Re: [Emu] eap.arpa domain in draft-ietf-emu-bootstrapped-tls

2023-08-30 Thread Peter Yee 
Alan,
I've also sent an inquiry to the IAB on the matter to see if they have 
any thoughts. I'll post to the list if they come back with any opinions. Your 
draft will also be helpful either way as we can decide whether to incorporate 
their thoughts (if they've some concrete and coherent to offer) or we can use 
the draft as the start of a wider discussion on the topic. Thanks for posting 
it!

-Peter

On 8/30/23, 10:48 AM, "Emu on behalf of Alan DeKok" mailto:emu-boun...@ietf.org> on behalf of al...@deployingradius.com 
> wrote:


On Aug 30, 2023, at 6:29 AM, Owen Friel (ofriel) 
mailto:40cisco@dmarc.ietf.org>> wrote:
> 
> Hi EMU Chairs,
> 
> I was looking to see if any minor updates are needed to 
> draft-ietf-emu-bootstrapped-tls-03 before IETF 118 and WGLC.
> 
> There was one outstanding action from IETF 117:
> 
> Do we want to say there is an eap.arpa domain? Yes, but
> not clear this draft is place to do that. Chairs to ask IAB to do
> this.


I had discussed this off-line with the chairs, and they were waiting for me to 
do something. I've bene trying to get TEAP out of the way, but I've just posted 
an "eap.arpa" draft now.


It's still very rough, but the idea is "use someth...@eap.arp 
". And then fill in some suggestions.


A new version of Internet-Draft draft-dekok-emu-eap-arpa-00.txt has been
successfully submitted by Alan DeKok and posted to the
IETF repository.


Name: draft-dekok-emu-eap-arpa
Revision: 00
Title: The eap.arpa domain and EAP provisioning
Date: 2023-08-30
Group: Individual Submission
Pages: 13
URL: https://www.ietf.org/archive/id/draft-dekok-emu-eap-arpa-00.txt 

Status: https://datatracker.ietf.org/doc/draft-dekok-emu-eap-arpa/ 

HTML: https://www.ietf.org/archive/id/draft-dekok-emu-eap-arpa-00.html 

HTMLized: https://datatracker.ietf.org/doc/html/draft-dekok-emu-eap-arpa 





Abstract:


This document defines the eap.arpa domain as a way for EAP peers to
signal to EAP servers that they wish to obtain limited, and
unauthenticated, network access. EAP peers leverage user identifier
portion of the Network Access Identifier (NAI) format of RFC7542 in
order to describe what kind of provisioning they need. A table of
identifiers and meanings is defined.






The IETF Secretariat


___
Emu mailing list
Emu@ietf.org 
https://www.ietf.org/mailman/listinfo/emu 





___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Re: [Emu] eap.arpa domain in draft-ietf-emu-bootstrapped-tls

2023-08-30 Thread Alan DeKok 
On Aug 30, 2023, at 6:29 AM, Owen Friel (ofriel) 
 wrote:
> 
> Hi EMU Chairs,
>  
> I was looking to see if any minor updates are needed to 
> draft-ietf-emu-bootstrapped-tls-03 before IETF 118 and WGLC.
>  
> There was one outstanding action from IETF 117:
>  
> Do we want to say there is an eap.arpa domain? Yes, but
> not clear this draft is place to do that. Chairs to ask IAB to do
> this.

  I had discussed this off-line with the chairs, and they were waiting for me 
to do something.  I've bene trying to get TEAP out of the way, but I've just 
posted an "eap.arpa" draft now.

  It's still very rough, but the idea is "use someth...@eap.arp".  And then 
fill in some suggestions.

A new version of Internet-Draft draft-dekok-emu-eap-arpa-00.txt has been
successfully submitted by Alan DeKok and posted to the
IETF repository.

Name: draft-dekok-emu-eap-arpa
Revision: 00
Title:The eap.arpa domain and EAP provisioning
Date: 2023-08-30
Group:Individual Submission
Pages:13
URL:  https://www.ietf.org/archive/id/draft-dekok-emu-eap-arpa-00.txt
Status:   https://datatracker.ietf.org/doc/draft-dekok-emu-eap-arpa/
HTML: https://www.ietf.org/archive/id/draft-dekok-emu-eap-arpa-00.html
HTMLized: https://datatracker.ietf.org/doc/html/draft-dekok-emu-eap-arpa


Abstract:

  This document defines the eap.arpa domain as a way for EAP peers to
  signal to EAP servers that they wish to obtain limited, and
  unauthenticated, network access.  EAP peers leverage user identifier
  portion of the Network Access Identifier (NAI) format of RFC7542 in
  order to describe what kind of provisioning they need.  A table of
  identifiers and meanings is defined.



The IETF Secretariat

___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Re: [Emu] TEAP: PKCS exchange notes

2023-08-30 Thread Heikki Vatiainen 
On Mon, 28 Aug 2023 at 21:20, Eliot Lear  wrote:

> First, section 3.11.1 states that authentication is needed before
> provisioning, but C.11. does not show any authentication. Should the
> diagram show phase 1 client certificate authentication or phase 2 tunnelled
> authentication? Are both valid types of authentication as required by
> section 3.1.1?
>
> C.11 assumes bi-directional certificate exchange OR POK.  Perhaps that
> should be stated.
>

Thanks for this and the other clarifications. It's what I was expecting but
I thought I'd check.

I'll push a pull request to update the examples C.11. and C.13. (EAP-TLS
like exchange) so that the both show client certificate. There's also an
extra Intermediate-Result in C.13.

-- 
Heikki Vatiainen
h...@radiatorsoftware.com
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Re: [Emu] eap.arpa domain in draft-ietf-emu-bootstrapped-tls

2023-08-30 Thread Peter Yee 
That one’s on me, gents. I have the action to inquire and will do so ASAP.

 

    -Peter

 

On 8/30/23, 3:29 AM, "Owen Friel (ofriel)"  wrote:

 

Hi EMU Chairs,

 

I was looking to see if any minor updates are needed to 
draft-ietf-emu-bootstrapped-tls-03 before IETF 118 and WGLC.

 

There was one outstanding action from IETF 117:

 

Do we want to say there is an eap.arpa domain? Yes, but

not clear this draft is place to do that. Chairs to ask IAB to do

this.

 

Is there any clarity on this yet?

Thanks,

Owen+Dan

___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

[Emu] Experimental RFC 8773 normative reference in draft-ietf-emu-bootstrapped-tls

2023-08-30 Thread Owen Friel (ofriel) 
Hi EMU Chairs,

draft-ietf-emu-bootstrapped-tls is proposed Standards Track and depends on RFC 
8773 which is Experimental.

Do we need to talk to TLS WG about changing RFC 8773 from Experimental? How 
does this process work?

Thanks,
Owen+Dan
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

[Emu] eap.arpa domain in draft-ietf-emu-bootstrapped-tls

2023-08-30 Thread Owen Friel (ofriel) 
Hi EMU Chairs,

I was looking to see if any minor updates are needed to 
draft-ietf-emu-bootstrapped-tls-03 before IETF 118 and WGLC.

There was one outstanding action from IETF 117:

Do we want to say there is an eap.arpa domain? Yes, but
not clear this draft is place to do that. Chairs to ask IAB to do
this.

Is there any clarity on this yet?
Thanks,
Owen+Dan
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu