Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13
On Sep 12, 2019, at 10:55 AM, John Mattsson wrote: > >> See Section 2.1.2. TLS 1.3 uses PSK for resumption. As a result, we >> *cannot* use PSK for >authentication in EAP-TLS. > > I don't understand why this could not be done. My view is that allowing PSK > authentication would be quite easy. How would systems tell the difference between "raw" PSK and "resumption" PSK? When allowing resumption, the server has sent a PSK identity in a NewSessionTicket message. The client caches this and re-uses this. But the client signals that it is performing resumption via the act of using PSK. There's nothing else. Which means that if PSK was allowed, the server can't look at the packets to distinguish resumption from "raw" PSK. Instead, the server has to look at it's resumption cache which may be in a DB. >>> While there is the EAP-PSK method, I would much rather use EAP-TLS with PSK >>> because it >provides identity protection and perfect forward secrecy, >>> unlike EAP-PSK. >> >> Use EAP-PWD for that. > > Standardizing EAP-TLS should only be done if it has some significant > advantages over EAP-PWD, and there are people wanting to implement and use > it. 3GPP is e.g. adding identity protection and perfect forward secrecy to > EAP-AKA instead. I would prefer to forbid PSK in EAP-TLS. Alan DeKok. ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13
See comments inline -Original Message- From: Alan DeKok Date: Thursday, 12 September 2019 at 15:56 To: Aura Tuomas Cc: EMU WG , "draft-ietf-emu-eap-tl...@ietf.org" Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Resent from: Resent to: John Mattsson , Resent date: Thursday, 12 September 2019 at 15:56 >Alan DeKok wrote: >On Sep 12, 2019, at 9:53 AM, Aura Tuomas wrote: > > >> I was looking at the EAP-TLS with TLS 1.3 draft and noticed that it > forbids PSK >authentication. Why is that? There was discussion regarding this on the list some years ago. The conclusion was to use the EAP-TLS Type-Code should be exclusively for certificate authentication. At that point, nobody expressed wish to use EAP-TLS with PSK authentication. If someone wants to use EAP-TLS with symmetric keys that should probably be a new code point. > See Section 2.1.2. TLS 1.3 uses PSK for resumption. As a result, we > *cannot* use PSK for >authentication in EAP-TLS. I don't understand why this could not be done. My view is that allowing PSK authentication would be quite easy. >> While there is the EAP-PSK method, I would much rather use EAP-TLS with > PSK because it >provides identity protection and perfect forward secrecy, > unlike EAP-PSK. > > Use EAP-PWD for that. Standardizing EAP-TLS should only be done if it has some significant advantages over EAP-PWD, and there are people wanting to implement and use it. 3GPP is e.g. adding identity protection and perfect forward secrecy to EAP-AKA instead. > >> In fact, I think EAP-TLS with PSK should become the standard > authentication method for >networks that rely on shared secrets, e.g. > WPA-Personal. Unifying the Wi-Fi authentication >around EAP would greatly > simplify the Wi-Fi protocol stack. Not that I expect it to happen > >immediately, but we should not close sensible paths forward. > > The time to fix that was before TLS 1.3 was standardized. > > Alan DeKok. ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13
On Sep 12, 2019, at 9:53 AM, Aura Tuomas wrote: > > I was looking at the EAP-TLS with TLS 1.3 draft and noticed that it forbids > PSK authentication. Why is that? See Section 2.1.2. TLS 1.3 uses PSK for resumption. As a result, we *cannot* use PSK for authentication in EAP-TLS. > While there is the EAP-PSK method, I would much rather use EAP-TLS with PSK > because it provides identity protection and perfect forward secrecy, unlike > EAP-PSK. Use EAP-PWD for that. > In fact, I think EAP-TLS with PSK should become the standard authentication > method for networks that rely on shared secrets, e.g. WPA-Personal. Unifying > the Wi-Fi authentication around EAP would greatly simplify the Wi-Fi protocol > stack. Not that I expect it to happen immediately, but we should not close > sensible paths forward. The time to fix that was before TLS 1.3 was standardized. Alan DeKok. ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13
I was looking at the EAP-TLS with TLS 1.3 draft and noticed that it forbids PSK authentication. Why is that? While there is the EAP-PSK method, I would much rather use EAP-TLS with PSK because it provides identity protection and perfect forward secrecy, unlike EAP-PSK. In fact, I think EAP-TLS with PSK should become the standard authentication method for networks that rely on shared secrets, e.g. WPA-Personal. Unifying the Wi-Fi authentication around EAP would greatly simplify the Wi-Fi protocol stack. Not that I expect it to happen immediately, but we should not close sensible paths forward. Tuomas ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu