Re: [Ace] call for adoption for draft-marin-ace-wg-coap-eap

Michael Richardson <mcr+ietf@sandelman.ca> Sat, 06 February 2021 21:30 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 744253A0C46 for <ace@ietfa.amsl.com>; Sat, 6 Feb 2021 13:30:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pg53E6LftxsC for <ace@ietfa.amsl.com>; Sat, 6 Feb 2021 13:30:03 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1AB43A0C36 for <ace@ietf.org>; Sat, 6 Feb 2021 13:30:02 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 8D22C389AB; Sat, 6 Feb 2021 16:33:05 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id wnZfyMYgXz2h; Sat, 6 Feb 2021 16:33:04 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 2D466389A4; Sat, 6 Feb 2021 16:33:04 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id CCFA7585; Sat, 6 Feb 2021 16:29:59 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: =?us-ascii?Q?=3D=3FUTF-8=3FB=3FRWR1YXJkbyBJbmdsw6lzIChJTVQp=3F=3D?= <eduardo.ingles-sanchez@imt-atlantique.fr>
cc: ace@ietf.org
In-Reply-To: <4ced3414-dbff-0ca3-5345-7e524207d722@imt-atlantique.fr>
References: <CADZyTkkiqC=x_oAYsc_jHHeiNWhjvXHHvOKEeF=9W3si8Dp3pw@mail.gmail.com> <4ced3414-dbff-0ca3-5345-7e524207d722@imt-atlantique.fr>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Date: Sat, 06 Feb 2021 16:29:59 -0500
Message-ID: <14711.1612646999@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/ygAbYi84WUO7qYFI2qsk5YWVobM>
Subject: Re: [Ace] call for adoption for draft-marin-ace-wg-coap-eap
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Feb 2021 21:30:06 -0000

Eduardo Inglés (IMT) wrote:
    > Regarding the writing of the draft, I agree with Michael Richardson
    > that it can be improved to facilitate the understanding of some
    > concepts. For example, I would rewrite this sentence to understand it
    > on a first reading: "EAP requests go always from the EAP authenticator
    > and the EAP peer and the EAP responses from the EAP peer to the EAP
    > authenticator."  And perhaps it is convenient to clarify in the
    > abstract that this draft is a lower layer EAP to avoid confusion with
    > the EAP methods. However, I do agree with the authors on the usefulness
    > of the protocol.

Could you please explain to me a use case?
Did you use an EAP method to key OSCORE?

Did you do this without a TLS method within the EAP?
If you did use a TLS method within EAP, then did you compare:

(1)  IP/UDP/CoAP/EAP/TLS
to:
(2)  IP/UDP/DTLS/CoAP

What was your EAP peer to AAA server communication transported?
Was it EAP over RADIUS?  If so, how did you setup the RADIUS key?
Or did you use DTLS or TLS for the RADIUS?

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide