draft-ietf-radext-dtls-00.txt   draft-ietf-radext-dtls-01.txt 
Network Working Group Alan DeKok Network Working Group Alan DeKok
INTERNET-DRAFT FreeRADIUS INTERNET-DRAFT FreeRADIUS
Category: Informational Category: Informational
<draft-ietf-radext-dtls-00.txt> <draft-ietf-radext-dtls-01.txt>
Expires: April 8, 2011 Expires: April 12, 2011
8 October 2010 12 October 2010
DTLS as a Transport Layer for RADIUS DTLS as a Transport Layer for RADIUS
draft-ietf-radext-dtls-00 draft-ietf-radext-dtls-01
Abstract Abstract
The RADIUS protocol [RFC2865] has limited support for authentication The RADIUS protocol [RFC2865] has limited support for authentication
and encryption of RADIUS packets. The protocol transports data "in and encryption of RADIUS packets. The protocol transports data "in
the clear", although some parts of the packets can have "hidden" the clear", although some parts of the packets can have "hidden"
content. Packets may be replayed verbatim by an attacker, and content. Packets may be replayed verbatim by an attacker, and
client-server authentication is based on fixed shared secrets. This client-server authentication is based on fixed shared secrets. This
document specifies how the Datagram Transport Layer Security (DTLS) document specifies how the Datagram Transport Layer Security (DTLS)
protocol may be used as a fix for these problems. It also describes protocol may be used as a fix for these problems. It also describes
skipping to change at page 1, line 46 skipping to change at page 1, line 46
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 8, 2011 This Internet-Draft will expire on April 12, 2011
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info/) in effect on the date of (http://trustee.ietf.org/license-info/) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
skipping to change at page 3, line 26 skipping to change at page 3, line 26
3.1. Protocol Disambiguation ............................. 9 3.1. Protocol Disambiguation ............................. 9
4. Connection Management .................................... 10 4. Connection Management .................................... 10
4.1. Server Connection Management ........................ 10 4.1. Server Connection Management ........................ 10
4.1.1. Table Management ............................... 10 4.1.1. Table Management ............................... 10
4.2. Client Connection Management ........................ 11 4.2. Client Connection Management ........................ 11
5. Processing Algorithm ..................................... 12 5. Processing Algorithm ..................................... 12
6. Diameter Considerations .................................. 14 6. Diameter Considerations .................................. 14
7. IANA Considerations ...................................... 14 7. IANA Considerations ...................................... 14
8. Security Considerations .................................. 14 8. Security Considerations .................................. 14
8.1. Legacy RADIUS Security .............................. 14 8.1. Legacy RADIUS Security .............................. 14
9. References ............................................... 15 8.2. Network Address Translation ......................... 15
9.1. Normative references ................................ 15 9. References ............................................... 16
9.2. Informative references .............................. 16 9.1. Normative references ................................ 16
9.2. Informative references .............................. 17
1. Introduction 1. Introduction
The RADIUS protocol as described in [RFC2865], [RFC2866], and The RADIUS protocol as described in [RFC2865], [RFC2866], and
[RFC5176] has traditionally used methods based on MD5 [RFC1321] for [RFC5176] has traditionally used methods based on MD5 [RFC1321] for
per-packet authentication and integrity checks. However, the MD5 per-packet authentication and integrity checks. However, the MD5
algorithm has known weaknesses such as [MD5Attack] and [MD5Break]. algorithm has known weaknesses such as [MD5Attack] and [MD5Break].
As a result, previous specifications such as [RFC5176] have As a result, previous specifications such as [RFC5176] have
recommended using IPSec to secure RADIUS traffic. recommended using IPSec to secure RADIUS traffic.
skipping to change at page 15, line 45 skipping to change at page 15, line 45
cryptographically secure pseudo-random number generator (CSPRNG). cryptographically secure pseudo-random number generator (CSPRNG).
For example, a reasonable key may be 32 characters of a SHA-256 hash For example, a reasonable key may be 32 characters of a SHA-256 hash
of at least 64 bytes of data taken from a CSPRNG. If this method of at least 64 bytes of data taken from a CSPRNG. If this method
seems too complicated, a certificate-based TLS method SHOULD be used seems too complicated, a certificate-based TLS method SHOULD be used
instead. instead.
The previous RADIUS practice of using shared secrets that are minor The previous RADIUS practice of using shared secrets that are minor
variations of words is NOT RECOMMENDED, as it would negate nearly all variations of words is NOT RECOMMENDED, as it would negate nearly all
of the security of DTLS. of the security of DTLS.
8.2. Network Address Translation
Network Address Translation (NAT) is fundamentally incompatible with
RADIUS. RADIUS uses the source IP address to determine the shared
secret for the client, and NAT hides many clients behind one source
IP address.
The migration flag described above in Section 3 is also tracked per
source IP address. Using a NAT in front of many RADIUS clients
negates the function of the flag, making it impossible to migrate
clients in a secure fashion.
In addition, port re-use on a NAT gateway means that packets from
different clients may appear to come from the same source port on the
NAT. That is, a RADIUS server may receive a RADIUS/DTLS packet from
a client IP/port combination, followed by the reception of a
RADIUS/UDP packet from that same client IP/port combination. If this
capability were allowed, it would permit a downgrade attack to occur,
and would negate all of the security added by RADIUS/DTLS.
As a result, RADIUS clients SHOULD NOT be located behind a NAT
gateway. If clients are located behind a NAT gateway, then a secure
transport such as DTLS MUST be used.
9. References 9. References
9.1. Normative references 9.1. Normative references
[RFC2865] [RFC2865]
Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote
Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000. Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000.
[RFC3539] [RFC3539]
Aboba, B. et al., "Authentication, Authorization and Accounting Aboba, B. et al., "Authentication, Authorization and Accounting
 End of changes. 5 change blocks. 
8 lines changed or deleted 33 lines changed or added

This html diff was produced by rfcdiff 1.40. The latest version is available from http://tools.ietf.org/tools/rfcdiff/