RE: Review of draft-zorn-radius-keywrap-07.txt

["Nelson, David" <dnelson@enterasys.com>]

> Just like existing RADIUS shared secrets, the KEK and MAC Key are
> hop-by-hop secrets.

It seems to me that hop-by-hop protection of encryption keys potentially
violates the following requirement of the Housely Criteria:

     Limit key scope

         Follow the principle of least privilege.  Parties MUST NOT have
         access to keying material that is not needed to perform their
         own role.  A party has access to a particular key if it has
         access to all of the secret information needed to derive it.

And possibly this requirement, as well:

     Authenticate all parties

         Each party in the AAA key management protocol MUST be
         authenticated to the other parties with whom it communicates.
         Authentication mechanisms MUST maintain the confidentiality of
         any secret values used in the authentication process.

There was a discussion at IETF-63 of whether the key-wrap in the Zorn
draft was hop-by-hop or end-to-end.  The answer was that it could be
either. The RADEXT session minutes read: "They are passed along the path
in the way they are set-up - may be hop-by-hop."

In speaking with Russ Housely on the key-wrap issues, Russ indicated
that it would need to be on an end-to-end basis.

BTW, the hop-by-hop key-wrap is also an issue with the key-wrap
attributes in the Aboba draft.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>