[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-dekok-radext-dtls-02 comments

To: 'radext mailing list' <radiusext@ops.ietf.org>
Subject: draft-dekok-radext-dtls-02 comments
From: Peter Deacon <peterd@iea-software.com>
Date: Mon, 22 Mar 2010 13:28:28 -0700 (Pacific Daylight Time)
In-reply-to: <4BA799A3.4060308@deployingradius.com>
References: <4BA799A3.4060308@deployingradius.com>
User-agent: Alpine 2.00 (WNT 1167 2008-08-23)

Sec 8.1 -

"The previous RADIUS practice of using shared secrets that are minor
   variations of words is NOT RECOMMENDED, as it would negate nearly all
   of the security of DTLS."

I think any statements WRT secret key strength should to be generalizedand take into account the properties of the underlying PSK suite as somesystems may or may not be subject to offline attack.


"Any shared
   secret used for RADIUS MUST NOT be used for DTLS.  Reusing a shared
   secret between RADIUS and DTLS would negate all of the benefits found
   by using DTLS."

I wonder if a more general warning about the possibility ofdown-negotiation would be a better fit. I can see the same conceptapplying to administrative selection of cipher-suites.


Sec 4.1.1 -

"Where the RADIUS specifications require that a
   RADIUS packet received via the DTLS session is to be "silently
   discarded", the entry in the tracking table corresponding to that
   DTLS session MUST also be deleted, the DTLS session MUST be closed,
   and any TLS session resumption parameters for that session MUST be
   discarded."

Why is this still done when DTLS is used for a transport? IIRC in the TCPmapped drafts this was done to mitigate possibility of loss of protocolsynchronization - not possible WRT DTLS.

My concern as with the TCP map is silently discarded messages can takedown other unrelated exchanges. The inner RADIUS should speak up whilethe transport is being established if there is no intention on honoringthe established channel.

There is an additional concern in that DTLS closure messages have noretransmission timers and are not guaranteed to be delivered. When thisoccurs future messages will be discarded by the peers DTLS stack until theclients "lifetime" timer expires and the DTLS session is reestablished.


Sec 4.2 -

"RDTLS clients SHOULD NOT send both normal RADIUS and RDTLS packets
   from the same source socket."

" and increases the potential for
   security breaches due to implementation issues."

WRT security only it seems to me servers must know better if notexplicitly forbidden whether this is done or not. Encouraging (changeSHOULD NOT to MAY) can only shine light on the issue and forceimplementors to address appropriately.


regards,
Peter

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: draft-dekok-radext-dtls-02 comments
  - From: Alan DeKok <aland@deployingradius.com>

References:
- [Fwd: New Version Notification for draft-dekok-radext-dtls-02]
  - From: Alan DeKok <aland@deployingradius.com>

Prev by Date: [Fwd: New Version Notification for draft-dekok-radext-dtls-02]
Next by Date: Re: draft-dekok-radext-dtls-02 comments
Previous by thread: [Fwd: New Version Notification for draft-dekok-radext-dtls-02]
Next by thread: Re: draft-dekok-radext-dtls-02 comments
Index(es):
- Date
- Thread