IETF Logo Mail Archive

Re: [Emu] draft-aura-eap-noob-08 NAI

Mohit Sethi M <mohit.m.sethi@ericsson.com> Fri, 24 April 2020 13:02 UTC

Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D4E23A0CA1 for <emu@ietfa.amsl.com>; Fri, 24 Apr 2020 06:02:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qwdXFYgrMp_m for <emu@ietfa.amsl.com>; Fri, 24 Apr 2020 06:02:11 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80041.outbound.protection.outlook.com [40.107.8.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23F153A0CA3 for <emu@ietf.org>; Fri, 24 Apr 2020 06:02:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LZxjWwZg+0LKXA9tuoc4iGZ50KHpQwBw0zbgwNoSD1rMful7S6kDq1OoUtHmN5GxL6tol9SbF28qOsB6TKD8OXEDBsd734Q7POWZx2p7ZiD/egbZTC1o4BbrB1cXWF67+nYcJaoG+vr1kZ4MqGGoeXRowtJLw6kLGDaPTjDqiR/99Mj/WvD9CzXMSvdnM2Wzy5Rpydf1hhtgYD8DlXBXRSrJUcy7a7m6YEZiZ/T7MxCeyf5seeJ4yHHDNa1Pe2cG7tKlUeT7kdXzxFMWkkICWgwPCYZh9E+cli+0MzcJa8+0S7aMKLYrPGaPDS6eTmqMmBNAoegAcCCErJGMaA8xkw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PKSa2xkIIsusLrykRydg3rNLE1D+yQ6E2hggobYqcY8=; b=V6SBErrp7DAJM7owLRJhxXyhIqLmCPbDaamjlf1DtucNbRx7V2I+YMobaguH4+nYu+O7Izh2Md2E817jLPtbSc8wBK67ovlqEDjU+4lGNtpBqGBFQhgZpeiOAPruMuoSBz2ZwwvIESFkMgDOj5RvEU5xSeruovdm10C3NMM+GrGLysZP0j7JNSligyLMFduI924XMQdbU+4Hng+uLj7Xx3uR+fHH6RctNfuyrjpMCl4Rj9cQ6glb7WGdIKVhVCygBFu+jsZOWLEa1HOe5/BlJL3aYPTvtudLlxwxM1Q7Vxb1XoiIG7rfwJvs5+nCX77vLygDXmsC7wWfLxgO8fm2oA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PKSa2xkIIsusLrykRydg3rNLE1D+yQ6E2hggobYqcY8=; b=mPANSURQ2VxYO+obuty7vQESdrWvBaJEBO7hmWoSamjRvvkWeyDI4gNgIonXLMkEljWNBP5X78yYASqaefHAm+S7sBldwQ0vMFhrS1RY/6hHRpzl95VUL4rwRhZpHwqnB/Gqs8ZsARrHiNRFIC7Ef47DHuSorltcoFALq43+2jc=
Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com (2603:10a6:3:57::18) by HE1PR0701MB3020.eurprd07.prod.outlook.com (2603:10a6:3:4d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.9; Fri, 24 Apr 2020 13:02:06 +0000
Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::b909:1134:d9c1:e941]) by HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::b909:1134:d9c1:e941%5]) with mapi id 15.20.2937.020; Fri, 24 Apr 2020 13:02:06 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: Max Crone <max@maxcrone.org>, EMU WG <emu@ietf.org>
Thread-Topic: [Emu] draft-aura-eap-noob-08 NAI
Thread-Index: AQHWGjiOwyY5pRQC70mTehtcYchCfw==
Date: Fri, 24 Apr 2020 13:02:06 +0000
Message-ID: <2ed6d505-3e43-5524-7979-54bf2e6f70a0@ericsson.com>
References: <3c0676c8-0810-4f70-4eb5-5d92abc35422@maxcrone.org>
In-Reply-To: <3c0676c8-0810-4f70-4eb5-5d92abc35422@maxcrone.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com;
x-originating-ip: [2001:14bb:190:9ee:c321:5f85:8127:40d0]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 07926740-5b4c-4b39-6bf2-08d7e84fb116
x-ms-traffictypediagnostic: HE1PR0701MB3020:
x-microsoft-antispam-prvs: <HE1PR0701MB3020DB311474F4206C46F0FFD0D00@HE1PR0701MB3020.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 03838E948C
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB2905.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(376002)(136003)(346002)(366004)(39860400002)(5660300002)(2616005)(966005)(31686004)(316002)(31696002)(71200400001)(2906002)(36756003)(6512007)(478600001)(110136005)(76116006)(66556008)(66446008)(66946007)(81156014)(86362001)(66476007)(64756008)(8676002)(186003)(8936002)(6486002)(6506007)(53546011); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JFwZhNJRSv4W1ac9FXx6jjSmF8/ITPUc+oAN4uOEcNqlBn9xoUL3VMgz0AD5XfdsZN+8Eem/ftu3sSKeYgQpr8ANuYEuSM3hNh+vcG/tMrhyQQS1II3LqPNAoe1WJxEbdyQvSfyb/Gu8fbCgN6NbSjfsHIN7gIJOywcJUA5QrCE5NPDSDaUeUNztlz+wAQRNM0Tn/ny7Hi/fnfSyqw2OI2CD6g5+suNU9Kiea3hRAnS8sTIK2B5gVeOEj8CW8HS0aFP9UUvpQJZZiN+H8UPhnZVkOFogeMV4CrIMAKV3UaKxpcTE3ugHBiWHm9FFsMp1uZ6128DdHh00+ALFbxP/izr//GfewK+sGGulZkGphRNXDmGRK4+oWdSrOimcHYZZG+sE6vn7JpNfRMbjcE8dS5/uJ1UCNouXA//GAM+9mBZdV0tckC5cDvIlbu5zfJtY/F7JeiTQzHOa+cPPHidaNSOK0h3dc3yXzh8RRSPzgVv20n7nATdR1a1zdhgZUmuM9DFgzFWP4Lfo1Yw7rJSwlg==
x-ms-exchange-antispam-messagedata: HPYBuxYQi7/apLPLLlWyAx0D9avNMAVRWsmecuZfET0tMT0Sp5iJ4XssdRqbvDqEQCj3f5t0/9ruLUD1VpGVPs3cQws1vc1hgI2xu0Tn8AQsae3cGvI3hqTBNUUaH7e+S0kSfUeGh+RE0x2kuR1cGCB8VUrMBp/2PtdRHF9HvtsuqrPcNnNUAHSGIE1Kug2h0VqovfwPDbgAVYON6ui4+Eluc1F8/vQib4hDhzMUKQoCHjQwV9aylORLpYo3WvLDAwOkPu0q/sZYKF9/qdoCevd1JkQMm8ahnx3TDEbur9wHd9ky1Ge0TQrBeFDkjNbn06giAVLB4lpCzPyTZGLArArkIUhrKR1RIX1TpEk3GIrAfByBnc9BYo3DCIBXchquvrMq2qmARRfo/XilJA3OkP8asm56aBpR2WStvYGnyhjDpaH/1ca/O7nMkpDwbS97y2CvPPeXUXeCiOESYBxeh1eUFVTxPwtQnNtC3dwgPVbz2SpNOm6Y8M4Xi5IkNQg0P3cIllSA0jSi/+IkJbHcMIihM6Q/iR3zsCGjco3iRHkKF3UnPFi8//fCgfI20dPL0n4HEPxNZrHNFGAvipKcf2GxCQxIBi6CK7jIXPeK+Bng0srveaTUIKEmVgi/UIJIAzPvfX9QilKIC2B5qQUvJPu11i9hlu1Fv5OVgzGSNqSiY89m6MrlXWHuhMNC4RKnQGsY9ALWzFU9D6SPHlixwHunVzl2noSI8UtrFYRTf6jRLFNVsIzAZsJ67SeBo1dxw//UrQgscrTfC85u8Q8H9fWLwGKksCMngxxl2rcdMEA6bQmIa7syqJsgblWuK8HPzrO6vZswuT4iC8tXKx/IY6MuiQypTlPixRjInwM35Vc=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <06644301F303A8449ADB810B655338FD@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 07926740-5b4c-4b39-6bf2-08d7e84fb116
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2020 13:02:06.5832 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 9+IAzmQlNElkr11Pfmc0WleP9pykjlvqf6nd3LKCiUD3Xeq4J0ENYY+KxlxOgO4McANxGgl2j+M6Vb1T9BWNdnLzy5fG52HKpobc7BiXn0o=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB3020
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/7rB8NzCGl_qDYx1DQ7Ali9U6vtg>
Subject: Re: [Emu] draft-aura-eap-noob-08 NAI
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Apr 2020 13:02:13 -0000

Hi Max,

Tuomas can give you a definite answer. My understanding is that error 
1001 should be sent by the server if the received identity does not 
follow the requirements of draft-aura-eap-noob. Besides, implementing 
the stricter checks of this draft is easier than validating the ABNF of 
RFC7542 (after which you would anyways need to verify compliance with 
this draft).

And you are right. The absence of server-assigned realm in Figure 2 is 
probably an editorial oversight. However, I wouldn't call the optional 
server assigned realm as RESERVED_DOMAIN. If anything, I would call 
eap-noob.net as a reserved/special use domain.

--Mohit

On 4/22/20 12:29 PM, Max Crone wrote:
> While implementing EAP-NOOB, I found the explanation on the Invalid 
> NAI (error code 1001) in the draft to be unclear.
>
> The document formulates it as follows:
> >   If the NAI structure is invalid, the server SHOULD send the error
> >   code 1001 to the peer.
>
> However, does this mean that the EAP-NOOB server should verify that 
> the NAI follows the formal syntax as specified in RFC 7542, or should 
> it verify that the NAI follows the specification of EAP-NOOB, i.e., it 
> is of the form "noob@{eap-noob.net||RESERVED_DOMAIN}". I think this 
> section could be formulated more clearly to address these concerns.
>
> On that note, Figure 2 seems to be incomplete. The 
> EAP-Response/Identity specifies the NAI parameter to be 
> "noob@eap-noob.net", while the specification also has the option of 
> configuring this to a reserved domain. In that case, the NAI should 
> not use the default realm anymore. Currently, this is not reflected in 
> the figure.
>
> If anything remains unclear, I am open for discussion.
>
> ~Max Crone
>
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email