[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issue: draft-ietf-radext-digest-auth-06.txt Digest MD5-sess

To: radiusext@ops.ietf.org
Subject: Re: Issue: draft-ietf-radext-digest-auth-06.txt Digest MD5-sess
From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Thu, 29 Dec 2005 23:22:51 +0100 (CET)
In-reply-to: <a4ba2af60512291153w6256bb6ckd2186a12ff5ba27@mail.gmail.com>
References: <BAY106-F2669B0D63DE4F1C2EA72D693290@phx.gbl> <a4ba2af60512291153w6256bb6ckd2186a12ff5ba27@mail.gmail.com>

On Thu, 29 Dec 2005, Jo Hermans wrote:

I've implemented a scheme like this before, and will have to do soon
again (both in VOIP applications), but only when there was a strong
trust relationship between the radius client and the server, and only
to improve authentication-latency. There are serious security
implications caused by this. The transport can be protected with
IPSEC, and/or the attribute can be additionally encrypted or signed to
prevent snooping or spoofing. But that's not enough.


In this regard it's no different than qop=auth-int in my view.

It should not be used together with MD5, since A1 is then
"user:password:realm", and this makes it too easy to use in later
authentications. MD5-sess is better, but the RADIUS-server can't know
how long the client is planning to use this session-key. Too bad we
can't use hashes that are only valid for a certain time.


Granted, and is why my message was about MD5-sess only, and worded
carefully to restrict it to MD5-sess only.

Regarding session time, in setups using session authentication this isgenerally configured in the access server today anyway. The Radiusauthentication is for authenticating the session as such, not theindividual requests. Digest as such already protects from replay attacsthanks to the nonce count (which any decent Digest implementation shouldtrack carefully), so the only real security threat here is eavesdroppingof the MD5-sess hash between the RADIUS client and server as this couldallow for session theft. This is no different from the qop=auth-int casealready covered by the draft

Exception to the above: The combination of qop=auth-int +algorithm=MD5-sess and a Radius server (or client depending on mode ofoperation) only allowing a single request per nonce implicitly blocks anyreplay attacks thanks to the per request randomisation of the MD5-sessH(A1).

Although it can be a good improvement in latency, I don't think that
we should standardize this.

Any reasons besides the security implications which already exists inqop=auth-int exchanges of Digest-HA1?

Small sidenote fact: The RADIUS client can already gain access to what isrequired for MD5-sess session based authentication by faking the digestRADIUS request using qop=auth-int even if qop=auth is used in thecommunication to the end user agent. As this delegates the responsibilityof creating the Digest-Response to the RADIUS client it is able to modifythe qop (and even MD5/MD5-sess) to it's liking. The proposed change inwording only makes this support more explicitly visible without having tomodify the digest parameters while talking to the RADIUS server to workaround the restrictions in the draft..


Regards
Henrik

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- Issue: draft-ietf-radext-digest-auth-06.txt Digest MD5-sess
  - From: "Bernard Aboba" <bernard_aboba@hotmail.com>
- Re: Issue: draft-ietf-radext-digest-auth-06.txt Digest MD5-sess
  - From: Jo Hermans <jo.hermans@gmail.com>

Prev by Date: Re: Issue: draft-ietf-radext-digest-auth-06.txt Digest MD5-sess
Next by Date: Re: Issue: draft-ietf-radext-digest-auth-06.txt Digest MD5-sess
Previous by thread: Re: Issue: draft-ietf-radext-digest-auth-06.txt Digest MD5-sess
Index(es):
- Date
- Thread