Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-16.txt

2021-06-11 Thread John Mattsson 
Hi,

I think it would be good to first make sure that we have GitHub issues or pull 
requests for the remaining EAP-TLS issues.

https://github.com/emu-wg/draft-ietf-emu-eap-tls13

The more I work with GitHub in IETF, the more I like it, both as an author or 
commenting on documents. It forces comments to be much more concrete, it makes 
sure that no issues are forgotten, and it makes it clearer why changes was made 
and the discussion behind it. Maybe the EMU WG should discuss and formalize a 
bit on how to work with GitHub at IETF 111.

Cheers,
John

From: Emu  on behalf of Joseph Salowey 
Date: Friday, 11 June 2021 at 20:25
To: Alan DeKok 
Cc: Roman Danyliw , Mohit Sethi M , 
emu@ietf.org 
Subject: Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-16.txt
Hi Folks,

I realize that there is frustration with the current document and process.  I 
ask that we all focus on finishing off the current document so that we can move 
it forward.  This does require that we consider the issues on the table.  I 
think we are close to the finish line.  I am asking the authors to help work 
through the final issues.

Please continue to remain professional in your discussions on the list.

Thanks,

Joe

On Fri, Jun 11, 2021 at 10:33 AM Alan DeKok 
mailto:al...@deployingradius.com>> wrote:
On Jun 11, 2021, at 12:20 PM, Mohit Sethi M 
mailto:mohit.m.se...@ericsson.com>> wrote:
> I find it odd that you claim your suggestions have been ignored or rejected.

  So -16 does address my review from May 6?  Could you please go through my 
review of today, and point out in -16 where each of my comments was addressed?

  As a reminder, many of those comments go back to my earlier review of -13 on 
March 13.   So we now have -14, -15, and -16 which (so far as I can tell) don't 
address substantial portions of the reviews.

> We have created many issues on github  
> (https://github.com/emu-wg/draft-ietf-emu-eap-tls13/issues?q=is%3Aissue+is%3Aclosed+Alan<https://protect2.fireeye.com/v1/url?k=6242a48c-3dd99d89-6242e417-86d2114eab2f-17c457b5f780f34b=1=f27361e9-1243-4ef0-b2dc-e81a4ff8946d=https%3A%2F%2Fgithub.com%2Femu-wg%2Fdraft-ietf-emu-eap-tls13%2Fissues%3Fq%3Dis%253Aissue%2Bis%253Aclosed%2BAlan>)
>  and submitted many pull requests addressing your comments 
> (https://github.com/emu-wg/draft-ietf-emu-eap-tls13/pulls?q=is%3Apr+Alan+is%3Aclosed<https://protect2.fireeye.com/v1/url?k=2ea35929-7138602c-2ea319b2-86d2114eab2f-b9e622cabe80ccc1=1=f27361e9-1243-4ef0-b2dc-e81a4ff8946d=https%3A%2F%2Fgithub.com%2Femu-wg%2Fdraft-ietf-emu-eap-tls13%2Fpulls%3Fq%3Dis%253Apr%2BAlan%2Bis%253Aclosed>).
>
> When I merged this PR in the morning: 
> https://github.com/emu-wg/draft-ietf-emu-eap-tls13/pull/71<https://protect2.fireeye.com/v1/url?k=8f90a00d-d00b9908-8f90e096-86d2114eab2f-0e4aca5ebf1d50d0=1=f27361e9-1243-4ef0-b2dc-e81a4ff8946d=https%3A%2F%2Fgithub.com%2Femu-wg%2Fdraft-ietf-emu-eap-tls13%2Fpull%2F71>,
>  it looked like all of your comments had been addressed in the PR. Joe (the 
> other co-chair) had approved this PR?

  I had sent a review of -13 on March 3.  And another one May 6.  And another 
today.  The second and third reviews were largely copied from the first one.  
And contained issues which (so far as I can tell) have not been addressed, much 
less discussed.  These issues do not appear to be addressed in that PR.

> As authors of a working group document of a voluntary standards organization, 
> we have been doing voluntary service over the last several years. We started 
> working on this document in 2018 
> (https://datatracker.ietf.org/doc/html/draft-mattsson-eap-tls13). You have 
> been helping us with the document since the beginning. So thank you for your 
> voluntary service as well. While it is not mandatory, helping us with github 
> issues/PRs related to your reviews can help us ensure that your comments are 
> not inadvertently left unaddressed; and that this community effort moves 
> forward faster.

  I'm asking that my reviews be discussed and/or addressed, by the authors, in 
the WG.  I didn't expect to get that particular response.  It is distinctly 
unusual.

  Alan DeKok.

___
Emu mailing list
Emu@ietf.org<mailto:Emu@ietf.org>
https://www.ietf.org/mailman/listinfo/emu
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-16.txt

2021-06-11 Thread Joseph Salowey 
Hi Folks,

I realize that there is frustration with the current document and process.
I ask that we all focus on finishing off the current document so that we
can move it forward.  This does require that we consider the issues on the
table.  I think we are close to the finish line.  I am asking the authors
to help work through the final issues.

Please continue to remain professional in your discussions on the list.

Thanks,

Joe

On Fri, Jun 11, 2021 at 10:33 AM Alan DeKok 
wrote:

> On Jun 11, 2021, at 12:20 PM, Mohit Sethi M 
> wrote:
> > I find it odd that you claim your suggestions have been ignored or
> rejected.
>
>   So -16 does address my review from May 6?  Could you please go through
> my review of today, and point out in -16 where each of my comments was
> addressed?
>
>   As a reminder, many of those comments go back to my earlier review of
> -13 on March 13.   So we now have -14, -15, and -16 which (so far as I can
> tell) don't address substantial portions of the reviews.
>
> > We have created many issues on github  (
> https://github.com/emu-wg/draft-ietf-emu-eap-tls13/issues?q=is%3Aissue+is%3Aclosed+Alan)
> and submitted many pull requests addressing your comments (
> https://github.com/emu-wg/draft-ietf-emu-eap-tls13/pulls?q=is%3Apr+Alan+is%3Aclosed).
>
> >
> > When I merged this PR in the morning:
> https://github.com/emu-wg/draft-ietf-emu-eap-tls13/pull/71, it looked
> like all of your comments had been addressed in the PR. Joe (the other
> co-chair) had approved this PR?
>
>   I had sent a review of -13 on March 3.  And another one May 6.  And
> another today.  The second and third reviews were largely copied from the
> first one.  And contained issues which (so far as I can tell) have not been
> addressed, much less discussed.  These issues do not appear to be addressed
> in that PR.
>
> > As authors of a working group document of a voluntary standards
> organization, we have been doing voluntary service over the last several
> years. We started working on this document in 2018 (
> https://datatracker.ietf.org/doc/html/draft-mattsson-eap-tls13). You have
> been helping us with the document since the beginning. So thank you for
> your voluntary service as well. While it is not mandatory, helping us with
> github issues/PRs related to your reviews can help us ensure that your
> comments are not inadvertently left unaddressed; and that this community
> effort moves forward faster.
>
>   I'm asking that my reviews be discussed and/or addressed, by the
> authors, in the WG.  I didn't expect to get that particular response.  It
> is distinctly unusual.
>
>   Alan DeKok.
>
> ___
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu
>
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-16.txt

2021-06-11 Thread Alan DeKok 
On Jun 11, 2021, at 12:20 PM, Mohit Sethi M  wrote:
> I find it odd that you claim your suggestions have been ignored or rejected.

  So -16 does address my review from May 6?  Could you please go through my 
review of today, and point out in -16 where each of my comments was addressed?

  As a reminder, many of those comments go back to my earlier review of -13 on 
March 13.   So we now have -14, -15, and -16 which (so far as I can tell) don't 
address substantial portions of the reviews.

> We have created many issues on github  
> (https://github.com/emu-wg/draft-ietf-emu-eap-tls13/issues?q=is%3Aissue+is%3Aclosed+Alan)
>  and submitted many pull requests addressing your comments 
> (https://github.com/emu-wg/draft-ietf-emu-eap-tls13/pulls?q=is%3Apr+Alan+is%3Aclosed).
>  
> 
> When I merged this PR in the morning: 
> https://github.com/emu-wg/draft-ietf-emu-eap-tls13/pull/71, it looked like 
> all of your comments had been addressed in the PR. Joe (the other co-chair) 
> had approved this PR?

  I had sent a review of -13 on March 3.  And another one May 6.  And another 
today.  The second and third reviews were largely copied from the first one.  
And contained issues which (so far as I can tell) have not been addressed, much 
less discussed.  These issues do not appear to be addressed in that PR.

> As authors of a working group document of a voluntary standards organization, 
> we have been doing voluntary service over the last several years. We started 
> working on this document in 2018 
> (https://datatracker.ietf.org/doc/html/draft-mattsson-eap-tls13). You have 
> been helping us with the document since the beginning. So thank you for your 
> voluntary service as well. While it is not mandatory, helping us with github 
> issues/PRs related to your reviews can help us ensure that your comments are 
> not inadvertently left unaddressed; and that this community effort moves 
> forward faster.

  I'm asking that my reviews be discussed and/or addressed, by the authors, in 
the WG.  I didn't expect to get that particular response.  It is distinctly 
unusual.

  Alan DeKok.

___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-16.txt

2021-06-11 Thread Mohit Sethi M 
I have suggested repeatedly that the document contain sufficient information to 
create a secure and inter-operable implementation.  It's not clear to me why 
these suggestions have been ignored, or rejected.

I guess you wanted to say that the document does not? contain sufficient 
information to create a secure and interoperable implementation. I disagree. 
But that doesn't mean your comments will not be addressed. This is after all a 
working group document and should reflect rough consensus. So we will address 
your remaining issues.

 It's not clear to me why these suggestions have been ignored, or rejected.

I find it odd that you claim your suggestions have been ignored or rejected. We 
have created many issues on github  
(https://github.com/emu-wg/draft-ietf-emu-eap-tls13/issues?q=is%3Aissue+is%3Aclosed+Alan)
 and submitted many pull requests addressing your comments 
(https://github.com/emu-wg/draft-ietf-emu-eap-tls13/pulls?q=is%3Apr+Alan+is%3Aclosed).

When I merged this PR in the morning: 
https://github.com/emu-wg/draft-ietf-emu-eap-tls13/pull/71, it looked like all 
of your comments had been addressed in the PR. Joe (the other co-chair) had 
approved this PR?

As authors of a working group document of a voluntary standards organization, 
we have been doing voluntary service over the last several years. We started 
working on this document in 2018 
(https://datatracker.ietf.org/doc/html/draft-mattsson-eap-tls13). You have been 
helping us with the document since the beginning. So thank you for your 
voluntary service as well. While it is not mandatory, helping us with github 
issues/PRs related to your reviews can help us ensure that your comments are 
not inadvertently left unaddressed; and that this community effort moves 
forward faster.

--Mohit

On 6/11/21 5:17 PM, Alan DeKok wrote:

On Jun 11, 2021, at 9:56 AM, Mohit Sethi M 
 wrote:



I guess you know that there are several implementations of the draft
some of which are already deployed.



   While that's a nice comment telling me what I already know, it doesn't 
address my point.  The fact that implementations exist does not mean that the 
specification is sufficient to create an implementation.

  The implementors have had many "behind the scenes" discussions about how to 
implement EAP-TLS 1.3.   The outcome of those discussions was shared among 
implementors.  That information is largely what enabled inter-operability.  
Information which is not all reflected in the document.

  I have suggested repeatedly that the document contain sufficient information 
to create a secure and inter-operable implementation.  It's not clear to me why 
these suggestions have been ignored, or rejected.



It is of course nice to strive for perfection.



  That comment misrepresents my position.



Could you please submit a pull request addressing your
unaddressed comments.



  I gave suggested text in my messages.  These comments were largely ignored 
across multiple reviews.  This is not how we should work towards consensus.

  If the goal of this document is simply to get it published, then I withdraw 
all of my objections.  Implementors will then share extra knowledge behind the 
scenes.

  If the goal of this document is to enable secure and inter-operable 
implementations, then it would be useful to address comments from major 
implementors.

  Alan DeKok.

___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-16.txt

2021-06-11 Thread Alan DeKok 
On Jun 11, 2021, at 9:56 AM, Mohit Sethi M  wrote:
> 
> I guess you know that there are several implementations of the draft 
> some of which are already deployed.

   While that's a nice comment telling me what I already know, it doesn't 
address my point.  The fact that implementations exist does not mean that the 
specification is sufficient to create an implementation.

  The implementors have had many "behind the scenes" discussions about how to 
implement EAP-TLS 1.3.   The outcome of those discussions was shared among 
implementors.  That information is largely what enabled inter-operability.  
Information which is not all reflected in the document.

  I have suggested repeatedly that the document contain sufficient information 
to create a secure and inter-operable implementation.  It's not clear to me why 
these suggestions have been ignored, or rejected.

> It is of course nice to strive for perfection.

  That comment misrepresents my position.

> Could you please submit a pull request addressing your 
> unaddressed comments.

  I gave suggested text in my messages.  These comments were largely ignored 
across multiple reviews.  This is not how we should work towards consensus.

  If the goal of this document is simply to get it published, then I withdraw 
all of my objections.  Implementors will then share extra knowledge behind the 
scenes.

  If the goal of this document is to enable secure and inter-operable 
implementations, then it would be useful to address comments from major 
implementors.

  Alan DeKok.

___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-16.txt

2021-06-11 Thread Mohit Sethi M 
I guess you know that there are several implementations of the draft 
some of which are already deployed. It is of course nice to strive for 
perfection. Could you please submit a pull request addressing your 
unaddressed comments.

--Mohit

On 6/11/21 4:39 PM, Alan DeKok wrote:
> On Jun 11, 2021, at 9:08 AM, Mohit Sethi M 
>  wrote:
>> Hi Chair/AD/EMU:
>>
>> We have submitted a new version of draft-ietf-emu-eap-tls13 based on the 
>> extensive feedback from Alan Dekok, Heikki Vatiainen, and Oleg Pekar.
>>
>> Can we somehow prioritize this document and move it forward? The authors 
>> have received several offline emails inquiring about the publication 
>> timeline.
>>
>> Any remaining issues in the current draft can be addressed together with the 
>> comments from the AD review and the IETF last call.
>I have sent a separate message re-iterating my previous detailed review, 
> much of which remains unaddressed.
>
>I suggest that the authors prioritize working towards WG consensus.
>
>Alan DeKok.
>
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-16.txt

2021-06-11 Thread Alan DeKok 
On Jun 11, 2021, at 9:08 AM, Mohit Sethi M 
 wrote:
> 
> Hi Chair/AD/EMU:
> 
> We have submitted a new version of draft-ietf-emu-eap-tls13 based on the 
> extensive feedback from Alan Dekok, Heikki Vatiainen, and Oleg Pekar.
> 
> Can we somehow prioritize this document and move it forward? The authors have 
> received several offline emails inquiring about the publication timeline.
> 
> Any remaining issues in the current draft can be addressed together with the 
> comments from the AD review and the IETF last call. 

  I have sent a separate message re-iterating my previous detailed review, much 
of which remains unaddressed.

  I suggest that the authors prioritize working towards WG consensus.

  Alan DeKok.

___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

[Emu] I-D Action: draft-ietf-emu-eap-tls13-16.txt

2021-06-11 Thread internet-drafts 

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the EAP Method Update WG of the IETF.

Title   : Using EAP-TLS with TLS 1.3 (EAP-TLS 1.3)
Authors : John Preuß Mattsson
  Mohit Sethi
Filename: draft-ietf-emu-eap-tls13-16.txt
Pages   : 35
Date: 2021-06-11

Abstract:
   The Extensible Authentication Protocol (EAP), defined in RFC 3748,
   provides a standard mechanism for support of multiple authentication
   methods.  This document specifies the use of EAP-Transport Layer
   Security (EAP-TLS) with TLS 1.3 while remaining backwards compatible
   with existing implementations of EAP-TLS.  TLS 1.3 provides
   significantly improved security, privacy, and reduced latency when
   compared to earlier versions of TLS.  EAP-TLS with TLS 1.3 (EAP-TLS
   1.3) further improves security and privacy by always providing
   forward secrecy, never disclosing the peer identity, and by mandating
   use of revocation checking.  This document also provides guidance on
   authorization and resumption for EAP-TLS in general (regardless of
   the underlying TLS version used).  This document updates RFC 5216.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/

There is also an htmlized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13-16

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-16


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu