IETF Logo Mail Archive

Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls13

Russ Housley <housley@vigilsec.com> Tue, 10 March 2020 16:30 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B07783A12EE for <emu@ietfa.amsl.com>; Tue, 10 Mar 2020 09:30:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aFJgPyIbYKGZ for <emu@ietfa.amsl.com>; Tue, 10 Mar 2020 09:30:10 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C9FA3A12EB for <emu@ietf.org>; Tue, 10 Mar 2020 09:30:10 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id E01F4300B34 for <emu@ietf.org>; Tue, 10 Mar 2020 12:30:07 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id xzPnv1F1Jgmx for <emu@ietf.org>; Tue, 10 Mar 2020 12:30:06 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id 04CEB300A2E; Tue, 10 Mar 2020 12:30:05 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <89644402-9B35-401A-92E1-062962B69BC0@ericsson.com>
Date: Tue, 10 Mar 2020 12:30:07 -0400
Cc: EMU WG <emu@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <54BA1048-104B-4CB6-8CF6-D23F463BE382@vigilsec.com>
References: <MN2PR11MB39011F2754371931D1CFF0CCDB780@MN2PR11MB3901.namprd11.prod.outlook.com> <FC4CD2F5-B5E2-4FFB-B81F-A67DC55CD24E@deployingradius.com> <3113156B-EB01-4BBA-B51A-38883656E457@vigilsec.com> <89644402-9B35-401A-92E1-062962B69BC0@ericsson.com>
To: John Mattsson <john.mattsson@ericsson.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/-QyqJwTOqzb_FixO2GkUvjo-ZpI>
Subject: Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls13
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2020 16:30:12 -0000

I do not understand the reason for Bernard's objection.  I looked at the minutes, and I do not find any rationale there.  Can you help?

Russ


> On Mar 9, 2020, at 5:59 AM, John Mattsson <john.mattsson@ericsson.com> wrote:
> 
> Hi Russ,
> 
> Sorry for the late reply. I actually brought up your draft [ID-ietf-tls-tls13-cert-with-extern-psk] during my EMU presentation at IETF 106 as something that should probably be in EAP-TLS. Bernard Aboba then expressed a very strong opinion that [ID-ietf-tls-tls13-cert-with-extern-psk] should absolutely not be included in the EAP-TLS Type-Code 0x0D. After this the WG decided as a way forward to specify EAP-TLS with PSK authentication in a new draft.
> 
> Given these strong opinions from Bernard Aboba, and the wish to publish draft-ietf-emu-eap-tls13 soon. I think the best way forward would be specify the use of [ID-ietf-tls-tls13-cert-with-extern-psk] in the same new draft as EAP-TLS with PSK authentication. Does that sound like an acceptable way forward?
> 
> Cheers,
> John
> 
> -----Original Message-----
> From: Russ Housley <housley@vigilsec.com>
> Date: Monday, 13 January 2020 at 18:29
> To: John Mattsson <john.mattsson@ericsson.com>
> Cc: EMU WG <emu@ietf.org>
> Subject: Late WGLC Comment on draft-ietf-emu-eap-tls13
> 
>    John:
> 
>    Section 2.1.1 says:
> 
>       Pre-Shared Key (PSK) authentication SHALL NOT be used except
>       for resumption.
> 
>    I would rather this say:
> 
>       Pre-Shared Key (PSK) authentication SHALL NOT be used except
>       for resumption or in conjunction with the "tls_cert_with_extern_psk"
>       extension [ID-ietf-tls-tls13-cert-with-extern-psk].
> 
>    Russ
> 
> 
>

v2.23.0 | Report a Bug | By Email