Re: [Emu] Adoption call for eap.arpa
Alexander Clouter <alex+ietf@coremem.com> Tue, 12 March 2024 15:56 UTC
Return-Path: <alex+ietf@coremem.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89054C14F615 for <emu@ietfa.amsl.com>; Tue, 12 Mar 2024 08:56:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.807
X-Spam-Level:
X-Spam-Status: No, score=-2.807 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=coremem.com header.b="d+lyq5Eo"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="pvu+Hgtn"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QZkclPx82XQV for <emu@ietfa.amsl.com>; Tue, 12 Mar 2024 08:56:02 -0700 (PDT)
Received: from fhigh7-smtp.messagingengine.com (fhigh7-smtp.messagingengine.com [103.168.172.158]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD031C14F6F2 for <emu@ietf.org>; Tue, 12 Mar 2024 08:56:02 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailfhigh.nyi.internal (Postfix) with ESMTP id BC6BF11400D6 for <emu@ietf.org>; Tue, 12 Mar 2024 11:56:01 -0400 (EDT)
Received: from imap46 ([10.202.2.96]) by compute3.internal (MEProxy); Tue, 12 Mar 2024 11:56:01 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coremem.com; h= cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1710258961; x=1710345361; bh=qiakyo6xuI Hy4RmuKkFtTUXDbwslySIFsmmA0/gpHdc=; b=d+lyq5EojSmww0iGBbPXb2H5qj 8EfkZbWiqWNcxN/QcD5hwmQZCMUqVVYYshPNZYg9PJBuF+qOuWdvj49ZoUtSjWPg Ypey3Dal/sve3CWgrSQgIwknOBrRLAW48f95ogB5PTph/JE1D+xJnro44DbyziLe 1Gngu054I2ZfdmF16yrm6i0vuSLAaoOoRSOjA9sshFbZ6hMUV1n21a8go5qzL596 ve+6WazbTNPMH3q8Ue5vZ9eBeAknF1tJv4IdWLmPJLJihXduU6DR9B2Cxx5vsciC 8IG/FfEMqQF/8QUKcHiooPoYfUl/p1FxHfXSn1Gud0UypLDuEFwtdtVTe3jg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1710258961; x=1710345361; bh=qiakyo6xuIHy4RmuKkFtTUXDbwsl ySIFsmmA0/gpHdc=; b=pvu+HgtnZ9S9uEV9tcLO9z9hG5Kib63adx+9Z5A2YPs/ oMncjDuzwkRQiUW+fOiRG1YKcd6VJ+K1yysE/RkIwSJpICM5tfagBD3DRBhAFT7+ w5M86dZA08fYo3dI672YXYGevTFk7gwTsIfdFBVy1r7PCqDmS7j+NGGmm29ZET7L kLe4rD2ms83l/9ueBf+Zcen4q/ZAglEYILkyNw0RKdHhG51NdznbtnA3hlkzdjxR 2dxv7mkjq36+QdNmlOK3IHKxQLlB3KGcRgvjmrLTVyOHXyws35+UdAvXupSEo+vw 63eLMU2GohEdl3l4ZW1Fhs7/rRTtPK7HFuZzsYizZw==
X-ME-Sender: <xms:EXvwZcc8xeLTTsed_btQXMkJZ1iQ-zOQmkXyl5UlOzteBgzFBSUWqQ> <xme:EXvwZePG_6MiSJXTFPV5mpE3UTWKXdCrYzwgLWJRcMlR9S0402IhIwhptSXVRSE_P JvQZHcED0ZNvlEpFw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrjeefgdekvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdetlhgvgigrnhguvghrucevlhhouhhtvghrfdcuoegrlhgv gidoihgvthhfsegtohhrvghmvghmrdgtohhmqeenucggtffrrghtthgvrhhnpedvteejhf ehgfegleeuleefteeikefgvefhheekheevvdekueefkeeiieffhfdvgeenucevlhhushht vghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrlhgvgidoihgvthhfse gtohhrvghmvghmrdgtohhm
X-ME-Proxy: <xmx:EXvwZdj4O8ubjIsSHJhA-jFTxtKmqI-CTUrlFA-wbz_Fjn0LkP0kSQ> <xmx:EXvwZR9wHmbm9dU9M5HPyTjEy_YVFI-Xl0gVQMQIfxbqt6a7CXqpOg> <xmx:EXvwZYtbiU67YM3WEOtBULDLz94vGsuTxFGOqQ1FuCmw0BmL1VFLKw> <xmx:EXvwZYF4xUd8cgsN_uvZ4myEL58sazLWp2072rUsOHGoVBGu2wZVBg> <xmx:EXvwZVXAYaJESbaMoXwHdgTTr-4SiiHrwVVv4fHU81LYSimKPj4YVQ>
Feedback-ID: ie3614602:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 7C0E52A20090; Tue, 12 Mar 2024 11:56:01 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-251-g8332da0bf6-fm-20240305.001-g8332da0b
MIME-Version: 1.0
Message-Id: <11f28e4b-1f21-4cf1-950e-43fdc620447f@app.fastmail.com>
In-Reply-To: <7cbce6da-bc18-4c5b-a812-9de4f94bebb9@dfn.de>
References: <F1FD786F-D0B1-494B-B384-95BBB4B7790B@akayla.com> <ccaa089f2ee34a5e83fe270d2d6adee0@huawei.com> <2a07a31a-b9ff-4640-a348-cd36b270e63a@app.fastmail.com> <7cbce6da-bc18-4c5b-a812-9de4f94bebb9@dfn.de>
Date: Tue, 12 Mar 2024 15:55:41 +0000
From: Alexander Clouter <alex+ietf@coremem.com>
To: EMU WG <emu@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/-M9rCT3ChfwNQNs8ZSAUiRw-9DQ>
Subject: Re: [Emu] Adoption call for eap.arpa
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2024 15:56:08 -0000
On Tue, 12 Mar 2024, at 14:45, Jan-Frederik Rieckers wrote: > On 12.03.24 13:45, Alexander Clouter wrote: >> On Tue, 12 Mar 2024, at 12:37, Yanlei(Ray) wrote: >>> My understanding here is that the EAP server and client will not >>> authenticate each other in EAP-TLS, and all the authentication will be >>> done in the " captive portal ". So why recommend EAP-TLS as a >>> provisioning method? Just send the identifier "portal@eap.arpa" and >>> then jump to a " captive portal ". Is that OK? >> >> So for OOB provisioning (ie. get an IP to access a captive portal) the conversation would be: >> >> >>> EAP-Identity Request >> <<< EAP-Identity Response[portal@eap.arpa] >> >>> EAP-Success >> >> Sounds sensible. > > I don't think it's that straight forward. > For Enterprise-WiFi we still need cryptographic keys for the WiFi 4-way > handshake, so establishing a TLS-Tunnel is needed to derive the WPA keys. Nice catch. Cheers
- [Emu] Adoption call for eap.arpa Peter Yee
- Re: [Emu] Adoption call for eap.arpa Michael Richardson
- Re: [Emu] Adoption call for eap.arpa Jan-Frederik Rieckers
- Re: [Emu] Adoption call for eap.arpa Alexander Clouter
- Re: [Emu] Adoption call for eap.arpa Yanlei(Ray)
- Re: [Emu] Adoption call for eap.arpa Alexander Clouter
- Re: [Emu] Adoption call for eap.arpa Jan-Frederik Rieckers
- Re: [Emu] Adoption call for eap.arpa Alexander Clouter
- Re: [Emu] Adoption call for eap.arpa Michael Richardson
- Re: [Emu] Adoption call for eap.arpa Alan DeKok
- Re: [Emu] Adoption call for eap.arpa Heikki Vatiainen
- Re: [Emu] Adoption call for eap.arpa Mohit Sethi
- Re: [Emu] Adoption call for eap.arpa Alan DeKok
- Re: [Emu] Adoption call for eap.arpa Mohit Sethi
- Re: [Emu] Adoption call for eap.arpa Michael Richardson
- Re: [Emu] Adoption call for eap.arpa Alan DeKok
- Re: [Emu] Adoption call for eap.arpa Michael Richardson
- Re: [Emu] Adoption call for eap.arpa Mohit Sethi