Re: [Emu] I-D Action: draft-ietf-emu-tls-eap-types-11.txt

This version fixes some typos, and updates the TEAP text to match 7170bis. I don't believe that there are any technical changes. If there's no objection, I think that the AD can take it to IETF last call. > On Jan 27, 2023, at 9:56 AM, internet-dra...@ietf.org wrote: > > > A New

[Emu] I-D Action: draft-ietf-emu-tls-eap-types-11.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : TLS-based EAP types and TLS 1.3 Author : Alan DeKok Filename:

Re: [Emu] draft-ietf-emu-rfc7170bis-03.txt and password length

On Jan 27, 2023, at 7:56 AM, Heikki Vatiainen wrote: > My understanding is that the "housekeeping" functionality, or any > other variation of multi-round inner password authentication, means > that Basic-Password-Auth-Req <--> Basic-Password-Auth-Resp exchange > is done multiple times before a

Re: [Emu] draft-ietf-emu-rfc7170bis-03.txt and password length

On Jan 27, 2023, at 6:38 AM, Heikki Vatiainen wrote: > Furthermore, let's consider multi-round inner password authentication, > such as example flow C1 with "housekeeping": > https://datatracker.ietf.org/doc/html/draft-ietf-emu-rfc7170bis#name-c1-successful-authenticatio > > Is there a reason

Re: [Emu] draft-ietf-emu-rfc7170bis-03.txt and password length

On Fri, 27 Jan 2023 at 13:30, Eliot Lear wrote: >> On 27.01.23 12:17, Heikki Vatiainen wrote: >> >> For example, an OTP system could do this: >> - Start authentication with username + static password; if ok then >> - Server prompts for the next method: Choose 1 for push to mobile app, >> 2 for

Re: [Emu] draft-ietf-emu-rfc7170bis-03.txt and password length

On Wed, 25 Jan 2023 at 03:14, Alan DeKok wrote: > > Section 4.2.14 (Basic-Password-Auth-Resp TLV) defines the length of the > password "PassLen" as "Length of Password field in octets'. However, there > is no requirement that the length be greater than zero. > > The same issue goes for

Re: [Emu] draft-ietf-emu-rfc7170bis-03.txt and password length

Hiya, On 27.01.23 12:17, Heikki Vatiainen wrote: For example, an OTP system could do this: - Start authentication with username + static password; if ok then - Server prompts for the next method: Choose 1 for push to mobile app, 2 for telephone callback, 3 for emergency use pre-printed code.

Re: [Emu] draft-ietf-emu-rfc7170bis-03.txt and password length

On Wed, 25 Jan 2023 at 10:21, John Mattsson wrote: > > That sounds good. Would be good to have text stating that passwords of length > 255 characters (the current max) shall be allowed. Requiring a minimum length > of 8 or a least 6 characters would be good. Basic-Password-Auth-Resp TLV is