Re: [Emu] AD Review of draft-ietf-emu-eap-session-id-02
Roman Danyliw <rdd@cert.org> Thu, 14 May 2020 00:09 UTC
Return-Path: <rdd@cert.org>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAE1D3A0831 for <emu@ietfa.amsl.com>; Wed, 13 May 2020 17:09:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6VPrYOapuF2T for <emu@ietfa.amsl.com>; Wed, 13 May 2020 17:09:17 -0700 (PDT)
Received: from taper.sei.cmu.edu (taper.sei.cmu.edu [147.72.252.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 481683A082B for <emu@ietf.org>; Wed, 13 May 2020 17:09:16 -0700 (PDT)
Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by taper.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 04E09C61002235; Wed, 13 May 2020 20:09:12 -0400
DKIM-Filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu 04E09C61002235
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1589414952; bh=2/U9OnqA33El5FrHG/5IPfZPCQm+CWvuXwXeMeFylBw=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=dFJNRrkKkamRShwrKO1GKQ41E8uY/5TMapbB5Tt27K9YcYMfYr++erxWpSo0KztTw hvi/KbVqaqMxub03CRDD8KR4tBV2vJAiSzcSzdpLUWTscHqPAuks0iZOI4Ot8+p9F8 5hAE0g2kVxjZLYtUuJynyk9lLIYY2Vod47HzbE2E=
Received: from CASCADE.ad.sei.cmu.edu (cascade.ad.sei.cmu.edu [10.64.28.248]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 04E097VK026475; Wed, 13 May 2020 20:09:07 -0400
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by CASCADE.ad.sei.cmu.edu (10.64.28.248) with Microsoft SMTP Server (TLS) id 14.3.487.0; Wed, 13 May 2020 20:09:06 -0400
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MORRIS.ad.sei.cmu.edu (147.72.252.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1847.3; Wed, 13 May 2020 20:09:06 -0400
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%22]) with mapi id 15.01.1847.007; Wed, 13 May 2020 20:09:06 -0400
From: Roman Danyliw <rdd@cert.org>
To: Alan DeKok <aland@deployingradius.com>
CC: "emu@ietf.org" <emu@ietf.org>
Thread-Topic: [Emu] AD Review of draft-ietf-emu-eap-session-id-02
Thread-Index: AdYpZHLD5jVuxVmPSSWjhtLxHLXvjgAKEWkAAAJQ6fA=
Date: Thu, 14 May 2020 00:09:06 +0000
Message-ID: <45a0cee70ecc4290b4d700280a729d34@cert.org>
References: <644056d44c184bc4bac07286519e0847@cert.org> <6F05E49D-B181-495F-AFC3-55A73844F01F@deployingradius.com>
In-Reply-To: <6F05E49D-B181-495F-AFC3-55A73844F01F@deployingradius.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.202.241]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/0tmjhu8PZVibq17C38BvtmPy3-4>
Subject: Re: [Emu] AD Review of draft-ietf-emu-eap-session-id-02
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 May 2020 00:09:19 -0000
Hi Alan! Thanks for the quick response. Since these are minor, I already started the IETF LC. Nevertheless, having an updated draft with these changes is even better. More inline ... > -----Original Message----- > From: Alan DeKok <aland@deployingradius.com> > Sent: Wednesday, May 13, 2020 5:12 PM > To: Roman Danyliw <rdd@cert.org> > Cc: emu@ietf.org > Subject: Re: [Emu] AD Review of draft-ietf-emu-eap-session-id-02 > > On May 13, 2020, at 4:25 PM, Roman Danyliw <rdd@cert.org> wrote: > > > > Hi! > > > > I conducted my AD review of draft-ietf-emu-eap-session-id-02. The document > is in good shape. I have largely editorial feedback below that can be handled > with IETF LC input. > > > > (1) Section 1. Editorial. COMMENTs often come up in IESG review the it isn't > clear up front what exactly is being updated. I recommend something like ... > > > > OLD > > We correct that deficiency here. > > NEW > > We correct these deficiencies here by updating [RFC5247] with the Session-Id > derivation during fast-authentication exchange for EAP-SIM and EAP-AKA; and > defining Session-Id derivation for PEAP. > > Fixed. > > > (2) Section 1. Editorial. Per ..., it would be important to get this resolved with > a clearly defined and agreed derivation rules to allow fast re- authentication > cases to be used to derive ERP key hierarchy", I'm not sure this additional > explanation is needed and this is a run-on sentence from the previous text. > > How about: > > The IEEE is defining FILS authentication [FILS], which needs the EAP Session-Id > in order for the EAP Re-authentication Protocol (ERP) [RFC6696] to work. It is > therefore important to address the existing deficiencies in the definition of EAP > Session-Id. The above text works for me. > > (3) Section 2.2. Editorial. > > > > OLD > > Similarly for EAP-SIM, it says: > > NEW > > Similarly, for EAP-SIM, [RFC5247] Appendix A says: > > Fixed. > > > (4) Section 2.2. Editorial. Why not the explicit symmetry in language in EAP- > SIM as was used in EAP AKA? > > > > OLD > > EAP-SIM is defined in [RFC4186]. The EAP-SIM Session-Id is the ... > > NEW > > EAP-SIM is defined in [RFC4186]. When using full authentication, the EAP- > SIM Session-Id is the ... > > Fixed. > > > (5) Section 2.2. Recommend defining RAND1, RAND2 and RAND3 explicitly > since RFC4186 only has it in the test vector section. Perhaps something like: > > > > "RAND1, RAND2 and RAND3 correspond to the RAND value from the first, > second and third GSM triplet respectively." > > Fixed. > > > (6) Section 3. It would be useful to describe the prior work in Security > Considerations. Specifically, "These updates to not modify the Security > Considerations outlined in RFC5247." > > Fixed. > > I'll publish a new version shortly. Much appreciated! Thanks, Roman > Alan DeKok.
- [Emu] AD Review of draft-ietf-emu-eap-session-id-… Roman Danyliw
- Re: [Emu] AD Review of draft-ietf-emu-eap-session… Alan DeKok
- Re: [Emu] AD Review of draft-ietf-emu-eap-session… Roman Danyliw