IETF Logo Mail Archive

Re: [Emu] RFC 7170 (TEAP) errata

Joseph Salowey <joe@salowey.net> Mon, 22 July 2019 19:12 UTC

Return-Path: <joe@salowey.net>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C75D12012A for <emu@ietfa.amsl.com>; Mon, 22 Jul 2019 12:12:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0z6obq9F6Qe6 for <emu@ietfa.amsl.com>; Mon, 22 Jul 2019 12:12:27 -0700 (PDT)
Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0892C12012E for <emu@ietf.org>; Mon, 22 Jul 2019 12:12:27 -0700 (PDT)
Received: by mail-qk1-x72e.google.com with SMTP id a27so29363104qkk.5 for <emu@ietf.org>; Mon, 22 Jul 2019 12:12:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wqj5l5wVhHwLgdKsOWv1is51KYgSOQylMJ4OkPQMimY=; b=UHB9q5VCJYB5XnlLhw2g4pTxy1dfADWp2IrWGg1NyzKjaWyHXVI0/CHAVXhEDhFSfl 7+qkgce0njqcmrRWSXe2yVotiq4gvNqcS4KS+xL++gyzDPP4hFp9QzjZ5UkzQdqF/eVZ 8wPEQwedUGI8ZmblhkJsNqGM5WNnWKFR5dWwZcFP3B8TO65f0nPWK7skbYUkdlkNuxA5 Ac+zC1+Kk5H/FnNaFT7+IORwtRqQuG5vWJeWz9s2eXsmio/3hXrOSBBAk84vPELfbOHZ jU84JnqGkz0hqo3ZS9uxLKtpwEfaJx5C5oC1lhRIP59TqvyCBD4zbW4h2+wPKPX5Jk++ ZxQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wqj5l5wVhHwLgdKsOWv1is51KYgSOQylMJ4OkPQMimY=; b=Ped9JM9EUL8I9V3gQ+/Ylc3KD/c1dCexU7V4et+6FBFWVZxPC37Hllm/euFc7lhGq7 98n4HXTxAmnXSpD1DQijvfKhR21LwUZOKEhRFezu5QpAfMX54gmhjO0ULaMcTcJKP7N7 f9Ey7t+/KENFx4eIYuD3CANEYsOD0s49x4rDjiwxindxh8HDwE7cc1ih+9N7DdHTk4bL EJVvud8HhEDMhbDojjnbA3Q1Gpv5lZM50zTB5Ry2qgshtSLUxVJQGEOgG1uHv77N9gVI o0PZBt+NBqUnhf8n5N4kqs6kUYmsiCbAmpYBfMmSFQ5uze6yF7o/D2IpdV7VyvUYgpyr Cggw==
X-Gm-Message-State: APjAAAWU9p6m9/5LjdJS4sMNxMBcZyzuiKDL6J1n2YTXeUS6zyXTPOZg ufJwxDlNSYpD1RXcSvPI+pFXoC8NDT3Dm5YMo1w=
X-Google-Smtp-Source: APXvYqyJOIsSEic6Gz0RE/nHDeXHJms99BwxSVhr5ZZBZsjA7VwIuLvo3T4hi/2qtQLAK0RA62pus7IhZw+YAzon6d4=
X-Received: by 2002:a05:620a:1292:: with SMTP id w18mr47835531qki.416.1563822746095; Mon, 22 Jul 2019 12:12:26 -0700 (PDT)
MIME-Version: 1.0
References: <CANe27jLO9eDA867X8hCHv_WRADN_txSp4xpRTxn2RpwS=yaquA@mail.gmail.com>
In-Reply-To: <CANe27jLO9eDA867X8hCHv_WRADN_txSp4xpRTxn2RpwS=yaquA@mail.gmail.com>
From: Joseph Salowey <joe@salowey.net>
Date: Mon, 22 Jul 2019 15:12:15 -0400
Message-ID: <CAOgPGoBGYWQn72eojTZD_Q+AqZoNq7USPhSUeEgZLtSNfoZh9w@mail.gmail.com>
To: Jouni Malinen <jkmalinen@gmail.com>
Cc: emu@ietf.org
Content-Type: multipart/alternative; boundary="00000000000045ed9b058e49dbe9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/2B88f3mdFqQ9BEOA5TmnQuYq-ik>
Subject: Re: [Emu] RFC 7170 (TEAP) errata
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2019 19:12:29 -0000

On Mon, Jul 1, 2019 at 4:11 PM Jouni Malinen <jkmalinen@gmail.com> wrote:

> <snip>
>
> (2) S-IMCK[j] derivation when inner EAP methods in the sequence derive
> both MSK and EMSK (or even more complicated, if there are multiple inner
> EAP authentication methods that have difference in whether they derive MSK
> or EMSK):
> https://www.rfc-editor.org/errata/eid5770
>
>
[Joe]  I'd like to hear from implementers on this one.

I think the intent is that section 5.4 should say the S-IMCK is generated
as specified  as described in section 5.2.

Section 5.2 does provide a mechanism to derive the S-IMCK at the end of the
section.  Each IMCK can be derived in one of 3 ways:
- MSK
- EMSK
- 0s if the method is not key generating

There is ambiguity on how to derive each IMSK in the case that both sides
do not have the same capability to export the EMSK.   I think the steps
involving the compound MAC are meant to disambiguate this situation.

Is the problem that the section does not explicitly say how to use the
compound MAC sent to determine which IMCK derivation to use?



> I'd hope to avoid having to guess or make my own specification of how this
> is supposed to work before being able to implement this (and then have to
> re-implement everything if others disagree with that interpretation/guess
> on the design), so any feedback on these items would be very welcome so
> that there would be a general agreement on how the protocol is supposed to
> work to provide better chances for getting interoperable implementations.
>
> - Jouni
>
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu
>

v2.23.0 | Report a Bug | By Email