Review of draft-ietf-emu-eap-gpsk-03.txt
Section 1
" At present, several pre-shared key EAP methods are specified, most
notably
o EAP-PAX [RFC4746]
o EAP-PSK [I-D.bersani-eap-psk]
o EAP-TLS-PSK [I-D.otto-emu-eap-tls-psk] and
o EAP-SAKE [I-D.vanderveen-eap-sake].
Each method has its particular benefits but also its particular
deficiencies. EAP-GPSK is a new EAP method that tries to combine the
most valuable characteristics of each of these methods and therefore
attempts to address a broad range of usage scenarios."
I would delete this discussion since it doesn't really relate to the
design goals of EAP-GPSK. As it stands, this statement is too vague
to motivate the design, and discussion of "deficiencies" without
providing justification is problematic.
" EAP-GPSK should be easy to implement and therefore quickly
available."
I would leave out "and therefore quickly available". You might also
provide some more info on what makes a method easy to implement,
such as single purpose (PSK), use of commonly available algorithms,
etc.
" Wide applicability:
EAP-GPSK has been designed in a threat model where the attacker
has full control over the communication channel. This is the EAP
threat model that is presented in Section 7.1 of [RFC3748]."
I think a more appropriate title would be "Security model".
Efficiency
You might mention round-trips here.
This section should also mention that Privacy is not supported.
Section 4
In addition to the Method-Id, this section should define the Peer-Id
(ID_Client), Server-Id (ID-Server) and Session-Id
(Type-Code || MID).
Section 5
SHA-1 is on a path to deprecation by NIST, so I am concerned about
including this algorithm.
The KDFs do not appear to comply with the NIST KDF recommendation included
in this draft:
http://www.watersprings.org/pub/id/draft-dang-nistkdf-01.txt
Or am I not reading it correctly?
_______________________________________________
Emu mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/emu
