IETF Logo Mail Archive

RE: [Emu] EMU PSK Method work Item

"Bernard Aboba" <bernard_aboba@hotmail.com> Wed, 01 February 2006 17:55 UTC

Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4MCy-00058O-KF; Wed, 01 Feb 2006 12:55:56 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4MCw-00052s-Kw for emu@megatron.ietf.org; Wed, 01 Feb 2006 12:55:54 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA18820 for <emu@ietf.org>; Wed, 1 Feb 2006 12:54:13 -0500 (EST)
Received: from bay106-f20.bay106.hotmail.com ([65.54.161.30] helo=hotmail.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F4MO5-0006hM-6c for emu@ietf.org; Wed, 01 Feb 2006 13:07:25 -0500
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 1 Feb 2006 09:55:39 -0800
Message-ID: <BAY106-F2019DAA344DFEEE6529397930B0@phx.gbl>
Received: from 65.54.161.200 by by106fd.bay106.hotmail.msn.com with HTTP; Wed, 01 Feb 2006 17:55:39 GMT
X-Originating-IP: [67.182.139.247]
X-Originating-Email: [bernard_aboba@hotmail.com]
X-Sender: bernard_aboba@hotmail.com
In-Reply-To: <9958B444368E884DBB215F3FEF36F5B701A6800D@xmb-rtp-212.amer.cisco.com>
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: hzhou@cisco.com, jsalowey@cisco.com, emu@ietf.org
Subject: RE: [Emu] EMU PSK Method work Item
Date: Wed, 01 Feb 2006 09:55:39 -0800
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"
X-OriginalArrivalTime: 01 Feb 2006 17:55:39.0547 (UTC) FILETIME=[B648D6B0:01C62758]
X-Spam-Score: 0.9 (/)
X-Scan-Signature: 4b800b1eab964a31702fa68f1ff0e955
Cc:
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Sender: emu-bounces@ietf.org
Errors-To: emu-bounces@ietf.org

It seems we might achieve this goal and the two other work group
>items, TLS-based EAP method and existing password database support,
>using a single EAP method, e.g., a TLS based EAP method supporting PSK.

One of the attractions of PSK is to implement it on an embedded device.  So 
while it is possible to address the PSK work item using a TLS-derived 
protocol, attempting to glom this onto the EAP-TLS specification is a bad 
idea. Since EAP-TLS *requires* certificate support, adding PSK on to it 
would effectively require embedded devices to include certificate support 
just to support PSK, whether they needed to support certificates or not.  
This would greatly increase the required footprint.

Of course, EMU WG could create a new protocol based on TLS that would 
*require* PSK support and allow optional certificate support.  However, this 
would not be EAP-TLS but something new.



>This would save us the work of trying to define two or three EAP
>methods. One thing might help us is to define what exactly is "strong
>shared secret", "compact", and "simple" in a requirement or problem
>statement. They might be expressed in turns of desired number of
>exchanges, computing power, cipher suites limitations, etc. The security
>requriements are already addressed by RFC 4017. I suggest we do the same
>for the other two items. Then we can evaluate whether it is feasible to
>achieve the three goals with a single EAP method and go from there.
>
> > -----Original Message-----
> > From: emu-bounces@ietf.org [mailto:emu-bounces@ietf.org] On
> > Behalf Of Joseph Salowey (jsalowey)
> > Sent: Monday, January 30, 2006 12:22 AM
> > To: emu@ietf.org
> > Subject: [Emu] EMU PSK Method work Item
> >
> > The first work item on the EMU charter is to start work on a
> > shared secret EAP method.  The item on the charter is:
> >
> > "A mechanism based on strong shared secrets that meets RFC
> > 3748 and RFC 4017 requirements. This mechanism should strive
> > to be simple and compact for implementation in resource
> > constrained environments."
> >
> > The emphasis here is to create a simple, secure mechanism to
> > support pre shared secret keys.  Support for optional
> > enhancements may be considered in the design as long as it
> > does not bog down the progress of the work item.  Current
> > work in this area which should be considered in the design including:
> >
> > EAP-PAX - draft-clancy-eap-pax-06.txt
> > EAP-PSK - draft-bersani-eap-psk-09.txt
> > EAP-SAKE - draft-vanderveen-eap-sake-00.txt
> > EAP-IKEv2 - draft-eronen-ipsec-ikev2-eap-auth-04.txt
> > TLS-PSK - RFC4279
> >
> > Please send email to the chairs if you are interested in
> > participating as a contributor on the shared secret method
> > design team along with a description of your experience.
> >
> > _______________________________________________
> > Emu mailing list
> > Emu@ietf.org
> > https://www1.ietf.org/mailman/listinfo/emu
> >
>
>_______________________________________________
>Emu mailing list
>Emu@ietf.org
>https://www1.ietf.org/mailman/listinfo/emu



_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email