[Emu] EAP-AKA' and Re: WG adoption call for draft-arkko-eap-aka-pfs

[Michael Richardson]

Joseph Salowey  wrote:
> that consensus.  If you do not support adoption of
> draft-arkko-eap-aka-pfs-03.txt as WG item please say so by 2359UTC on
> 30 November 2018 (and say why).

I don't think that this was decided.
At least, I did not find a message about this in the archives!

I implemented server side EAP-SIM and EAP-AKA back 16 some years ago.
Based upon the many emails I got asking for help configuring EAP-SIM, and
the zero I got for EAP-AKA, I have never been sure to what extend AKA
really go out there.  Is the nano-SIM in my phone SIM or did it mutate into
AKA?  I never quite knew.

I was always very sad that AKA did not get more uptake as it authenticates
the network to the phone, and therefore would have (as I understand things)
defended against "Stingray" like equipment used without judicial review,
requiring interceptors to significantly involve telco in such things, and
limiting who they would actually "catch".  ... I've heard other claims too.

So anything that prevents AKA' from being taken on seems like a significant
thing to me!

I re-read pfs-04, and wound up reading draft-ietf-emu-rfc5448bis-04, which I
had not read before.  I found the extensive references to TS-3GPP.24 made
that document rather hard to read, but at least I can download them easily,
unlike some other SDOs.  There are also some awkward sentences where maybe
a pass through with a language editor would help.

for instance:
   Upon receiving an EAP-Response/AKA'-Challenge with AT_KDF from the
   peer, the server checks that the suggested AT_KDF value was one of
   the alternatives in its offer.  The first AT_KDF value in the message
   from the server is not a valid alternative.  If the peer has replied
   with the first AT_KDF value, the server behaves as if AT_MAC of the
   response had been incorrect and fails the authentication.

I couldn't understand this at all.
You sure you want to call this EAP-AKA', and not EAP-AKA2 ?
That lone single quote seems to be asking for problems in code to me.

section 4:
   This mechanism comes in the form of the
   AT_BIDDING attribute.  This allows both endpoints to communicate
   their desire and support for EAP-AKA' when exchanging EAP-AKA
   messages.  This attribute is not included in EAP-AKA' messages as
   defined in this RFC.  It is only included in EAP-AKA messages.

Why not include it in EAP-AKA'?  You assume that there isn't a third
mechanism which should not be bid down to EAP-AKA' (some EAP-TLS or
something).

As I understand it, AT_KDF is an alternate KDF for EAP-AKA', and the
KDF is negotiated between the parties.   It seems like a reasonable thing to
do from a technical point of view, and the implementation seems rather simple
and straightforward.



I followed the link to the IPR page, but I have not (and won't) read the
patent.  Having read the pseudo code in section 6.3, I can't see how it's
significantly different than IKEv2.  If there is something novel here, I
don't know what it might be.

I found it interesting the IPR claim has the word "Possible", which
kind of makes one wonder:
Reasonable and Non-Discriminatory License to All Implementers with
Possible Royalty/Fee
I think that it is a template though, not something they chose.
The difference between RAND and RF is significant to open source projects.
Why is the claim duplicated, I also wonder.

If draft-arkko-eap-aka-pfs is important, I think it should be folded into
draft-ietf-emu-rfc5448bis.  It seems terribly useful to me, and if we are
going to have it, I'd rather have it by default.

Compared to when EAP-AKA was defined, the use of open source systems to
enable roaming is very very very significant.  If open source eco-systems
feel there is FUD here, then I think it is important to think hard.

Entities that want 5G to succeed, should think hard about whether litigating
this patent is more important than 5G succeeding for roaming.

Finally, I want to point to: https://lwn.net/Articles/780078/

-- 
]   Never tell me the odds! | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works| network architect  [ 
] m...@sandelman.ca  http://www.sandelman.ca/|   ruby on rails[ 










signature.asc
Description: PGP signature
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

[Emu] FW: [TLS] Comment on draft-thomson-tls-sic-00

[John Mattsson]

Hi EMU,

This new draft from Martin Thomson is solving a lot of the problems with large 
certificate chains in TLS, at least for EAP-TLS 1.3. I think the EMU working 
group should discuss if this draft solves the problems of the EMU working 
group, if not we should try to influence the draft so it does.

Use of this draft requires pre-distributing all intermediary certificates.

John

-Original Message-
From: TLS  on behalf of John Mattsson 

Date: Friday, 29 March 2019 at 10:30
To: "t...@ietf.org" 
Subject: [TLS] Comment on draft-thomson-tls-sic-00

Hi,

I am strongly supporting of solving the problem this draft is trying to 
solve. This is a problem that the EMU WG has identified and discussed in the 
past.

https://tools.ietf.org/html/draft-ms-emu-eaptlscert-02

I will add text discussing draft-thomson-tls-sic-00 to 
draft-ms-emu-eaptlscert-03 and ask for agenda time in EMU at IETF 105 to 
discuss if draft-thomson-tls-sic-00 solves the problems of the EMU WG.

The EMU WG actually shortly discussed this Monday if the WG thought there 
was any updates to TLS that needed to be driven in the TLS WG.

Cheers,
John

___
TLS mailing list
t...@ietf.org
https://www.ietf.org/mailman/listinfo/tls


___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

[Emu] FW: Comment on draft-thomson-tls-sic-00

[John Mattsson]

I think draft-thomson-tls-sic-00 solves all the problems that the EMU wg have 
identified. The draft only works with EAP-TLS 1.3 but I think that is fine. Any 
implementation willing to update the TLS code, should update to TLS 1.3. I 
agree with Martin Thompson that the TLS WG should not spend time on TLS 1.2.

Cheers,
John

-Original Message-
From: John Mattsson 
Date: Friday, 29 March 2019 at 11:34
To: "t...@ietf.org" 
Subject: Re: Comment on draft-thomson-tls-sic-00

Some more comments after reading the draft in detail.

- The abstract and introduction only talks about the ClientHello use case. 
Should shortly mention the CertificateRequest use case as well.

- I notice that the draft does not have any requirement on how the client 
gets access to the intermediary certificates. I think this is the right 
approach.

The problem discussed in EMU is that that many access points drops EAP 
connections after 40 - 50 packets and that EAP-TLS connections with large 
certificate chains may therefore be unable to complete.

One approach discussed in EMU is that the client could take intermediate 
certificates from an earlier EAP-TLS connection that was dropped by the access 
point. This drafts currently allows that. I think that is correct. I cannot see 
that the distribution of intermediary certificates need any security 
requirements as the client can verify them with the help of one of its trust 
anchors.

Cheers,
John

-Original Message-
From: John Mattsson 
Date: Friday, 29 March 2019 at 10:29
To: "t...@ietf.org" 
Subject: Comment on draft-thomson-tls-sic-00

Hi,

I am strongly supporting of solving the problem this draft is trying to 
solve. This is a problem that the EMU WG has identified and discussed in the 
past.

https://tools.ietf.org/html/draft-ms-emu-eaptlscert-02

I will add text discussing draft-thomson-tls-sic-00 to 
draft-ms-emu-eaptlscert-03 and ask for agenda time in EMU at IETF 105 to 
discuss if draft-thomson-tls-sic-00 solves the problems of the EMU WG.

The EMU WG actually shortly discussed this Monday if the WG thought 
there was any updates to TLS that needed to be driven in the TLS WG.

Cheers,
John





___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu