Hi Ben, Thanks for the customary careful review. Answers in-line:
On 10/31/19 4:24 PM, Benjamin Kaduk via Datatracker wrote: Benjamin Kaduk has entered the following ballot position for charter-ietf-emu-05-02: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/charter-ietf-emu/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Can we consider just saying "forward secrecy" rather than "perfect forward secrecy"? The "perfect" nature comes with many caveats in general... Makes sense! What's the relationship between "identifiers for fast re-authentication" and "creation of long-term credentials for the peer based on initial limited-use credentials"? Good question: Session-Id is a particular type of identifier that must be exported by EAP methods according to RFC5247 (https://tools.ietf.org/html/rfc5247). As implicit from the name, it identifies a particular EAP authentication session. EAP methods should export this identifier during usual full authentication as well as abbreviated fast-reauthentication. Some EAP methods (EAP-SIM, EAP-AKA, EAP-PEAP and EAP-AKA’) lacked this information. There is a draft fixing this (draft-ietf-emu-eap-session-id-00<https://datatracker.ietf.org/doc/draft-ietf-emu-eap-session-id/>). It is only dealing with a narrow bug that was discovered during implementation. Creation of long-term credentials based on initial limited-use credentials is not about session identifiers. It tries is trying to address the case where the initial credentials are time or domain limited (such as device certificates from manufacturer) and need to be updated with operational long-term credentials (such as certificates from the local network operator). Both these credentials can be used for EAP authentication (albeit with different servers) and will result in different Session-Ids. There's a lot of stuff set to happen in Nov 2019; is that all staged and ready to go? Yes! --Mohit _______________________________________________ Emu mailing list Emu@ietf.org<mailto:Emu@ietf.org> https://www.ietf.org/mailman/listinfo/emu
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu