[Emu] Minutes from EMU @ IETF103

2018-11-13 Thread Mohit Sethi M
Hi all, Thank you for participating in the EMU session at IETF 103. A special thank you to Jim for serving as the jabber scribe. Minutes from the EMU session at IETF 103 have now been uploaded: https://datatracker.ietf.org/meeting/103/materials/minutes-103-emu-00 Please report any issues by

Re: [Emu] Minutes from EMU @ IETF103

2018-11-14 Thread Mohit Sethi M
s: MAC is dependent on the based AKA authentication. > > s/based/base/ > s/AKA/AKA'/ > > >> On Nov 13, 2018, at 4:38 AM, Mohit Sethi M >> wrote: >> >> Hi all, >> >> Thank you for participating in the EMU session at IETF 103. A special >> thank you to

Re: [Emu] EAP-TLS 1.3 - TLS extensions and mechanisms

2018-11-14 Thread Mohit Sethi M
I would be very hesitant to mandate RFC 7924. Most EAP-TLS implementations use existing TLS libraries rather than implementing their own TLS stack. And many popular TLS libraries don't provide support for RFC 7924. Please look at : https://github.com/openssl/openssl/issues/5040 for example.

[Emu] Agenda Items for IETF 103

2018-10-09 Thread Mohit Sethi M
Dear all, Please send Joe and I requests for presentation slots during IETF 103. According to the preliminary agenda, we have a 2 hour session on Monday, November 5, between 16:10-18:10 in room Boromphimarn 1/2. Don't forget to include the title of your presentation, related drafts, and the

[Emu] Minutes from EMU @ IETF104

2019-04-02 Thread Mohit Sethi M
Hi all, Thank you for participating in the EMU session at IETF 104. A special thank you to Max for taking the minutes and to Elliot for serving as the jabber scribe. Minutes from the EMU session at IETF 104 have now been uploaded:

[Emu] Slides for EMU session @ IETF 104

2019-03-24 Thread Mohit Sethi M
Dear all, We have a 2 hour session tomorrow (Monday, 25th March) morning between 09:00-11:00 in room Berlin/Brussels. If you are presenting, please send us your slides by midnight tonight. If you have any last minute updates to the slides, we can also try to upload newer versions tomorrow

Re: [Emu] WGLC for RFC5448bis

2019-03-14 Thread Mohit Sethi M
Hi Jari and co-authors, The WGLC for this document is now complete. Can you please address the minor comments provided by John and upload a new version. The following 2 papers on the AKA protocol were also brought to our attention: 1. https://eprint.iacr.org/2018/1175.pdf 2.

[Emu] Agenda Items for IETF 104

2019-03-12 Thread Mohit Sethi M
Dear all, Some of you have already sent in a request for presentation time during the EMU session @ IETF 104. Thank you! For those who haven't, please send Joe and I requests for presentation slots.  We have a 2 hour session on Monday, March 25, between 09:00-11:00 in room Berlin/Brussels.

Re: [Emu] EAP and Fragmentation

2019-02-14 Thread Mohit Sethi M
Dear Dr. Pala, On 2/12/19 7:36 PM, Dr. Pala wrote: Hi all, I am working on a draft for credentials management via EAP. When looking at the different specifications, it seems a bit weird that EAP does not provide Fragmentation control and requires each method to define their own way. This,

Re: [Emu] EAP and Fragmentation

2019-02-14 Thread Mohit Sethi M
, for example, EAP-TTLS RFC closed it tightly saying that even a single-fragment message should have it nevertheless on its redundancy. ~Oleg On Thu, Feb 14, 2019 at 1:54 PM Mohit Sethi M mailto:mohit.m.se...@ericsson.com>> wrote: Dear Dr. Pala, On 2/12/19 7:36 PM, Dr. Pala wrote: Hi a

Re: [Emu] Notes on session resumption with TLS-based EAP methods

2019-02-07 Thread Mohit Sethi M
Hi Alan, John, On 2/6/19 2:44 PM, Alan DeKok wrote: > On Feb 6, 2019, at 3:54 AM, John Mattsson wrote: >> I think this is a very good discussion to have. Any problems with peer >> authentication would (at least in theory) affect pure EAP-TLS as well. RFC >> 5216 states that: >> >> RFC 5216:

Re: [Emu] Notes on session resumption with TLS-based EAP methods

2019-02-04 Thread Mohit Sethi M
Hi Alan, Do you have experience with such cross method resumption? Are there any deployments that make use of this? My initial reaction is that such cross method session resumption should be forbidden. That is because EAP-TLS has different security properties where both the peer and server

Re: [Emu] TLS 1.3 and other EAP methods

2019-02-04 Thread Mohit Sethi M
Hi Alan, Thanks for bringing this up. I agree that we should take this opportunity to fix other EAP methods which rely on TLS for the outer tunnel. I think that these updates merit a separate document. But I am not certain why the two documents need to be published simultaneously? --Mohit On

Re: [Emu] TLS 1.3 and other EAP methods

2019-02-04 Thread Mohit Sethi M
Hi John, Alan, and others, The recommendations in this document may be used by all TLS-based EAP methods. However, fragmenting large certificates and certificate chains into many small messages is less of a problem when only one side (server) is authenticating with certificates. --Mohit On

Re: [Emu] Notes on session resumption with TLS-based EAP methods

2019-02-05 Thread Mohit Sethi M
Hi Alan, On 2/5/19 3:13 PM, Alan DeKok wrote: > On Feb 5, 2019, at 12:19 AM, Mohit Sethi M wrote: >> Do you have experience with such cross method resumption? Are there any >> deployments that make use of this? >There are no deployments that make use of it. It's wo

Re: [Emu] TLS 1.3 and other EAP methods

2019-02-05 Thread Mohit Sethi M
). --Mohit On 2/5/19 3:16 PM, Alan DeKok wrote: > On Feb 5, 2019, at 12:25 AM, Mohit Sethi M wrote: >> Thanks for bringing this up. I agree that we should take this >> opportunity to fix other EAP methods which rely on TLS for the outer >> tunnel. I think that these updates meri

Re: [Emu] TLS 1.3 and other EAP methods

2019-02-05 Thread Mohit Sethi M
don't want EAP-TLS to lie around for that long. Modular independent specs are better in my opinion. --Mohit On 2/5/19 5:46 PM, Alan DeKok wrote: > On Feb 5, 2019, at 10:40 AM, Mohit Sethi M wrote: >> One could use the same argument. Those only interested in implementing >> EAP-TLS

Re: [Emu] Notes on session resumption with TLS-based EAP methods

2019-02-05 Thread Mohit Sethi M
Hi Alan, On 2/5/19 5:48 PM, Alan DeKok wrote: > On Feb 5, 2019, at 10:18 AM, Mohit Sethi M wrote: >> But session resumption is not simply about changing one byte in the EAP >> conversation. If you look at Figure 2 of draft-ietf-emu-eap-tls13-03 >> (https://tools.ietf.org/ht

Re: [Emu] Can we get a WG last call for draft-dekok-emu-eap-session-id-00 ?

2019-06-05 Thread Mohit Sethi M
Chair hat on: The draft needs to be formally adopted as a working group item before moving to last call. Chair hat off: I support the adoption of this draft as a working group item. This is a charter item and the draft is simple enough to move forward rather quickly. The code has been

Re: [Emu] WGLC completed for for draft-ietf-emu-eap-tls13-05

2019-07-03 Thread Mohit Sethi M
There have been several reviews of different aspects of this draft in the past: Jim provided a complete review here: https://mailarchive.ietf.org/arch/msg/emu/ZDwpgyOL5eBPgyOGwXqxj1VhX-4 A discussion about the L-bit and fragmentation here:

Re: [Emu] The EMU WG has placed draft-dekok-emu-eap-session-id in state "Call For Adoption By WG Issued"

2019-07-03 Thread Mohit Sethi M
In addition to my previous comment on this draft: https://mailarchive.ietf.org/arch/msg/emu/eJ_xCqn7Eq2fzx6tuDS0PDdBwkI I think that the title should be made more explicit to something along the lines: Session-Id derivation for EAP-SIM, EAP-AKA and EAP-PEAP. --Mohit On 7/3/19 2:35 PM, IETF

[Emu] Re-charter text

2019-08-21 Thread Mohit Sethi M
Dear all, Thank you for a productive meeting @ IETF 105. We had discussed the new charter text during the working group session in Montreal. Please find the same text below. This text builds upon our current charter. Feel free to suggest changes. RFC 2418 section 2.2

Re: [Emu] Re-charter text

2019-09-02 Thread Mohit Sethi M
such as NFC, dynamically generated QR codes, audio, and visible light. Best regards, Rene Forwarded Message Subject:[Emu] Re-charter text Date: Wed, 21 Aug 2019 08:13:51 + From: Mohit Sethi M <mailto:mohit.m.se...@ericsson.com> To: emu@ietf.org<mailto:

Re: [Emu] Re-charter text

2019-09-02 Thread Mohit Sethi M
Hi Michael, On 8/22/19 10:46 PM, Michael Richardson wrote: Mohit Sethi M <mailto:mohit.m.se...@ericsson.com> wrote: > At the same time, some new use cases for EAP have been identified. EAP > is now more broadly in mobile network authentication. The group will > upda

Re: [Emu] Re-charter text

2019-09-11 Thread Mohit Sethi M
Dear all, Please send in your comments on the charter text by Wednesday, September 18, 2019. Joe and Mohit On 8/21/19 11:13 AM, Mohit Sethi M wrote: Dear all, Thank you for a productive meeting @ IETF 105. We had discussed the new charter text during the working group session in Montreal

Re: [Emu] Re-charter text

2019-09-13 Thread Mohit Sethi M
The current re-charter text is now in github for convenient issue and change tracking: We have incorporated the suggestions from John and Rene to the current text: https://github.com/emu-wg/charter/blob/master/emu-charter.md Joe and Mohit On 9/11/19 9:50 PM, Mohit Sethi M wrote: Dear all

Re: [Emu] Re-charter text

2019-09-21 Thread Mohit Sethi M
of pervasive surveillance. This last point, maybe could be divided in several sentences, since I find it too long and, thus, hard to follow. Many thanks for your efforts. Best regards, Georgios On Sep 11, 2019, at 20:50, Mohit Sethi M mailto:mohit.m.se...@ericsson.com>> wrote: Dear all,

Re: [Emu] Benjamin Kaduk's No Objection on charter-ietf-emu-05-02: (with COMMENT)

2019-10-31 Thread Mohit Sethi M
Hi Ben, Thanks for the customary careful review. Answers in-line: On 10/31/19 4:24 PM, Benjamin Kaduk via Datatracker wrote: Benjamin Kaduk has entered the following ballot position for charter-ietf-emu-05-02: No Objection When responding, please keep the subject line intact and reply to all

[Emu] Agenda Items for IETF 106

2019-11-03 Thread Mohit Sethi M
Dear all, Some of you have already sent in a request for presentation time during the EMU session @ IETF 106. Thank you! For those who haven't, please send Joe and I requests for presentation slots. We have a 2 hour session on Monday, November 18, between 15:50-17:50 in room Hullet. Don't

Re: [Emu] Re-charter text

2019-10-15 Thread Mohit Sethi M
unless there are good reasons not to limit the scope), I am also happy with the current text (since allows EAP-CREDS to be discussed). Thanks, Max On 9/21/19 6:16 AM, Mohit Sethi M wrote: Hi Georgios, Thanks for reading the charter. I have addressed your comments on github. Here is the updated t

Re: [Emu] Re-charter text

2019-10-24 Thread Mohit Sethi M
pate to that meeting ? If so, can you please let us know the meetings' details... ? Last but not least - I sent you the request earlier for a slot at IETF 106 for EAP-CREDS and I would like to confirm again with you we have the slot (I do not recall seeing your reply to that message). Cheers, Max

[Emu] WGLC for draft-ietf-emu-eap-session-id-01

2019-11-26 Thread Mohit Sethi M
Dear all, This email initiates the working group last call (WGLC) for draft-ietf-emu-eap-session-id (https://tools.ietf.org/html/draft-ietf-emu-eap-session-id-01).0 If you have any remaining concerns or issues, please comment on the mailing list before the WGLC expires on December 10, 2019.

[Emu] Minutes from EMU @ IETF106

2019-11-26 Thread Mohit Sethi M
Hi all, Thank you for participating in the EMU session at IETF 106. A special thank you to Eliot for volunteering as the minute taker. Meeting minutes from the EMU session at IETF 106 have now been uploaded: https://datatracker.ietf.org/meeting/106/materials/minutes-106-emu-00 Please report

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-10 Thread Mohit Sethi M
Hi, Speaking purely as an individual contributor. I agree that this is a use-case we should address. I am open to discussions whether it should be done in this draft or separately and whether we should have a separate method type or use the same. @Elliot: I understand your discomfort with

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-10 Thread Mohit Sethi M
I wouldn't say that TLS 1.3 is wrong but there is some stuff that could benefit from further clarification. For example: the current TLS 1.3 spec requires external PSKs to be provisioned for a specific hash function. Then there is also the discussion on how does a server handle external PSK vs.

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-10 Thread Mohit Sethi M
aft-ietf-emu-eap-tls13-07> draft if that is what the general consensus is. --Mohit On 10/10/19 12:24 PM, Eliot Lear wrote: Hi Mohit, On 10 Oct 2019, at 09:55, Mohit Sethi M mailto:mohit.m.se...@ericsson.com>> wrote: @Elliot: I understand your discomfort with constrai

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-10 Thread Mohit Sethi M
Yes, but I do not see how EAP would differ from any other TLS deployment with external PSK. Can you give an example of an existing TLS 1.3 deployment that offers both resumption PSKs and external PSKs? EAP-TLS would not be different from other TLS deployments with external PSKs. However, so

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-11 Thread Mohit Sethi M
external PSK before checking for resumption PSKs. I think we can include EAP-TLS-PSK without major changes to the current document. I only want to ensure that EAP-TLS-PSK does not leave any implementation ambiguities. --Mohit On 10/10/19 7:18 PM, John Mattsson wrote: > Mohit Seth

Re: [Emu] WGLC for draft-ietf-emu-eaptlscert (corrected)

2020-03-05 Thread Mohit Sethi M
Hi Alan, Thanks for your careful and detailed reviews. They are extremely helpful. We have submitted a new version addressing your feedback. Please see in-line for specific actions taken. Here you can see the diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eaptlscert-01. --Mohit On

Re: [Emu] [lamps] EAP/EMU recommendations for client cert validation logic

2020-01-17 Thread Mohit Sethi M
On 1/16/20 6:07 AM, Benjamin Kaduk wrote: > Is there anything better for implementations to actually do (as distinct > from what we write down as recommendations) than to start setting up a > parallel (purpose-specific) PKI now and trusting that in parallel with what > they're currently doing,

Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-08.txt

2020-01-07 Thread Mohit Sethi M
Hi Alan, On 12/28/19 3:29 PM, Alan DeKok wrote: > On Dec 27, 2019, at 1:54 PM, internet-dra...@ietf.org wrote: >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-08 >Which adds some text about identities: > > It is

Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-08.txt

2020-01-07 Thread Mohit Sethi M
Hi Alan, On 12/28/19 3:29 PM, Alan DeKok wrote: > On Dec 27, 2019, at 1:54 PM,internet-dra...@ietf.org wrote: >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-08 >Which adds some text about identities: > > It is

Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls13

2020-03-11 Thread Mohit Sethi M
hat TLS 1.3 supports) > > I sympatise with earlier comments in the group that EAP should mostly be a > transport for TLS and that the decisions of which authentication methods to > support should be taken by the TLS WG. > > Cheers, > John > > -Original Message- &g

Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls13

2020-03-10 Thread Mohit Sethi M
Hi Russ, You can listen here: https://youtu.be/YJLG4JUftqI?t=1144 We plan to support it in EAP-TLS-PSK instead: https://tools.ietf.org/html/draft-mattsson-emu-eap-tls-psk-00. We have already added a reference to draft-ietf-tls-tls13-cert-with-extern-psk and plan to use it. I think using an

Re: [Emu] Working Group Call For adoption of draft-aura-eap-noob-08.txt

2020-04-19 Thread Mohit Sethi M
Hi Alan, On 4/19/20 7:18 PM, Alan DeKok wrote: > >> On Apr 18, 2020, at 4:13 PM, Joseph Salowey wrote: >> >> This is a call for adoption of draft-aura-eap-noob-08.txt [1] as a working >> group item. This draft has been discussed in several IETF meetings and >> would be the starting point for

[Emu] Poll for virtual interim

2020-04-19 Thread Mohit Sethi M
Dear all, We did not have a face-to-face meeting in Vancouver for IETF 107. At this point, the IETF 108 meeting in Madrid is also uncertain. We are therefore considering a virtual interim meeting for EMU during middle/end of May 2020. Here are some proposed dates and time slots:

Re: [Emu] draft-dekok-emu-tls-eap-types discussion

2020-04-19 Thread Mohit Sethi M
No hat! I support the adoption of this document! --Mohit On 4/3/20 11:48 PM, Alan DeKok wrote: > https://tools.ietf.org/html/draft-dekok-emu-tls-eap-types-01 > >I haven't seen much discussion on the document. There are still some open > questions: > > * should it be published

Re: [Emu] WGLC for draft-davidben-tls13-pkcs1-00

2020-03-16 Thread Mohit Sethi M
Thank you Russ. We have updated the text as suggested: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eaptlscert-02 --Mohit On 3/9/20 11:09 PM, Russ Housley wrote: I read the document, and I think it is read to go after one editorial fix. The term "trust anchor" is used many times in the

Re: [Emu] Poll for virtual interim

2020-04-24 Thread Mohit Sethi M
Dear all, Reminder: please respond to the poll for a potential virtual interim in May: https://doodle.com/poll/vxy5vc4g3cnegpdr Joe and Mohit On 4/20/20 2:11 AM, Mohit Sethi M wrote: > Dear all, > > We did not have a face-to-face meeting in Vancouver for IETF 107. At > this point,

Re: [Emu] draft-aura-eap-noob-08 NAI

2020-04-24 Thread Mohit Sethi M
Hi Max, Tuomas can give you a definite answer. My understanding is that error 1001 should be sent by the server if the received identity does not follow the requirements of draft-aura-eap-noob. Besides, implementing the stricter checks of this draft is easier than validating the ABNF of

Re: [Emu] draft-aura-eap-noob-08 NAI

2020-04-24 Thread Mohit Sethi M
Hi Eliot, On 4/24/20 4:22 PM, Eliot Lear wrote: Hi Mohit On 24 Apr 2020, at 15:02, Mohit Sethi M <mailto:mohit.m.sethi=40ericsson@dmarc.ietf.org> wrote: Hi Max, Tuomas can give you a definite answer. My understanding is that error 1001 should be sent by the server if the re

Re: [Emu] Poll for virtual interim

2020-05-05 Thread Mohit Sethi M
Sethi M wrote: > Dear all, > > Reminder: please respond to the poll for a potential virtual interim in > May: https://doodle.com/poll/vxy5vc4g3cnegpdr > > Joe and Mohit > > On 4/20/20 2:11 AM, Mohit Sethi M wrote: >> Dear all, >> >> We did not have a face

Re: [Emu] Working Group Call For adoption of draft-dekok-emu-tls-eap-types

2020-05-06 Thread Mohit Sethi M
. Joe and Mohit On 4/20/20 1:53 AM, Mohit Sethi M wrote: > This is a call for adoption of draft-dekok-emu-tls-eap-types > (https://datatracker.ietf.org/doc/draft-dekok-emu-tls-eap-types/) as a > working group item. > > Please indicate if you have any objections by May 4th, 2020. &g

[Emu] Fwd: Reminder: Survey on planning for possible online IETF meetings

2020-05-07 Thread Mohit Sethi M
You have a chance to influence how the upcoming IETF meetings for this year are organized. Please answer the survey if you haven't already. See the details below. Here is the link for your convenience: https://www.surveymonkey.com/r/5328FFJ --Mohit Begin forwarded message: From: IETF

[Emu] Request for presentations during virtual interim

2020-05-18 Thread Mohit Sethi M
and Mohit JOIN WEBEX MEETING https://ietf.webex.com/ietf/j.php?MTID=mc9df4dccd3859204bde061bde4848491 Meeting number (access code): 618 538 077 Meeting password: Sx2edf4mWU3 On 5/5/20 11:38 AM, Mohit Sethi M wrote: > The poll is now closed. We will have a 90-minute virtual interim meeting > f

Re: [Emu] My review ... was RE: I-D Action: draft-ietf-emu-eaptlscert-02.txt

2020-05-09 Thread Mohit Sethi M
Hi Hannes, I have submitted a new version of the draft which I believe addresses your concerns. Here is a diff for your convenience: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eaptlscert-03 While Alan and Jouni have already provided excellent answers to most of your comments, in-line

Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-11.txt

2020-10-14 Thread Mohit Sethi M
Dear all, This version includes additional clarifications on resumption suggested by Terry Burton. Based on the mailing list discussion, we still use 1-byte of encrypted application data as the commitment message: https://mailarchive.ietf.org/arch/msg/emu/6f36UTSysJ_xzGdkOtC4TDNTZbI/. --Mohit

Re: [Emu] Appropriate AAA/EAP response to a peer's NAK when there are no overlapping methods

2020-08-23 Thread Mohit Sethi M
Hi Alan, On 8/21/20 3:50 PM, Alan DeKok wrote: > On Aug 21, 2020, at 3:27 AM, Mohit Sethi M > wrote: >> Sorry for nitpicking here. But it is important to distinguish the two >> components that comprise a AAA server: RADIUS server and EAP server. RFC >> 3579 briefly al

Re: [Emu] Appropriate AAA/EAP response to a peer's NAK when there are no overlapping methods

2020-08-23 Thread Mohit Sethi M
Hi again, On 8/23/20 7:12 PM, Alan DeKok wrote: > On Aug 23, 2020, at 9:48 AM, Mohit Sethi M wrote: >> Sorry, but you are missing context here. The discussion was no longer >> about sending an EAP failure when no suitable EAP methods are available. >> Terry and I were dis

Re: [Emu] Appropriate AAA/EAP response to a peer's NAK when there are no overlapping methods

2020-08-20 Thread Mohit Sethi M
erver. Sending a NAK in the other direction would be a violation of RFC 3748 and is not supported or implemented. --Mohit On 8/20/20 4:26 PM, Terry Burton wrote: > On Thu, 20 Aug 2020 at 13:34, Mohit Sethi M > wrote: > <...snip...> >> It's also contrary to... >> >>

Re: [Emu] Appropriate AAA/EAP response to a peer's NAK when there are no overlapping methods

2020-08-20 Thread Mohit Sethi M
Hi Terry, I surely must be missing something here: Packet 6 is an EAP-Response from the peer. Packet 7 contains another EAP-Response inside a RADIUS Access-Request? That doesn't make sense. EAP is lock-step request-response protocol. The conversation you describe is incorrect. My reading of

Re: [Emu] Appropriate AAA/EAP response to a peer's NAK when there are no overlapping methods

2020-08-21 Thread Mohit Sethi M
Hi Terry, On 8/20/20 5:41 PM, Terry Burton wrote: > On Thu, 20 Aug 2020 at 14:54, Mohit Sethi M > wrote: >> It would be a misinterpretation to say that everything from the >> authenticator is an EAP-Request hence EAP-Failure is also a Request. >> It's an EAP packet wit

Re: [Emu] Appropriate AAA/EAP response to a peer's NAK when there are no overlapping methods

2020-08-20 Thread Mohit Sethi M
Hi Terry, On 8/20/20 3:02 PM, Terry Burton wrote: On Thu, 20 Aug 2020 at 10:00, Mohit Sethi M <mailto:mohit.m.sethi=40ericsson@dmarc.ietf.org> wrote: I surely must be missing something here: Packet 6 is an EAP-Response from the peer. Packet 7 contains another EAP-Response

[Emu] Minutes and bluesheets from EMU virtual interim

2020-05-24 Thread Mohit Sethi M
Dear all, Thank you for participating in the EMU virtual interim on Friday. A special thank you to Max Crone for volunteering as the minute taker. Meeting minutes and bluesheets from the virtual interim have now been uploaded. Minutes:

Re: [Emu] Early allocation request for an EAP Method Type number for draft-ietf-emu-eap-noob

2020-05-26 Thread Mohit Sethi M
I would add that there is also an early implementation of EAP-TLS-PSK: https://github.com/rohitshubham/EAP-TLS-PSK We had agreed that external PSK authentication for EAP-TLS will use a new method type number. The draft for EAP-TLS-PSK

Re: [Emu] Genart last call review of draft-ietf-emu-eaptlscert-05

2020-10-28 Thread Mohit Sethi M
Hi Elwyn, Thank you for the careful review. We have updated the draft based on your feedback. Here is the diff for you convenience: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eaptlscert-06. See our responses in-line. --Mohit On 10/24/20 1:44 PM, Elwyn Davies via Datatracker wrote: >

Re: [Emu] draft-ietf-emu-eap-tls13: Client re-validation of server authority information during resumption

2020-08-12 Thread Mohit Sethi M
AM, Terry Burton wrote: >> On Tue, 11 Aug 2020 at 09:11, Mohit Sethi M >> wrote: >>> Section 5.7 "Resumption" says: >>> >>>> When resumption occurs, it is based on cached information at the TLS >>>>layer. To perform resumptio

[Emu] Minutes from EMU @ IETF108

2020-07-31 Thread Mohit Sethi M
Dear all, Thank you for participating in the EMU session at IETF 108. A special thank you to Aleksi Peltonen for serving as the note taker. Minutes from the EMU session at IETF 108 have now been uploaded: https://datatracker.ietf.org/doc/minutes-108-emu/ Please report any issues by August 10,

[Emu] Commitment Message handling in EAP-TLS 1.3

2020-07-31 Thread Mohit Sethi M
Dear all, Thanks all for the discussion on the commitment message. draft-ietf-emu-eap-tls13-10 (https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-10) in figure 2 shows the ticket establishment and commitment message: EAP Peer EAP Server

Re: [Emu] Commitment Message handling in EAP-TLS 1.3

2020-08-05 Thread Mohit Sethi M
I seem to agree with the consensus around the usage of close_notify instead of a byte of 0x00. In fact, I can't even remember the reason for that choice anymore. The draft is now updated in github to specify the usage of close_notify: https://github.com/emu-wg/draft-ietf-emu-eap-tls13 Here is

Re: [Emu] draft-ietf-emu-eap-tls13: Client re-validation of server authority information during resumption

2020-08-11 Thread Mohit Sethi M
Hi Terry, Section 5.7  "Resumption" says: > When resumption occurs, it is based on cached information at the TLS >    layer.  To perform resumption in a secure way, the EAP-TLS peer and >    EAP-TLS server need to be able to securely retrieve authorization >    information such as certificate

[Emu] Agenda Items for IETF 108

2020-07-08 Thread Mohit Sethi M
Dear all, At the virtual IETF 108 meeting, we will have a 50 minute session on Friday, July 31, between 13:00 - 13:50 UTC. Please send Joe and I (emu-cha...@ietf.org) requests for presentation slots. Don't forget to include the title of your presentation, related drafts, and the approximate

Re: [Emu] draft-ietf-emu-eap-noob-01 incorrect curve name in example messages

2020-07-07 Thread Mohit Sethi M
Hi Max, Good catch. This will be fixed in the next version! --Mohit On 7/3/20 12:21 PM, Max Crone wrote: > Hi, > > I noticed that the examples messages in Appendix F > (https://tools.ietf.org/html/draft-ietf-emu-eap-noob-01#appendix-F) > use the curve name "Curve25519" in the JWK object.

[Emu] Finishing draft-ietf-emu-eap-tls13 - Commitment Message handling

2020-07-13 Thread Mohit Sethi M
Dear all, draft-ietf-emu-eap-tls13 is currently in the state "AD Evaluation::AD Followup". Our AD (Roman) had done an excellent review (https://mailarchive.ietf.org/arch/msg/emu/k6K98OhuOQmbzSAgGWCtSIVv3Qk/), which I addressed in version 10

Re: [Emu] Secdir early review of draft-ietf-emu-eap-noob-01

2020-07-02 Thread Mohit Sethi M
Hi Steve, I have answered each question in-line. On 6/29/20 2:54 AM, Steve Hanna via Datatracker wrote: > Reviewer: Steve Hanna > Review result: Not Ready > > Reviewer: Steve Hanna > Review result: Not Ready > > I have reviewed this document as part of the security directorate's ongoing > effort

Re: [Emu] I-D Action: draft-ietf-emu-aka-pfs-04.txt

2020-07-09 Thread Mohit Sethi M
lusion is that the current draft is correct: * For P-256, the length of this value is 32 bytes, encoded in binary as specified in [FIPS186-4]. Russ On Jun 24, 2020, at 1:10 AM, Mohit Sethi M <mailto:mohit.m.sethi=40ericsson@dmarc.ietf.org> wrote: Hi all, I am

Re: [Emu] I-D Action: draft-ietf-emu-aka-pfs-04.txt

2020-07-09 Thread Mohit Sethi M
Arghh. I feel very protected with unreadable URLs of fireeye. Fixed pointer to the reference: https://www.secg.org/SEC2-Ver-1.0.pdf The relevant section is 2.7.1. --Mohit On 7/9/20 9:45 AM, Mohit Sethi M wrote: Rene, Russ, and I had an offline email exchange about this issue. I think we

Re: [Emu] [Iot-directorate] Iotdir early review of draft-ietf-emu-eap-noob-01

2020-07-11 Thread Mohit Sethi M
Hi Michael, Thanks for the input. This is indeed something we should discuss at the upcoming virtual EMU meeting. Some colleagues (Ingles Sanchez et al.) have also investigated and documented the savings that might result from the use of CBOR in EAP-NOOB:

Re: [Emu] [Iot-directorate] Iotdir early review of draft-ietf-emu-eap-noob-01

2020-07-11 Thread Mohit Sethi M
Thanks Carsten. This is very valuable input for the working group before it makes a critical decision. --Mohit On 7/11/20 4:40 PM, Carsten Bormann wrote: > Hi Mohit, > > >> On 2020-07-11, at 15:27, Mohit Sethi M >> wrote: >> >> Hi Michael, >> >> T

Re: [Emu] I-D Action: draft-ietf-emu-aka-pfs-04.txt

2020-06-23 Thread Mohit Sethi M
Hi all, I am not a crypto expert and my knowledge of public key encodings is based on my work with Rene Struik for a different draft. The current text in draft-ietf-emu-aka-pfs-04 says "For P-256, the length of this value is 32 bytes, encoded in binary". Shouldn't this be 33 bytes? And

Re: [Emu] Commitment Message in draft-ietf-emu-eap-tls13

2020-06-16 Thread Mohit Sethi M
to an unauthenticated peer in this case is fine. I wonder how others feel about this change. --Mohit On 6/16/20 1:43 PM, Hannes Tschofenig wrote: Hi Mohit, See below. Thanks for your super quick response. *From:* Mohit Sethi M *Sent:* Tuesday, June 16, 2020 12:25 PM *To:* Hannes

Re: [Emu] Commitment Message in draft-ietf-emu-eap-tls13

2020-06-16 Thread Mohit Sethi M
are to be expected. --Mohit The current solution in the draft, for example, does not work with Mbed TLS because you cannot tell the stack to suddenly bypass the encryption layer (after successfully establishing it) to send a plaintext message. Ciao Hannes *From:* Mohit Sethi M *Sent

Re: [Emu] draft-ietf-emu-eaptlscert-04

2020-06-15 Thread Mohit Sethi M
Hi Hannes, Thanks for the follow up. I have submitted a new version which should address your concerns. Here is a diff for your convenience: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eaptlscert-05 Please see in-line for details. I believe that the draft is now ready for publication.

Re: [Emu] draft-ietf-emu-eap-tls13-09

2020-06-15 Thread Mohit Sethi M
Hi Hannes, On 6/12/20 11:29 AM, Hannes Tschofenig wrote: A short follow-up on my own review: I wrote: " Pre-Shared Key (PSK) authentication SHALL NOT be used except for resumption. " What you want to say that that EAP-TLS MUST NOT use external PSKs. I wonder why you want to rule that use

Re: [Emu] Commitment Message in draft-ietf-emu-eap-tls13

2020-06-15 Thread Mohit Sethi M
Hi Hannes, Unfortunately you are wrong here. The design decision was in fact taken to avoid changes to the underlying TLS implementation while also avoiding changes to RFC 3748. To summarize: Jouni Malinen pointed out that mapping session resumption of TLS 1.3 to EAP-TLS is non-trivial. See

Re: [Emu] AD review of draft-ietf-emu-eap-tls13-09

2020-06-07 Thread Mohit Sethi M
Hi Roman, Thanks for your usual careful review. I have submitted a new version that hopefully addresses all the issues. Here is the diff for your convenience: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-10 Please see in-line for details on how we have handled each issue.

Re: [Emu] My review ... was RE: I-D Action: draft-ietf-emu-eaptlscert-02.txt

2020-06-08 Thread Mohit Sethi M
d these since they are still in early phases of development. However, I have now added a section titled "New Certificate Types and Compression Algorithms". Hope this is sufficient. > > Ciao > Hannes > > -Original Message- > From: Mohit Sethi M > Sent: Saturday,

[Emu] Preparations for Friday

2020-07-28 Thread Mohit Sethi M
Dear all, Instead of the usual 120 minutes, we have a 50 minute session for EMU @ IETF 108 on Friday, July 31st. Here is our current agenda for the meeting: https://datatracker.ietf.org/doc/agenda-108-emu/ As you notice, the agenda is rather packed. There is no possibility to extend the

Re: [Emu] [Ace] Proposed charter for ACE (EAP over CoAP?)

2020-12-04 Thread Mohit Sethi M
Hi ACE, I guess EMU is happy to see new deployments and uses of EAP. I think ACE is better suited for taking on this work if there is interest. EMU primarily deals with the base EAP protocol and various EAP authentication methods. We can obviously help with reviewing the document later on. I

Re: [Emu] I-D Action: draft-ietf-emu-eaptlscert-07.txt

2020-11-20 Thread Mohit Sethi M
Hi John, On 11/20/20 7:33 AM, John Mattsson wrote: > Looking at the references in the document: > > "Suppressing Intermediate Certificates in TLS" has not been updated since > March 2019. It looks like the TLS working group is not working on this > extension. We should maybe ask Martin, if he

Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-12.txt

2020-11-09 Thread Mohit Sethi M
Dear all, We had submitted a new version before the deadline. This version should address most of the comments received during the last call. Here is the diff for your convenience: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-12. In particular: - we have removed some of text in

Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-12.txt

2020-11-09 Thread Mohit Sethi M
---Original Message----- > From: Emu On Behalf Of Mohit Sethi M > Sent: Monday, November 9, 2020 2:08 PM > To: emu@ietf.org > Subject: Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-12.txt > > Dear all, > > We had submitted a new version before the deadline. This version sho

[Emu] Minutes from EMU @ IETF109

2020-11-22 Thread Mohit Sethi M
Dear all, Thank you for participating in the EMU session at IETF 109. A special thank you to our AD Roman and others for taking notes. Minutes from the EMU session at IETF 109 have now been uploaded: https://datatracker.ietf.org/meeting/109/materials/minutes-109-emu-00.md Please report any

Re: [Emu] Agenda Items for virtual IETF 109

2020-11-03 Thread Mohit Sethi M
I think our slot is scheduled for 05:00 - 07:00 UTC. The times shown on the agenda: https://datatracker.ietf.org/meeting/109/agenda are in UTC + 7. --Mohit On 11/4/20 7:33 AM, Joseph Salowey wrote: At the virtual IETF 100 meeting, we will have a 2 hour session on Friday, November 20, between

Re: [Emu] Barry Leiba's No Objection on draft-ietf-emu-eaptlscert-06: (with COMMENT)

2020-10-30 Thread Mohit Sethi M
Hi Barry, Thank you for the careful review. I have updated the draft in github (https://github.com/emu-wg/eaptls-longcert). Here is the diff for your convenience:

Re: [Emu] Secdir last call review of draft-ietf-emu-eaptlscert-06

2020-10-30 Thread Mohit Sethi M
Hi Stefan, Thank you for the review. I have updated the draft in github (https://github.com/emu-wg/eaptls-longcert). Here is the diff for your convenience:

Re: [Emu] Secdir last call review of draft-ietf-emu-eaptlscert-06

2020-10-31 Thread Mohit Sethi M
using locally stored data. If used in a local corporate context, a cache mechanism could be provided with pre-loaded relevant certs. But I don’t know how this may or may not interoperate with deployed base of EAP implementations. Stefan Santesson On 2020-10-30, 14:48, "Mohit Se

[Emu] Moving towards less security in 2020 - OCSP

2020-10-31 Thread Mohit Sethi M
Dear all, Sorry for the radio silence. I have over-committed myself to too many things. I think I have now read the entire discussion on OCSP. EAP-TLS with TLS 1.3 is a working group document so the text will reflect whatever the working group wants. The authors and contributors are at the

Re: [Emu] draft-ietf-emu-eap-tls13-11: Updates RFC 5216

2020-10-31 Thread Mohit Sethi M
Hi Hannes, This text and guidance was specifically requested by working group members like Alan. Unless the text is wrong, I don't see any point in removing it. Other TLS-based EAP methods are obviously free to use parts of this text relevant to them. Note that their resumption and

Re: [Emu] draft-ietf-emu-eap-tls13-11: Conformance with the TLS 13 Spec

2020-10-31 Thread Mohit Sethi M
Hi Hannes, Jim Schaad had asked for this: https://mailarchive.ietf.org/arch/msg/emu/XpRkNN-mh5BuiTD1O8iEfz9sM4M/ It is still optional to use. The figure only shows what the exchange would look like if a HRR was sent by the server. --Mohit On 10/21/20 12:16 PM, Hannes Tschofenig wrote: Hi

  1   2   >