|
List Info
Thread: Re: TLS clarifications (Re: Ordered delivery of EAP messages)
|
|
| Re: TLS clarifications (Re: Ordered
delivery of EAP messages) |
 
United States |
2007-03-11 00:06:12 |
Yoshihiro Ohba wrote:
> Let's forget about DTLS and focus on TLS. I was
arguing that
> correctness and security are different things.
I understand this part. But, I am not sure the example
fits, but it
doesn't matter. I am glad to understand your position.  Thanks
for
explaining.
So, moving forward from here, let's consider a question
along the lines
Avi has been asking, (note: this may not exactly be the
question he asked)
Do EAP methods require in-order delivery to support any of
their
security properties?
I think yes; for example, TTLS would need in-order delivery
for
"Replay protection: Yes"
in Section 9 of draft-funk-eap-ttls-v1-01.
Thoughts?
Lakshminath
>
> If TLS are used over unreliable transport, of course it
is not
> possible for TLS to maintain implicit sequence number.
Without
> reliable transport implicit sequence number would not
work if loss or
> out-of-order delivery of TLS records happens and *even
if there is no
> attacker*. That is why I think that reliable transport
is needed for
> TLS to make implicit sequence number work *correctly*
so that it is
> used for *security*. Maybe we are talking about the
same thing in
> different ways.
>
> Yoshihiro Ohba
>
> On Sat, Mar 10, 2007 at 09:08:42PM -0800, Lakshminath
Dondeti wrote:
>> Yoshihiro Ohba wrote:
>>> On Sat, Mar 10, 2007 at 02:37:11AM -0800,
Lakshminath Dondeti wrote:
>>>> TLS requires reliable transport for replay
protection. (I guess Bernard
>>>> was trying to get at this in another
context in this thread)
>>> TLS requires reliable transport for implicit
sequence number to work
>>> for replay protection.
>> Right, that's what I was getting at.
>>
>>> But this does not mean replay attack is
>>> possible if TLS is run over unreliable
transport.
>> How is the sequence number maintained in that case?
Are you saying that
>> we might use an explicit sequence number as in
DTLS? But, we are not
>> discussing DTLS, are we?
>>
>> What am I missing?
>>
>> thanks,
>> Lakshminath
>>
>> PS: To Avi's question, I was thinking in case of
PEAP and TTLS if the
>> EAP layer cannot guarantee in-order reliable
delivery, how else do the
>> endpoints maintain sequence numbers? If there is
no other way, we can
>> conclude that PEAP and TTLS require in-order
reliable delivery for one
>> of its security guarantees.
>>
>>> Yoshihiro Ohba
>>>
>
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.
frascone.com/pipermail/eap
|
|
| Re: TLS clarifications (Re: Ordered
delivery of EAP messages) |
United States |
2007-03-11 08:26:27 |
On Sat, Mar 10, 2007 at 10:06:12PM -0800, Lakshminath
Dondeti wrote:
>
> Do EAP methods require in-order delivery to support any
of their
> security properties?
>
> I think yes; for example, TTLS would need in-order
delivery for
> "Replay protection: Yes"
> in Section 9 of draft-funk-eap-ttls-v1-01.
We can ask ourselves a question similar to Avi's here: can
attacker
succeed a replay attack on TTLS without in-order delivery?
I believe
the answer is no. Instead, TTLS session would be
terminated
immediately when a replayed TLS record is received. Note
that this
session termination due to an active attacker could happen
even if
transport is reliable.
Yoshihiro Ohba
>
> Thoughts?
>
> Lakshminath
>
> >
> >If TLS are used over unreliable transport, of
course it is not
> >possible for TLS to maintain implicit sequence
number. Without
> >reliable transport implicit sequence number would
not work if loss or
> >out-of-order delivery of TLS records happens and
*even if there is no
> >attacker*. That is why I think that reliable
transport is needed for
> >TLS to make implicit sequence number work
*correctly* so that it is
> >used for *security*. Maybe we are talking about
the same thing in
> >different ways.
> >
> >Yoshihiro Ohba
> >
> >On Sat, Mar 10, 2007 at 09:08:42PM -0800,
Lakshminath Dondeti wrote:
> >>Yoshihiro Ohba wrote:
> >>>On Sat, Mar 10, 2007 at 02:37:11AM -0800,
Lakshminath Dondeti wrote:
> >>>>TLS requires reliable transport for
replay protection. (I guess
> >>>>Bernard was trying to get at this in
another context in this thread)
> >>>TLS requires reliable transport for
implicit sequence number to work
> >>>for replay protection.
> >>Right, that's what I was getting at.
> >>
> >>>But this does not mean replay attack is
> >>>possible if TLS is run over unreliable
transport.
> >>How is the sequence number maintained in that
case? Are you saying that
> >>we might use an explicit sequence number as in
DTLS? But, we are not
> >>discussing DTLS, are we?
> >>
> >>What am I missing?
> >>
> >>thanks,
> >>Lakshminath
> >>
> >>PS: To Avi's question, I was thinking in case
of PEAP and TTLS if the
> >>EAP layer cannot guarantee in-order reliable
delivery, how else do the
> >>endpoints maintain sequence numbers? If there
is no other way, we can
> >>conclude that PEAP and TTLS require in-order
reliable delivery for one
> >>of its security guarantees.
> >>
> >>>Yoshihiro Ohba
> >>>
> >
>
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.
frascone.com/pipermail/eap
|
|
| Re: TLS clarifications (Re: Ordered
delivery of EAP messages) |
United States |
2007-03-11 08:26:27 |
On Sat, Mar 10, 2007 at 10:06:12PM -0800, Lakshminath
Dondeti wrote:
>
> Do EAP methods require in-order delivery to support any
of their
> security properties?
>
> I think yes; for example, TTLS would need in-order
delivery for
> "Replay protection: Yes"
> in Section 9 of draft-funk-eap-ttls-v1-01.
We can ask ourselves a question similar to Avi's here: can
attacker
succeed a replay attack on TTLS without in-order delivery?
I believe
the answer is no. Instead, TTLS session would be
terminated
immediately when a replayed TLS record is received. Note
that this
session termination due to an active attacker could happen
even if
transport is reliable.
Yoshihiro Ohba
>
> Thoughts?
>
> Lakshminath
>
> >
> >If TLS are used over unreliable transport, of
course it is not
> >possible for TLS to maintain implicit sequence
number. Without
> >reliable transport implicit sequence number would
not work if loss or
> >out-of-order delivery of TLS records happens and
*even if there is no
> >attacker*. That is why I think that reliable
transport is needed for
> >TLS to make implicit sequence number work
*correctly* so that it is
> >used for *security*. Maybe we are talking about
the same thing in
> >different ways.
> >
> >Yoshihiro Ohba
> >
> >On Sat, Mar 10, 2007 at 09:08:42PM -0800,
Lakshminath Dondeti wrote:
> >>Yoshihiro Ohba wrote:
> >>>On Sat, Mar 10, 2007 at 02:37:11AM -0800,
Lakshminath Dondeti wrote:
> >>>>TLS requires reliable transport for
replay protection. (I guess
> >>>>Bernard was trying to get at this in
another context in this thread)
> >>>TLS requires reliable transport for
implicit sequence number to work
> >>>for replay protection.
> >>Right, that's what I was getting at.
> >>
> >>>But this does not mean replay attack is
> >>>possible if TLS is run over unreliable
transport.
> >>How is the sequence number maintained in that
case? Are you saying that
> >>we might use an explicit sequence number as in
DTLS? But, we are not
> >>discussing DTLS, are we?
> >>
> >>What am I missing?
> >>
> >>thanks,
> >>Lakshminath
> >>
> >>PS: To Avi's question, I was thinking in case
of PEAP and TTLS if the
> >>EAP layer cannot guarantee in-order reliable
delivery, how else do the
> >>endpoints maintain sequence numbers? If there
is no other way, we can
> >>conclude that PEAP and TTLS require in-order
reliable delivery for one
> >>of its security guarantees.
> >>
> >>>Yoshihiro Ohba
> >>>
> >
>
--
to unsubscribe send a message to radiusext-request ops.ietf.org with
the word 'unsubscribe' in a single line as the message text
body.
archive: <http://psg.com/li
sts/radiusext/>
____________________________________________________________
__________
This email has been scanned by the MessageLabs Email
Security System.
For more information please visit http://www.messagela
bs.com/email
____________________________________________________________
__________
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.
frascone.com/pipermail/eap
|
|
| Re: TLS clarifications (Re: Ordered
delivery of EAP messages) |
United States |
2007-03-11 08:26:27 |
On Sat, Mar 10, 2007 at 10:06:12PM -0800, Lakshminath
Dondeti wrote:
>
> Do EAP methods require in-order delivery to support any
of their
> security properties?
>
> I think yes; for example, TTLS would need in-order
delivery for
> "Replay protection: Yes"
> in Section 9 of draft-funk-eap-ttls-v1-01.
We can ask ourselves a question similar to Avi's here: can
attacker
succeed a replay attack on TTLS without in-order delivery?
I believe
the answer is no. Instead, TTLS session would be
terminated
immediately when a replayed TLS record is received. Note
that this
session termination due to an active attacker could happen
even if
transport is reliable.
Yoshihiro Ohba
>
> Thoughts?
>
> Lakshminath
>
> >
> >If TLS are used over unreliable transport, of
course it is not
> >possible for TLS to maintain implicit sequence
number. Without
> >reliable transport implicit sequence number would
not work if loss or
> >out-of-order delivery of TLS records happens and
*even if there is no
> >attacker*. That is why I think that reliable
transport is needed for
> >TLS to make implicit sequence number work
*correctly* so that it is
> >used for *security*. Maybe we are talking about
the same thing in
> >different ways.
> >
> >Yoshihiro Ohba
> >
> >On Sat, Mar 10, 2007 at 09:08:42PM -0800,
Lakshminath Dondeti wrote:
> >>Yoshihiro Ohba wrote:
> >>>On Sat, Mar 10, 2007 at 02:37:11AM -0800,
Lakshminath Dondeti wrote:
> >>>>TLS requires reliable transport for
replay protection. (I guess
> >>>>Bernard was trying to get at this in
another context in this thread)
> >>>TLS requires reliable transport for
implicit sequence number to work
> >>>for replay protection.
> >>Right, that's what I was getting at.
> >>
> >>>But this does not mean replay attack is
> >>>possible if TLS is run over unreliable
transport.
> >>How is the sequence number maintained in that
case? Are you saying that
> >>we might use an explicit sequence number as in
DTLS? But, we are not
> >>discussing DTLS, are we?
> >>
> >>What am I missing?
> >>
> >>thanks,
> >>Lakshminath
> >>
> >>PS: To Avi's question, I was thinking in case
of PEAP and TTLS if the
> >>EAP layer cannot guarantee in-order reliable
delivery, how else do the
> >>endpoints maintain sequence numbers? If there
is no other way, we can
> >>conclude that PEAP and TTLS require in-order
reliable delivery for one
> >>of its security guarantees.
> >>
> >>>Yoshihiro Ohba
> >>>
> >
>
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.
frascone.com/pipermail/eap
--
to unsubscribe send a message to radiusext-requestops.ietf.org with
the word 'unsubscribe' in a single line as the message text
body.
archive: <http://psg.com/li
sts/radiusext/>
|
|
[1-4]
|
|