Re: [Emu] Question for draft-ietf-emu-tls-eap-types-03

Tim Cappalli <Tim.Cappalli@microsoft.com> Sat, 03 July 2021 01:16 UTC

Return-Path: <Tim.Cappalli@microsoft.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DD1E3A0D47 for <emu@ietfa.amsl.com>; Fri, 2 Jul 2021 18:16:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.298
X-Spam-Level:
X-Spam-Status: No, score=-2.298 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.198, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 38IHOYj19hEB for <emu@ietfa.amsl.com>; Fri, 2 Jul 2021 18:16:41 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640132.outbound.protection.outlook.com [40.107.64.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EB9E3A0D46 for <emu@ietf.org>; Fri, 2 Jul 2021 18:16:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KdAbv04D6jMDU+Z4Ij5QYDB8zMR1PMjRKD6htzxkqMSxp1Ms4vpRAFTWt4i4csbrTyW5/f+x3jKmpwsXqqznYMoopqZbY5eVolcJejBeVrRRAS6Ee7gAZj2R/ncvf8gNGikK+Hrudid0cextn/JtQfF8bZL0LsoyGYXKtogh/CgX75mlhuM/EBo7+lHWXgobjDHp+3/fwdFxz9NrgWI9CBMnqWO+R1JpuTf4n0/fb7QJ3BwiGMk9JrNuQyk6NekZmjGnCDPSy/hAYi5M44DO/af1lV1PY2ubqqLzhdjndKjDYfp7kX3VmIo5obWDrZqf2vh6/342v4mboojAzZ7Isw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LYUJD5kH9Mz9PJsw/bZoo2gixBEza+30Av0r6Xv9Y0Y=; b=Ya6heebXIi2shuBnfYRd6Ll+ib78OFZeZwtITmmM4xCzo3DL9/xhIjfkLhpYUkrXNFSRmhKpjJGfx1SQV/Yjf10tHMOJGYBw8YO4AvJQocmkDl+XqO0wRSMNaGiVycmXznnTPu/BuTfrx5g9H4i7FBa7YWek2kYL82+ibzkSRNliZLV18Gz6W8FZvkJOU1/kLAz/V5vDndieYQgeK2LWnMznZtHBd/lvco3huNRx0Kndgts9WsI71ozhpKK5EsmmfQfztss0AEKtWhgnpWz47njh4h7eVniPFG3xSOBfOKQWM/xx0WZ++z82lJ25vVrZp4eck1xnsMHtNWCVdQ8nPQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LYUJD5kH9Mz9PJsw/bZoo2gixBEza+30Av0r6Xv9Y0Y=; b=WpN7znrDRWhoq/soJCvPnpkO4ZtIBTchbgbqTrJ8MEzKVL6tuV0Hdvp4MyOhJSPUMpqoGPLUDiQs+2+vDiLH6PwvOeKw0m1edqkiZYJa2TpsDA1S5ZzdtI4Z9XLUTk0x3maWZDv5/3yiRtVbU21q4gwY4gKeeNvlLiZCiSeKwlc=
Received: from SJ0PR00MB1038.namprd00.prod.outlook.com (2603:10b6:a03:2aa::7) by SJ0PR00MB1128.namprd00.prod.outlook.com (2603:10b6:a03:359::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4333.0; Sat, 3 Jul 2021 01:16:34 +0000
Received: from SJ0PR00MB1038.namprd00.prod.outlook.com ([fe80::8199:44a0:cfdc:75ce]) by SJ0PR00MB1038.namprd00.prod.outlook.com ([fe80::8199:44a0:cfdc:75ce%9]) with mapi id 15.20.4332.000; Sat, 3 Jul 2021 01:16:34 +0000
From: Tim Cappalli <Tim.Cappalli@microsoft.com>
To: "aland@deployingradius.com" <aland@deployingradius.com>, "lear@lear.ch" <lear@lear.ch>
CC: "emu@ietf.org" <emu@ietf.org>
Thread-Topic: [Emu] Question for draft-ietf-emu-tls-eap-types-03
Thread-Index: AQHXbCCmAlmXzRF/iUeBGw7apIyON6spiYGAgAAx+PGAAByfAIAAUUAAgAASfQCAAVtyAIAA+smAgAAD+oCAAYpdAIAADHYAgAHkPICAAGiBqw==
Date: Sat, 3 Jul 2021 01:16:33 +0000
Message-ID: <SJ0PR00MB10384831490B8F890DE2FCC4951E9@SJ0PR00MB1038.namprd00.prod.outlook.com>
References: <DB6D339A-710C-4EC4-9F8E-4B8602632AE1@deployingradius.com> <CABXxEz8EBUz_y1FmQTE9C8cpF+3vqy-mPCx8CnyUMZ72pNifAA@mail.gmail.com> <SJ0PR00MB1038767373E0DE9E3D7BE0DA95039@SJ0PR00MB1038.namprd00.prod.outlook.com> <C7DBE2EB-82BF-4229-B0AF-4BA48B2D45BC@deployingradius.com> <7332.1624927848@localhost> <4F79B7DB-7E55-4564-88AE-C6E2AF8FD293@deployingradius.com> <26359.1625006432@localhost> <BFA8E5C4-D368-41BF-AFA9-BAA35B666F8A@deployingradius.com> <a02d4815-dbfa-e0a0-99fb-0f53127f2fd1@lear.ch> <13DD39D5-57C4-48D2-868A-C4D530127095@deployingradius.com> <79e7dff7-c473-762f-b7f4-3d056b6953fe@lear.ch>, <9235E3E6-1346-4481-A7C8-EEFEF4D56A7F@deployingradius.com>
In-Reply-To: <9235E3E6-1346-4481-A7C8-EEFEF4D56A7F@deployingradius.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-07-03T01:15:36.2105102Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard
authentication-results: deployingradius.com; dkim=none (message not signed) header.d=none;deployingradius.com; dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8e5b08ad-e6a0-40ce-6dd1-08d93dc03285
x-ms-traffictypediagnostic: SJ0PR00MB1128:
x-microsoft-antispam-prvs: <SJ0PR00MB1128EB55CACF9FAB80AA7006951E9@SJ0PR00MB1128.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ja34eQTRmpio+fed/ukFGFfWr7+ThgRrjw5x7ADe5ppFClCXJFimiqMCxzVXq31zR+yHja2avcHkJqVk/4JP6WV94g9sz8dKufyQrh8QZNR4hVvIN1tL1YkT1MS3vPHTnLDRBCR9ma3bmWZ9sWzQt25zqAzh5owuO6Upps+3zUsIQikVwwHgeD4K9gaGVxok65IX+tX/7F0q5OTDGkWtHE3PanHYYMEWstao6cTRP73/kaqKe7uXakIDvOV5aA0CfUlc74lrE0cavfyrbYNqY0JvvRBCRDS9Q/TVQpY7Wd3MRAjFZ9jayzqtZL+9l6Vi0s5N9p1VzknDYoUcvMU+w4vSTUCYfJ6cDIj+XIeXUkW2kJQipAxT2s9Kh5qQxxpmNoHUcdr3k6zF/DPu41NOr0xBS43kpUeyI0YekxbIpFlbmT+dsjTZfC7McqkfQ/DWwfxyVG5FJAYJ9JjHcgKzhDOMCesLvqOEYwC7GAw1LOopF54lpvpQwi2Ckm5Vw4meLkCfvQ3d8iQOmf5J+WYTBXzqMr98A0FCXJRe+m5z3hXDtE7u6Lf9Xr7iEDg6NdNEkt2DbH6o9oY/+Iu2hVgOkJpodj0ICEX6+8YCUSXO++zSwBiKx6ymYBQAWrYA74eou3hsiYXwoWANlF8KmjL2YAh+JnHLjRdvW0twfivIBcnWceTF32u8/SeUdOLlP5rWaAtf5byVLTm7T9WEs5TNHEZVH4D3Nlb/umNv0olvCjI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR00MB1038.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(71200400001)(8990500004)(38100700002)(7696005)(33656002)(110136005)(966005)(10290500003)(478600001)(66946007)(64756008)(316002)(5660300002)(66476007)(66446008)(76116006)(122000001)(91956017)(2906002)(9686003)(66556008)(26005)(55016002)(4326008)(166002)(52536014)(8936002)(86362001)(53546011)(6506007)(186003)(8676002)(82950400001)(82960400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?enRLoVDjLbMMPQyO4Ju0VkHhg+tloUrA2oYUxehAsbEgbQCZhtKZuGgU?= =?Windows-1252?Q?XaGT36NE+P4vB4yHP4t4vlOyIaqCClcpSp2G4lv+cZfeyC0ra+FJfa6T?= =?Windows-1252?Q?MkZUJ+wZhFeBWO7HfA2Ej1PhHU/dFWzCkvP2z65SgWBjqItM3MUdNszx?= =?Windows-1252?Q?vhWY1uSne2IkQD+rUNfteBdClFnpwuPtECSIgpPyqXe8R2kCBee9Kc2/?= =?Windows-1252?Q?hAN04pqp4QYykQc3Vw+Ad9G8Hhm8bf1sU3WLGcyMpqDyxoKwrhAs6ZET?= =?Windows-1252?Q?Z3m1XAdDnY0CtKpzJ6EkpfWJ9yjzyR2HSZcx5pbiuRn/8d4raWFSmNlT?= =?Windows-1252?Q?cw0lgDzSCNqtL63R6AfpbFfaugA0vZfmxYSJ4uYnIFkOeCxiVBXlgJN3?= =?Windows-1252?Q?4fId0krvrw2OioixVVED7lvtjLePcp0Yn6sTBAugXL9j0IFxq/3faTpe?= =?Windows-1252?Q?kpedP4VJJJ2LF8sjz4wPp1vlMBR73LfQiqlytSh3een9qqytgpZqXikp?= =?Windows-1252?Q?7OGj1rEpqLrZ4FHa+K9Pgp0Y+xoD1YXq8ZYuJfTk0B3MbZz7bigEKK4G?= =?Windows-1252?Q?FSGya40A1o1D8tWNxDl4N/sPmRBnK2VyvFt0t2XA4lBS2Ul0nJXSu4yH?= =?Windows-1252?Q?8mDQbSrcU/l68rwisxpbXJWV1GGcaP6QaIiDJMM5+zWsykJZifxALk4C?= =?Windows-1252?Q?yWXVU4CkPNXNTyMiNVeMWU0q5coyybAY7W1Nhr5EdeQ7pUyn+AbCEMPv?= =?Windows-1252?Q?x7A4EPxGTCLjGmCKN1jc/M8+JwDb3PRPXZgkHKcc/SXs0N6rsb7Ajbcq?= =?Windows-1252?Q?+SlCaQ3kT7GAWTJ2rEFY+34Fskvj4sxL3h1fEnVskQmlL7lra8Ltf0Ng?= =?Windows-1252?Q?zAYuygKDuY/rdxfO3eIFN3zc/xtaKxfppPfQ6zPkeBW77Ag2sLit8DdI?= =?Windows-1252?Q?u3xE8sf27D3Kw92MulvWni5omk7LKY2mhX1Xy1w7Ay4QjB7TAmBOcVHq?= =?Windows-1252?Q?aRa8uiGIYo9/Vok4ViqgXG9+gY/L0EM19z+SnX6UM3U/0ZOhv8rjK9Dl?= =?Windows-1252?Q?kTMdQCbhFxGtwVAsch2GgexYFqNUxQU9gtiTPAgVKOZjJAGLlBLkj2i+?= =?Windows-1252?Q?CPi/1VoOoE7Xp9v77jXOjN1y0gboP65/p8icccphkaAAUIl20CZe827D?= =?Windows-1252?Q?iifip2W1lAIJVvfbmIQMNXxI9iE7GQxkKYZnuTGQmraK47WTj+CRd0dZ?= =?Windows-1252?Q?BtI41ZP1TYdO5rLHYgG9ZCsBETVaYhSUnc5UX+09rsicb0OHXQvC01SC?= =?Windows-1252?Q?/HkPLmsyCQrGErKvtJqR8nd4618+m92inKrZUxhtVh7nv63KnN8Ijl6V?= =?Windows-1252?Q?7pApV58kHhfhlA=3D=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_SJ0PR00MB10384831490B8F890DE2FCC4951E9SJ0PR00MB1038namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR00MB1038.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8e5b08ad-e6a0-40ce-6dd1-08d93dc03285
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jul 2021 01:16:33.9310 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: eKX23sUY45qx4fpKyzADxZvgMrnjnneuLxbZomR8oOY/z1HlvSGQPj5BBn3KXMXHYEubF+eXSPHuj1SXmc2A1A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR00MB1128
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/0N2cBK2A3uFrewK5uUP3p3yXKUo>
Subject: Re: [Emu] Question for draft-ietf-emu-tls-eap-types-03
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Jul 2021 01:16:46 -0000

>> The current specs define the base protocols, but leave pretty much everything else undefined.

That’s the job of a spec isn’t it? As far as I understand, deploying in the real world / best practices should go in a BCP.

tim

Sent from Mail for Windows 11

From: Alan DeKok<mailto:aland@deployingradius.com>
Sent: Friday, July 2, 2021 3:02 PM
To: Eliot Lear<mailto:lear@lear.ch>
Cc: EMU WG<mailto:emu@ietf.org>
Subject: Re: [Emu] Question for draft-ietf-emu-tls-eap-types-03

On Jul 1, 2021, at 10:08 AM, Eliot Lear <lear@lear.ch> wrote:
>
> On 01.07.21 15:23, Alan DeKok wrote:
>>   TEAP is one solution, but I don't think everyone is going to move to TEAP overnight.  It would be nice to have solutions for existing (and deployed) EAP methods.
>
> Perhaps I lost the plot, but what do you propose?

  Less of a proposal than trying to define some requirements.

  EAP isn't used in a vacuum.  The current specs define the base protocols, but leave pretty much everything else undefined.  This means that people deploying EAP have to invent and/or discover their own methods to deploy certificates, tie users to machines, tie machines to credentials, etc.

  It would be very nice to say "here's how EAP can be used in the real world".

  Alan DeKok.

_______________________________________________
Emu mailing list
Emu@ietf.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Femu&amp;data=04%7C01%7Ctim.cappalli%40microsoft.com%7C6a74ce41b7c6443645c308d93d8be0d2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637608493715426663%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=3icw%2F1n6Q5WHXkLMYSDBGw%2BIerr7ZvgLlBYJRy%2FS%2BP8%3D&amp;reserved=0