Automatic IETF Minutes

Markdown Version | Session Recording

Session Date/Time: 26 Jul 2024 20:00

# radext

## Summary

The radext working group session at IETF 120 covered several topics including a presentation on a new MD5 collision attack against RADIUS, discussion of the RADIUS over DTLS draft, updates on other working group documents, and a discussion on potential new work. The main focus was on addressing the security implications of the MD5 attack and progressing the DTLS draft towards working group last call, with emphasis on resolving open issues such as server identity and channel binding.

## Key Discussion Points

*   **RADIUS Blast Attack (MD5 Collision):**
    *   Nadia Heninger and Miro Haller presented a new MD5 collision attack that allows forging RADIUS responses for non-EAP authentication modes.
    *   The attack exploits the response authenticator mechanism and the `Proxy-State` attribute to inject malicious data.
    *   Short-term mitigation is to always use the Message Authenticator Attribute (HMAC-MD5).
    *   Long-term solution is to migrate to RADIUS over TLS.
*   **RADIUS over DTLS:**
    *   Janfred discussed the RADIUS over DTLS draft, highlighting open issues, including the definition of server identity in the context of RADIUS proxies.
    *   A key point of discussion was whether to add channel binding (crypto binding) to the DTLS handshake to prevent man-in-the-middle attacks and ensure the RADIUS data is bound to the TLS session.
    *   The group agreed that the recent "selfie" attack needed to be addressed.
    *   It was also agreed the group must enumerate all open issues and find a proposed resolution for them.
*   **Deprecating Insecure Practices:**
    *   Alan presented on deprecating insecure RADIUS practices, including UDP transport, PAP/MS-CHAP, and the use of MD5.
    *   He highlighted the ongoing security issues with RADIUS, particularly the lack of authentication and authorization for RADIUS servers within a trusted framework.
*   **ALPN:**
    *   Alan reported that ALPN radius support draft is ready. Waiting for Paul to review.
*   **TLSPSK:**
    *   Minor changes since IETF-119.
    *   Document seems close to ready, barring the need to make changes due to the "selfie" attack.

## Decisions and Action Items

*   **DTLS Draft:**
    *   **Action Item:** Janfred to enumerate all the open issues on the document and proposed the resolution.
    *   **Action Item:** Form a small group to help with that enumeration and proposed resolution.
    *   **Action Item:** Janfred to write to the Utah mailing list with specific questions to encourage review of the crypto portions of the doc.
    *   **Action Item:** Schedule an interim meeting to address these outstanding DTLS issues.
*   **5G Authentication:**
    *   **Action Item:** Shri to send a message to the mailing list summarizing the 5G Authentication draft and soliciting feedback on whether to adopt it as working group work. This message should include the problem statement and proposed solution.
*   **TLSPSK:**
    *   **Action Item:** Incorporate review comments in the TLSPSK draft.

## Next Steps

*   Janfred will send a message to the Radext mailing list to discuss the proposed interim meeting for the DTLS draft and to kick off the process of enumerating open issues.
*   Shri will send a message to the Radext mailing list with a summary of the 5G authentication draft.
*   Continue discussions on the Radext mailing list regarding channel binding and other security considerations for RADIUS over TLS/DTLS.