Re: [Emu] Can we get a WG last call for draft-dekok-emu-eap-session-id-00 ?
John Mattsson <john.mattsson@ericsson.com> Tue, 11 June 2019 12:31 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF6D8120154 for <emu@ietfa.amsl.com>; Tue, 11 Jun 2019 05:31:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t6KsL8SpQ0YK for <emu@ietfa.amsl.com>; Tue, 11 Jun 2019 05:31:55 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00040.outbound.protection.outlook.com [40.107.0.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C91D4120043 for <emu@ietf.org>; Tue, 11 Jun 2019 05:31:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZV3D8AEKt3UQv81Y0JM5S+DYVjjbUEWYphg5prDG8j4=; b=NbBiJuc5+50TBK+u56hQ8V48qAp5roBBEEAgyNik2GLMJlu69vqypzgDXx/PhWRkgBL0rxUMvcBkfHwVNmbB9JBoYVn3+S7hrIolOODEZhNXU2R7BEvdBXGFatM0L7csdn6S4Fqp5fTNUaVmNIWMghlz2ORiE0RtUwe4Bjh5kYI=
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.166.22) by HE1PR07MB3098.eurprd07.prod.outlook.com (10.170.244.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.10; Tue, 11 Jun 2019 12:31:52 +0000
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::a2:ab11:d710:4af2]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::a2:ab11:d710:4af2%6]) with mapi id 15.20.1987.010; Tue, 11 Jun 2019 12:31:52 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Alan DeKok <aland@deployingradius.com>, Mohit Sethi M <mohit.m.sethi@ericsson.com>
CC: EMU WG <emu@ietf.org>
Thread-Topic: [Emu] Can we get a WG last call for draft-dekok-emu-eap-session-id-00 ?
Thread-Index: AQHVEL1iMS144fjAlEKyVR07bABsoaaMvA4AgAIkCgCAB8M+gA==
Date: Tue, 11 Jun 2019 12:31:51 +0000
Message-ID: <2B9719C2-C027-4FB5-A242-47AC5F419427@ericsson.com>
References: <C1B75300-B2B0-461A-9792-4B0BC68D7672@deployingradius.com> <63a3b7d0-e427-5d46-dda2-96ec2573b7b9@ericsson.com> <82DDCD8A-D280-45E5-9E98-E420A9921678@deployingradius.com>
In-Reply-To: <82DDCD8A-D280-45E5-9E98-E420A9921678@deployingradius.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.19.0.190512
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [192.176.1.84]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cc16cfbc-1ca6-4c4d-76d8-08d6ee68c83f
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:HE1PR07MB3098;
x-ms-traffictypediagnostic: HE1PR07MB3098:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <HE1PR07MB30983269C594C34DA39C3DA389ED0@HE1PR07MB3098.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-forefront-prvs: 006546F32A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(366004)(396003)(136003)(346002)(376002)(199004)(189003)(13464003)(14454004)(6436002)(68736007)(6486002)(8936002)(4326008)(6506007)(2906002)(71200400001)(229853002)(7736002)(76176011)(305945005)(478600001)(476003)(11346002)(2616005)(26005)(81166006)(81156014)(446003)(6246003)(66946007)(66476007)(66556008)(64756008)(66446008)(73956011)(76116006)(66066001)(8676002)(25786009)(86362001)(36756003)(5660300002)(6636002)(99286004)(33656002)(44832011)(14444005)(3846002)(83716004)(966005)(6116002)(486006)(110136005)(6512007)(53546011)(6306002)(316002)(58126008)(256004)(186003)(53936002)(71190400001)(82746002)(102836004); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3098; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 8OGykgTY8U1azvNxKfMyvPKzFNvrf089LpiJAkAmPOrMhSvp68cyS+T/BgCpLP50IhN9NlJn1ASwJEq7h3aJPRDjRMOM0Y089XLFWN1KZI3eurRGAsyrFt5/Zosq5yr2QSvfAyDFEJDbx37BQ1wy4BgMgWz8iQIqI9goFi57BU7M/gposLRugF0bUF5LR9+ln3iwL9MB/QLmCE5B15bXQ4OgPwoQwWLEhXcBv403PMTgIpzBbgS/gsEYj1Y7+12zqEI7AlwsUCTDV3T1vCLl0zefUFWK3vvJJT7LYs4B7/2suvMwQV10TJ+zXakr/n9SaEh01l+gZt09by+aLQOtNO6CEoHReHlwrya6golOlFQ4r83wwJvvgLE+MWjwnZs+pBf0a5FulsijKGU5CE9u6/YrxFQMN2ZwXn0GCAT56eY=
Content-Type: text/plain; charset="utf-8"
Content-ID: <DB563E3CFF60254593B9FF414F6C1DF1@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cc16cfbc-1ca6-4c4d-76d8-08d6ee68c83f
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jun 2019 12:31:52.1856 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: john.mattsson@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3098
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/8d7fyDC8akbET6Mn0D8DOX-zlw0>
Subject: Re: [Emu] Can we get a WG last call for draft-dekok-emu-eap-session-id-00 ?
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2019 12:31:58 -0000
I think this should be moved forward quickly. If Alan submits the -01 version that was promised in February :) (including changes addressing Mohit's comments) I think the chairs should do adoption and WGLC quickly after each other. Cheers, John -----Original Message----- From: Emu <emu-bounces@ietf.org> on behalf of Alan DeKok <aland@deployingradius.com> Date: Thursday, 6 June 2019 at 17:59 To: Mohit Sethi M <mohit.m.sethi@ericsson.com> Cc: EMU WG <emu@ietf.org> Subject: Re: [Emu] Can we get a WG last call for draft-dekok-emu-eap-session-id-00 ? On Jun 5, 2019, at 3:17 AM, Mohit Sethi M <mohit.m.sethi@ericsson.com> wrote: > > Chair hat on: > > The draft needs to be formally adopted as a working group item before moving to last call. It would be nice, but I don't think that's strictly necessary for the process. The subject is already a WG charter item, so there should be no issues. > Chair hat off: > > I support the adoption of this draft as a working group item. This is a charter item and the draft is simple enough to move forward rather quickly. The code has been updated in the wpa_supplicant and hostapd: > https://protect2.fireeye.com/url?k=d57338aa-89f9f214-d5737831-869a17b5b21b-1ed8c39152cccb96&q=1&u=https%3A%2F%2Fw1.fi%2Fcgit%2Fhostap%2Fcommit%2F%3Fid%3D1c16b257a081e810caf2ca0926ff4f9e2bb9557c > > https://protect2.fireeye.com/url?k=20285d34-7ca2978a-20281daf-869a17b5b21b-7a8f16a9731f4e17&q=1&u=https%3A%2F%2Fw1.fi%2Fcgit%2Fhostap%2Fcommit%2F%3Fid%3D5eefa8115b884f8ab45ac6521f66dc68f555dcd0 > > John provided a review here: https://mailarchive.ietf.org/arch/msg/emu/fHopSdLqMY37odPGvwn7M5ZksIw > > and Jouni made a comment here: https://mailarchive.ietf.org/arch/msg/emu/MX7P367g4j2c3yuyqch3W-I3u_o > > I have a couple of comments: > > I think it would really help to document the fact that the Session-Id length for EAP-SIM is different for full authentication and fast re-authentication. That's because for full authentication, the Session-Id is: Sure. > >> Session-Id = 0x12 || RAND || NONCE_MT > and RFC 4186 says that EAP server should obtain n GSM triplets where n = 2 or n = 3. So the length is either: > > 1 (Method-Id) + 32 (RAND*2) +16 (NONCE_MT) = 49 or > > 1 (Method-Id) + 48 (RAND*3) + 16 (NONCE_MT) =65. > > However, in fast-reauthentication, the Session-Id is: > > >> Session-Id = 0x12 || NONCE_S || MAC > So the length is: > > 1 (Method-Id) + 16 (NONCE_S) + 16 (MAC) = 33 > > I found it surprising while implementing that the Session-Ids were different in lengths. > > My next question is about Session-Id for PEAP. The draft currently defines Session-Id for EAP-PEAP as: > > >> Session-Id = 0x19 || client.random || server.random). Which is for TLS 1.2 and below. > Do you plan to update this for TLS 1.3 and use TLS-Exporter in your other draft: draft-dekok-emu-tls-eap-types? Do we need to do this twice in separate drafts? draft-dekok-emu-tls-eap-types already updates the Session-ID for all TLS-based EAP types, including PEAP. The issues are (a) update missing derivations for TLS <1.2, and (b) define new derivations for TLS 1.3. So yes, we update PEAP twice. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
- [Emu] Can we get a WG last call for draft-dekok-e… Alan DeKok
- Re: [Emu] Can we get a WG last call for draft-dek… Mohit Sethi M
- Re: [Emu] Can we get a WG last call for draft-dek… Alan DeKok
- Re: [Emu] Can we get a WG last call for draft-dek… John Mattsson