My review of this errata and the current responses from Oleg:
1. I agree with this proposed resolution. I do think this is an important omission that needs to be clarified in the RFC. Otherwise it is somewhat guesswork that truncation is the right action. I think the current wording leans toward truncation, but I definitely asked this question myself while implementing. 2. This bleeds into Alan’s TLS 1.3 document somewhat, but I agree with Jouni that this will need to change when the rest of the document is eventually updated to TLS 1.3. There are enough TLS 1.3 related things to address in TEAP that I don’t exactly view this as an errata. I view it as a needed update, whether in this document, Alan’s document, or both. 3. Agree with Jouni that I don’t see the point of the 0x37 octet, but regardless this clarification of how it is encoded is positive (minor) change. Thanks, Jorge From: Emu <emu-boun...@ietf.org> On Behalf Of Oleg Pekar Sent: Tuesday, May 5, 2020 6:27 AM To: Jouni Malinen <j...@w1.fi>; EMU WG <emu@ietf.org> Subject: [Emu] TEAP - RFC 7170 - Errata ID 5768 Hi Jouni, I propose the following fix for the issues described in this errata id: 1) In Section "4.2.13. Crypto-Binding TLV" make "EMSK Compound MAC" and "MSK Compound MAC" fields 32 octets long (currently 20 octets). The MAC value is truncated at 32 octets if it is longer than 32 octets or padded to a length of 32 octets with zeros to the right if it is less than 32 octets. The length of the TLV should be changed to 100 bytes (currently 76). The motivation is to keep collision-resistance strength of MAC on 128 bit. Hash value truncation is described in "NIST Special Publication 800-107 Revision 1: Recommendation for Applications Using Approved Hash Algorithms"<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvlpubs.nist.gov%2Fnistpubs%2FLegacy%2FSP%2Fnistspecialpublication800-107r1.pdf&data=02%7C01%7Cjovergar%40microsoft.com%7C42c90b35b93f4261402008d7f0f817c4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637242821105169728&sdata=MS6AaYWPCm377ZvleMjVIfLCkaCaq6E24NQXSYK%2FNls%3D&reserved=0> 2) In Section "5.3. Computing the Compound MAC" specify that "MAC is the MAC function negotiated in TLS of TEAP Phase 1" (currently it says TLS 1.2) The motivation is to support TLS 1.2, 1.3 and possibly later TLS versions. 3) In Section "5.3. Computing the Compound MAC" when specifying the list of field to be placed in the BUFFER" should say "...2 A single octet contains TEAP EAP method type 0x37". Alternatively it could be "...2 A single octet contains EAP Type of the inner EAP method related to the calculation or 0 if no inner EAP method was executed" (currently "...2 The EAP Type sent by the other party in the first TEAP message") Please note that there's still a discussion on sending Crypto-Binding TLV on "Authentication inner EAP method" or "Inner EAP method that exports MSK" only. Thanks Oleg
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
