Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls13
Thanks for the pointer. I am fine with the proposed way forward. Russ > On Mar 10, 2020, at 12:43 PM, Mohit Sethi M > wrote: > > Hi Russ, > > You can listen here: https://youtu.be/YJLG4JUftqI?t=1144 > > We plan to support it in EAP-TLS-PSK instead: > https://tools.ietf.org/html/draft-mattsson-emu-eap-tls-psk-00. We have > already added a reference to draft-ietf-tls-tls13-cert-with-extern-psk > and plan to use it. I think using an external PSK any ways requires > ironing out some issues like what is the relationship between NAI and > the PSK identity? And do we allow user-configured PSK identities/PSKs etc.? > > Would it be reasonable if we specify the usage of > draft-ietf-tls-tls13-cert-with-extern-psk in EAP-TLS-PSK instead? > > --Mohit > > On 3/10/20 6:30 PM, Russ Housley wrote: >> I do not understand the reason for Bernard's objection. I looked at the >> minutes, and I do not find any rationale there. Can you help? >> >> Russ >> >> >>> On Mar 9, 2020, at 5:59 AM, John Mattsson >>> wrote: >>> >>> Hi Russ, >>> >>> Sorry for the late reply. I actually brought up your draft >>> [ID-ietf-tls-tls13-cert-with-extern-psk] during my EMU presentation at IETF >>> 106 as something that should probably be in EAP-TLS. Bernard Aboba then >>> expressed a very strong opinion that >>> [ID-ietf-tls-tls13-cert-with-extern-psk] should absolutely not be included >>> in the EAP-TLS Type-Code 0x0D. After this the WG decided as a way forward >>> to specify EAP-TLS with PSK authentication in a new draft. >>> >>> Given these strong opinions from Bernard Aboba, and the wish to publish >>> draft-ietf-emu-eap-tls13 soon. I think the best way forward would be >>> specify the use of [ID-ietf-tls-tls13-cert-with-extern-psk] in the same new >>> draft as EAP-TLS with PSK authentication. Does that sound like an >>> acceptable way forward? >>> >>> Cheers, >>> John >>> >>> -Original Message- >>> From: Russ Housley >>> Date: Monday, 13 January 2020 at 18:29 >>> To: John Mattsson >>> Cc: EMU WG >>> Subject: Late WGLC Comment on draft-ietf-emu-eap-tls13 >>> >>>John: >>> >>>Section 2.1.1 says: >>> >>> Pre-Shared Key (PSK) authentication SHALL NOT be used except >>> for resumption. >>> >>>I would rather this say: >>> >>> Pre-Shared Key (PSK) authentication SHALL NOT be used except >>> for resumption or in conjunction with the "tls_cert_with_extern_psk" >>> extension [ID-ietf-tls-tls13-cert-with-extern-psk]. >>> >>>Russ >>> >>> >>> >> ___ >> Emu mailing list >> Emu@ietf.org >> https://www.ietf.org/mailman/listinfo/emu ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls13
Hi Russ, You can listen here: https://youtu.be/YJLG4JUftqI?t=1144 We plan to support it in EAP-TLS-PSK instead: https://tools.ietf.org/html/draft-mattsson-emu-eap-tls-psk-00. We have already added a reference to draft-ietf-tls-tls13-cert-with-extern-psk and plan to use it. I think using an external PSK any ways requires ironing out some issues like what is the relationship between NAI and the PSK identity? And do we allow user-configured PSK identities/PSKs etc.? Would it be reasonable if we specify the usage of draft-ietf-tls-tls13-cert-with-extern-psk in EAP-TLS-PSK instead? --Mohit On 3/10/20 6:30 PM, Russ Housley wrote: > I do not understand the reason for Bernard's objection. I looked at the > minutes, and I do not find any rationale there. Can you help? > > Russ > > >> On Mar 9, 2020, at 5:59 AM, John Mattsson wrote: >> >> Hi Russ, >> >> Sorry for the late reply. I actually brought up your draft >> [ID-ietf-tls-tls13-cert-with-extern-psk] during my EMU presentation at IETF >> 106 as something that should probably be in EAP-TLS. Bernard Aboba then >> expressed a very strong opinion that >> [ID-ietf-tls-tls13-cert-with-extern-psk] should absolutely not be included >> in the EAP-TLS Type-Code 0x0D. After this the WG decided as a way forward to >> specify EAP-TLS with PSK authentication in a new draft. >> >> Given these strong opinions from Bernard Aboba, and the wish to publish >> draft-ietf-emu-eap-tls13 soon. I think the best way forward would be specify >> the use of [ID-ietf-tls-tls13-cert-with-extern-psk] in the same new draft as >> EAP-TLS with PSK authentication. Does that sound like an acceptable way >> forward? >> >> Cheers, >> John >> >> -Original Message- >> From: Russ Housley >> Date: Monday, 13 January 2020 at 18:29 >> To: John Mattsson >> Cc: EMU WG >> Subject: Late WGLC Comment on draft-ietf-emu-eap-tls13 >> >> John: >> >> Section 2.1.1 says: >> >>Pre-Shared Key (PSK) authentication SHALL NOT be used except >>for resumption. >> >> I would rather this say: >> >>Pre-Shared Key (PSK) authentication SHALL NOT be used except >>for resumption or in conjunction with the "tls_cert_with_extern_psk" >>extension [ID-ietf-tls-tls13-cert-with-extern-psk]. >> >> Russ >> >> >> > ___ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls13
I do not understand the reason for Bernard's objection. I looked at the minutes, and I do not find any rationale there. Can you help? Russ > On Mar 9, 2020, at 5:59 AM, John Mattsson wrote: > > Hi Russ, > > Sorry for the late reply. I actually brought up your draft > [ID-ietf-tls-tls13-cert-with-extern-psk] during my EMU presentation at IETF > 106 as something that should probably be in EAP-TLS. Bernard Aboba then > expressed a very strong opinion that [ID-ietf-tls-tls13-cert-with-extern-psk] > should absolutely not be included in the EAP-TLS Type-Code 0x0D. After this > the WG decided as a way forward to specify EAP-TLS with PSK authentication in > a new draft. > > Given these strong opinions from Bernard Aboba, and the wish to publish > draft-ietf-emu-eap-tls13 soon. I think the best way forward would be specify > the use of [ID-ietf-tls-tls13-cert-with-extern-psk] in the same new draft as > EAP-TLS with PSK authentication. Does that sound like an acceptable way > forward? > > Cheers, > John > > -Original Message- > From: Russ Housley > Date: Monday, 13 January 2020 at 18:29 > To: John Mattsson > Cc: EMU WG > Subject: Late WGLC Comment on draft-ietf-emu-eap-tls13 > >John: > >Section 2.1.1 says: > > Pre-Shared Key (PSK) authentication SHALL NOT be used except > for resumption. > >I would rather this say: > > Pre-Shared Key (PSK) authentication SHALL NOT be used except > for resumption or in conjunction with the "tls_cert_with_extern_psk" > extension [ID-ietf-tls-tls13-cert-with-extern-psk]. > >Russ > > > ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] FW: New Version Notification for draft-aura-eap-noob-08.txt
The latest version of the EAP-NOOB draft has only editorial changes. Many are based on Daniel Migault's review, which was very helpful in spotting potentially confusing text bits. Some terminology questions may need further discussion. The length of the PeerId requires a detailed analysis, which I will work on with my students. Overall, these are very minor issues and, IMO, the draft is ready for working group adoption. Tuomas -Original Message- From: internet-dra...@ietf.org Sent: Tuesday, 10 March, 2020 00:25 To: Aura Tuomas ; Mohit Sethi Subject: New Version Notification for draft-aura-eap-noob-08.txt A new version of I-D, draft-aura-eap-noob-08.txt has been successfully submitted by Tuomas Aura and posted to the IETF repository. Name: draft-aura-eap-noob Revision: 08 Title: Nimble out-of-band authentication for EAP (EAP-NOOB) Document date: 2020-03-09 Group: Individual Submission Pages: 62 URL:https://www.ietf.org/internet-drafts/draft-aura-eap-noob-08.txt Status: https://datatracker.ietf.org/doc/draft-aura-eap-noob/ Htmlized: https://tools.ietf.org/html/draft-aura-eap-noob-08 Htmlized: https://datatracker.ietf.org/doc/html/draft-aura-eap-noob Diff: https://www.ietf.org/rfcdiff?url2=draft-aura-eap-noob-08 Abstract: Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. This document defines the EAP-NOOB authentication method for nimble out-of-band (OOB) authentication and key derivation. The EAP method is intended for bootstrapping all kinds of Internet-of-Things (IoT) devices that have no pre-configured authentication credentials. The method makes use of a user-assisted one-directional OOB message between the peer device and authentication server to authenticate the in-band key exchange. The device must have an input or output interface, such as a display, microphone, speakers or blinking light, which can send or receive dynamically generated messages of tens of bytes in length. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-09.txt
Hi, - The new version should address all the received comments from Alan and Russ regarding EAP, TLS, and Certificate identities. - New section on identities early in the document discussing identities and pointing to other sections discussing identities. - More information given on why some identities are prefered over other (routing) - More guidance on how to contruct a NAI to use use in EAP-TLS - I did not include draft-ietf-tls-tls13-cert-with-extern-psk as there at this point is no consencus to do so with Russ suggesting to include it and Bernard previous being stongly against such inclusion. Cheers, John -Original Message- From: Emu on behalf of "internet-dra...@ietf.org" Reply to: "emu@ietf.org" Date: Monday, 9 March 2020 at 18:55 To: "i-d-annou...@ietf.org" Cc: "emu@ietf.org" Subject: [Emu] I-D Action: draft-ietf-emu-eap-tls13-09.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Using EAP-TLS with TLS 1.3 Authors : John Preuß Mattsson Mohit Sethi Filename: draft-ietf-emu-eap-tls13-09.txt Pages : 29 Date: 2020-03-09 Abstract: This document specifies the use of EAP-TLS with TLS 1.3 while remaining backwards compatible with existing implementations of EAP- TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 further improves security and privacy by mandating use of privacy and revocation checking. This document updates RFC 5216. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-09 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13-09 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-09 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu