IETF Logo Mail Archive

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

Aura Tuomas <tuomas.aura@aalto.fi> Thu, 12 September 2019 13:53 UTC

Return-Path: <tuomas.aura@aalto.fi>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E75F012007C; Thu, 12 Sep 2019 06:53:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=aalto.fi
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l4pkmvj0bd4Q; Thu, 12 Sep 2019 06:53:08 -0700 (PDT)
Received: from smtp-out-02.aalto.fi (smtp-out-02.aalto.fi [130.233.228.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE07A120071; Thu, 12 Sep 2019 06:53:08 -0700 (PDT)
Received: from smtp-out-02.aalto.fi (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id D49212714FF_D7A4DBFB; Thu, 12 Sep 2019 13:53:03 +0000 (GMT)
Received: from exng3.org.aalto.fi (exng3.org.aalto.fi [130.233.223.22]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (Client CN "exng3.org.aalto.fi", Issuer "org.aalto.fi RootCA" (not verified)) by smtp-out-02.aalto.fi (Sophos Email Appliance) with ESMTPS id AA57B2714BC_D7A4DBFF; Thu, 12 Sep 2019 13:53:03 +0000 (GMT)
Received: from exng8.org.aalto.fi (130.233.223.27) by exng3.org.aalto.fi (130.233.223.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Thu, 12 Sep 2019 16:53:03 +0300
Received: from exng8.org.aalto.fi (130.233.223.27) by exng8.org.aalto.fi (130.233.223.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Thu, 12 Sep 2019 16:53:03 +0300
Received: from exng8.org.aalto.fi ([fe80::edd7:7397:1f7f:cd7]) by exng8.org.aalto.fi ([fe80::edd7:7397:1f7f:cd7%17]) with mapi id 15.01.1713.007; Thu, 12 Sep 2019 16:53:03 +0300
From: Aura Tuomas <tuomas.aura@aalto.fi>
To: 'EMU WG' <emu@ietf.org>
CC: "draft-ietf-emu-eap-tls13@ietf.org" <draft-ietf-emu-eap-tls13@ietf.org>
Thread-Topic: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13
Thread-Index: AdVKJoKyKr1G5+9hQuKLAEK5rLYqPgfSdnOQ
Date: Thu, 12 Sep 2019 13:53:02 +0000
Message-ID: <20b118932a4843b6b88e605799fafea8@aalto.fi>
References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com>
In-Reply-To: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com>
Accept-Language: fi-FI, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.233.0.5]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-SASI-RCODE: 200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aalto.fi; h=from:to:cc:subject:date:message-id:references:in-reply-to:content-type:content-transfer-encoding:mime-version; s=its18; bh=rl36smU3DYf2PNXvkQmpgASK4iL0+LAVBZ/mxSKTZPo=; b=Zdpgkesp9VXcBk+Ml+VzajQ3dqao2PkeZwfuWJRTO8WyzRaaVWTl7qAJsvAM6oIkPcMMJiPwl8ajHLyi4lv/G6DAtYU6XUSUV2rUJVdNmj5SP2qlLGrZzCbCrW8KdCj2jVqW04TOYznvBnEnGSV+6vFUKeNSirCkNkq6iDVgfKJSmzdIDwnJpnLbgkp2wVmOn4Ly9MQeOcqrrBlmRdhmd6ZkYd0g0tY+yz3c+SE5vHjL0OC/N9AFCz1pKI8H3zz6B+fK6iTI0PvZjfhUAPC/unNtw5cEHoD+E5CQD21LvHbd/NfUPKZdQc4WX+/tfFW821v9TFSDQen6qdhGZE6QkQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/8YQ_Fbk4Paq8iuW-C5bd3uu8v2k>
Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Sep 2019 13:53:12 -0000

I was looking at the EAP-TLS with TLS 1.3 draft and noticed that it forbids PSK authentication. Why is that? While there is the EAP-PSK method, I would much rather use EAP-TLS with PSK because it provides identity protection and perfect forward secrecy, unlike EAP-PSK. 

In fact, I think EAP-TLS with PSK should become the standard authentication method for networks that rely on shared secrets, e.g. WPA-Personal. Unifying the Wi-Fi authentication around EAP would greatly simplify the Wi-Fi protocol stack. Not that I expect it to happen immediately, but we should not close sensible paths forward.

Tuomas

v2.23.0 | Report a Bug | By Email