:
> I think you mean "distribution of long-term credentials" here. In
> (D)TLS the session keys are are fresh for each session (via the use of
> client.random and server.random).
Sure. RFC 4107 calls them "long term session keys", but they're long
term credentials in the context of RADIUS.
> Even if TLS-PSK is used and the PSKs are re-used across client-server
> pairs (e.g. RADIUS shared secret practices are replicated in TLS-PSK),
> the session keys would still be likely to be temporally and globally
> unique, due to the (D)TLS freshness functionality.
Yes.
> It might help to articulate the threat model a bit. Are we worried about
> an offline dictionary attack on the PSK or its precursor, or are we
> worried about temporal or global uniqueness of the TLS master secret?
An offline dictionary attack on the PSK or its precursor.
The simplest way to avoid that is to suggest the use of certificates.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>