[Emu] [IETF I-D Submission Tool] New Version Notification for draft-howlett-eap-gss-00

[Sam Hartman]

This is one of the documents for the bar bof on federated authentication
I sent mail about a couple of weeks ago.
Discussion currently on moonshot-commun...@jiscmail.ac.uk.


---BeginMessage---

A new version of I-D, draft-howlett-eap-gss-00.txt has been successfuly 
submitted by Sam Hartman and posted to the IETF repository.

Filename:draft-howlett-eap-gss
Revision:00
Title:   A GSS-API Mechanism for the Extensible Authentication Protocol
Creation_date:   2010-03-01
WG ID:   Independent Submission
Number_of_pages: 19

Abstract:
This document defines protocols, procedures, and conventions to be
employed by peers implementing the Generic Security Service
Application Program Interface (GSS-API) when using the EAP mechanism.

  


The IETF Secretariat.



---End Message---
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

[Emu] Tunnel Method Requirements - mandatory attributes

[Joseph Salowey (jsalowey)]

Alan commented that section 4.3.3 dealing with mandatory attributes
should better define what is meant by mandatory attributes.  I agree
with this.  Alan provided some text which describes behavior that may be
too specific for a requirements document.  For example, I'm not sure it
is appropriate for a NAK to result in a failed authentication in all
cases. Alan's text is copied below.  Are folks happy with this text or
is there other specific text that should go in this document.  

 4.3.3.  Mandatory and Optional Attributes

   The payload MUST support marking of mandatory and optional
   attributes, as well as a NAK attribute used to communicate
   disagreements about received attributes.

   Mandatory attributes are attributes that a receiver MUST process as
   per the specification.  Optional attributes are attributes that a
   receiver MAY ignore.

   A receiver MUST process mandatory attributes before optional ones.
   After an attribute has been processed, it SHOULD be marked as no
   longer being mandatory.  If a receiver does not process a mandatory
   attribute, it MUST ignore everything else in a request, and it MUST
   send a NAK attribute in response.  Similarly, if a receiver expects
   a mandatory attribute and does not receive one in a request, it MUST
   send a NAK attribute in the response that contains the set of
   attributes it expected to receive.

   A peer that either sends or receives a NAK attribute MUST treat
   the session as failing authentication.

   The NAK attribute MUST support a description of which mandatory
   attribute is either required, or is not supported.  The NAK attribute
   MUST be otherwise treated as an optional attribute, and it MUST NOT
   contain a NAK of the NAK attribute, in order to prevent infinite
   recursion.


___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

[Emu] Tunnel method requirements: evaluation of protocol requirements

[Joseph Salowey (jsalowey)]

In his review Dan Harkins stated that he feels that section 4.1.2, Draw
from Existing Work, does not belong in the document since it is not a
technical requirement, but rather something that should be arrived at
through the working group process. This section does seem a little out
of place compared to the rest of the document.  

Since there has been no discussion on the list I am not sure where the
working group is on this issue.  Are people OK with removing section
4.1.2?  

Thanks,

Joe

___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Re: [Emu] review of draft-ietf-emu-eaptunnel-req-04

[Joseph Salowey (jsalowey)]

Thanks Dan,

I haven't seen any responses on the list yet so I provided some inline
below. 

 -Original Message-
 From: emu-boun...@ietf.org [mailto:emu-boun...@ietf.org] On Behalf Of
Dan
 Harkins
 Sent: Monday, November 30, 2009 12:57 PM
 To: emu@ietf.org
 Subject: [Emu] review of draft-ietf-emu-eaptunnel-req-04
 
 
   Hello,
 
   I made some of these comments at the mic in Hiroshima but was
 asked to submit them to the list.
 
   - I get the feeling that this document is being written to
 ensure some end-game and not simply as a protocol requirements
 document.
 
 I mentioned that it would be nice if the tunneled method
 described a way to establish an EAP-TLS -style connection,
 either anonymous or server-side-auth-only, and then allow
 for subsequent authentication using another EAP method (or
 using specific TLVs for some password authentication) or
 EAP methods chained together by the tunnel. Pasi said that
 is the intention but it sure doesn't seem that way.
 
[Joe] Currently the scope of the work does not include anonymous
authentication.  I think this could be follow-on work to the tunnel
method.  I don't think the current document should prohibit anonymous
cipher suites from being used in follow-on specifications.   See the
response to 4.2.1.1.3 for some suggested text.  

   - section 3.4 states that the tunnel method MUST ensure that
 peer identity is not disclosed to the authenticator and any
 other intermediaries before the server that terminates the
 tunnel method.
 
 EAP is supposed to be a 2 party protocol that, for optimization,
 can have functionality split between a pass-thru authenticator
 and a EAP method-terminating server. But it seems wrong to
 put forth the optimization as if it's a requirement for the
 tunnel method.
 
 Please change this to something like the identity of the peer
 used for authentication purposes MUST NOT be obtainable by any
 entity other than the EAP server terminating the tunnel method.
 
[Joe] OK

   - 3.6 seems somewhat pointless. The tunnel method SHOULD support
 carrying of NEA protocols and these protocols may be required
 to be carried in an EAP method.
 
 Since the tunneled EAP method can tunnel EAP methods then this
 requirement should just naturally flow out of another
requirement.
 Please remove section 3.6.
 
[Joe] While, it is true that carrying NEA protocols should be met by
either the extensibility or carrying EAP method requirements,  I believe
that NEA use case is pertinent to the tunnel method work and should be
mentioned somewhere in the document.  What is the harm in mentioning it
here?  

   - 3.7 describes credentials [that] may only partially authenticate
 the identity of the peer.
 
 Huh? What kind of credentials are these? Please describe these
 credentials.
 
[Joe] OK

 Additionally, the tunnel may be used to communicate additional
 data.
 
 This is so vague as to be meaningless. A nonce could satisfy
 this requirement, and so could 8 bits of RESERVED-- set to zero
 before transmitting and ignored upon receipt-- for that matter.
 Please remove this.
 
[Joe] Removed

   - 3.8 mentions a use of extensibility is support for authentication
 frameworks other than EAP.
 
 That seems like a huge stretch of the work we are chartered to do.
 I suggest that line be removed.
 
[Joe] Alan had a similar comment that this text is confusing. The
suggest text is:
 Another use for extensibility is support for alternate authentication
frameworks within the tunnel.



   - 4.1.2 is inappropriate. It is not the purpose of a document
describing
 the requirements for a protocol to direct the working group how to
 evaluate potential protocols against those requirements.
 
 When I brought this up in Hiroshima a response was (I paraphrase),
 that the working group had consensus to use existing work and so
 this is just a restatement of that consensus. Which raises
another
 interesting point without addressing my comment. That other point
is
 that if there is working group consensus then it is not necessary
to
 have section 4.1.2 then. The fact that 4.1.2 is in the document
leads
 one to believe that perhaps there is a fear that such support
might
 have evaporated.
 
 The working group does not need to be constrained in its decision-
 making process. The process is defined and understood and it is
 inappropriate for a _protocol requirements document_ to say, hey
 remember way back when a sample of active participants seemed to
 agree on a vague concept, well now you SHOULD select one of the
two
 candidates here.
 
 Please remove 4.1.2.
 
[Joe]  Needs more discussion.

   - 4.2.1.1.1 if TLS is required and [a]ll versions of TLS meet
 [cipher suite negotiation] requirements then what's the point of
 this section?
 
 Please remove