On Sep 19, 2019, at 6:04 AM, John Mattsson <john.matts...@ericsson.com> wrote: > > I am starting to come down on the side the EAP-TLS PSK should be specified. > > - I think EAP-PSK should be phased out like all other methods not giving PFS.
EAP-TLS using PSK has worse security properties than EAP-PSK, I think. > - The security of the Dragonfly handshake used in EAP-PWD (and WPA3) seems > quite shaky ( https://eprint.iacr.org/2019/383 ), but I have not looked into > the details. Yes. There are updates coming. EAP-PWD is widely deployed and is widely used. Given it's simplicity, I recommend using it where simple name / password authentication is required. > - An EAP password method for the future should likely use the PAKE that CFRG > will soon standardize. > - EAP methods should in the future support some PQC key exchange. > > TLS will very likely get support for both the CFRG PAKE and PQC key exchange > algorithms. I am not sure the EAP group want to spend time updating either > EAP-PSK or ESP-PWD. Unless there are other benefits with EAP-PSK or EAP-PWD, > I think standardizing EAP-TLS PSK makes a lot of sense. It's not clear to me how EAP-TLS PSK is *better* than EAP-PWD. > I also note that, EAP-PSK is experimental and EAP-PWD is informal. Unless > IETF thinks PSK and passwords should not be used (which does certainly not > seem to be the case as TLS 1.3 is including PSK and CFRG is standardizing > password based AKE) I think that EMU should make some PSK and password based > method Standards Track. At the moment EAP-TLS 1.3 looks like the best choice. PEAP is informational. EAP-TTLS is informational. Yet both are widely used. The document status is largely a byproduct of the IETF process. I think we should take into account what people *do* with EAP methods. In this case, people have voted with their feet. EAP-PWD, PEAP, and EAP-TTLS are widely deployed. They all support some form of name / password authentication. PEAP and EAP-TTLS also include support for anonymous outer identities, which is impossible with EAP-TLS PSK. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu