On Sep 19, 2024, at 8:27 PM, Hilarie Orman via Datatracker <noreply@xxxxxxxx> wrote: > This is specious reasoning about the security of symmetric keys when > used for authentication: >> RADIUS has used shared secrets for thirty years, >> and this vulnerability has not been known to be exploited. As such, >> we believe that this known issue is acceptable for TLS-PSK. > It's not just an "issue", it's a risk, and there must be a more > substantial justification than a belief bolstered by vacuity. The risk isn't limited to the use of TLS-PSK in RADIUS. So I'm unsure if this is a comment directed towards TLS-PSK in general, or towards the use of it in RADIUS. If TLS-PSK has inherent unacceptable risks, then I have to ask why it was standardized already. > Perhaps the fact that the keys are shared in a "internal / secure" > network sufficiently mitigates the risk? Other measures as well? The document already says: ... servers SHOULD NOT permit TLS-PSK to be used across the wider Internet. The intent for TLS-PSK is for it to be used in internal / secured networks, where clients come from a small number of known locations. In contrast, certificates can be generated and assigned to clients without any interaction with the RADIUS server. Therefore if the RADIUS server needs to accept connections from clients at unknown locations, a more secure method is to use client certificates. Is that insufficient? What more would be needed? Alan DeKok. -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
