IETF Logo Mail Archive

Re: [Emu] EAP TLS 1.3 backward compatibility with RFC 5216

John Mattsson <john.mattsson@ericsson.com> Mon, 21 June 2021 05:43 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC51D3A237B for <emu@ietfa.amsl.com>; Sun, 20 Jun 2021 22:43:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.298
X-Spam-Level:
X-Spam-Status: No, score=-0.298 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.198, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wxeY6jNF7Vnq for <emu@ietfa.amsl.com>; Sun, 20 Jun 2021 22:43:03 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40044.outbound.protection.outlook.com [40.107.4.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3419A3A237A for <emu@ietf.org>; Sun, 20 Jun 2021 22:43:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nYvf3mm2SgBlv09dYQfePJGCUGoEINpSc81B63Mc17SxzNc7kLshc5Rq/MXWu20JLc9EAxqS+0DXNueOLByBUhHcC+xdVE+9WoBu/uEtSKRMP9EtDQ69vEKu43o9Ja/9am/qeH1/+9e1IARzXC5WTNYomWhWZ18lRKCY2L9XEuelF172WRqjSAOOZ1LI298vZB2sLQKNRchei0buD8qrANF1ad/9kXkUmZQ0J1CpTHFDYrXJbyyz2SyHPIG0p1hbW4eh1Fm5BYStO98OkpQnc6Hg7SrJkO84XA3MduZNWq7xOxELQDFAHGk4n6ZKsLmuxThtcgC4q+zUeCFKJTHQyA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cFc7D0FpY1iCp8CowGp+MF1L1FprE7OmBLnOJ5vOomI=; b=cEG8gECNZMayVG3qZ3GTLwCM1km4ms1k8lO6hu6e+vCnnGjzVkY+MfRasy0zJWOSbKxBarm6eAQiQ57mpddGmOClsYcOytz86DLTbQSsDuQ6+FWEWHb+ITEvwVT1SdspQIDZ4N5jUjlHNNCp0ppF7fp49pTt8p/obNjylZY0ZOaizPE1UrjMGsFIJToO1tR8HoruxvvTkwWxi2JLBswuMd0duNEGCG0CWnUxZezLQ14IMsUNcWaCi8WqUTjbELnVJKSZ5p7eWzpgh4Wz/8PyuecSWUwd3eqccvWB3WXQcLgy+3NEaBtTHAq9dugvd+VOB6FzdDksPliQIaSnyk2RRQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cFc7D0FpY1iCp8CowGp+MF1L1FprE7OmBLnOJ5vOomI=; b=Ad4bOTNd/krmcXlzn+vD63UMLxglmjxIO7ByZENJYsVYQSAA9HQjg4apyEnQpdqD8W4TuCXPDk7Kwiy6PtKoYlDO/QY1SnL/uDTE6Qjn57Te/LCa5NF/Eb+geLevXpvTSgxI+1+tRk3bTj+Ar8ZXjPMY71wkFyhrnSy5zyfaq1o=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR0701MB2507.eurprd07.prod.outlook.com (2603:10a6:3:73::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.11; Mon, 21 Jun 2021 05:42:59 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b071:a4a:817d:2d3]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b071:a4a:817d:2d3%11]) with mapi id 15.20.4264.016; Mon, 21 Jun 2021 05:42:59 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Bernard Aboba <bernard.aboba@gmail.com>
CC: Joseph Salowey <joe@salowey.net>, EMU WG <emu@ietf.org>
Thread-Topic: [Emu] EAP TLS 1.3 backward compatibility with RFC 5216
Thread-Index: AQHXYKWpSGJt/yR2jUST/Yt0roNI9asSnVSAgAgx3VCAAKNagIACjHQV
Date: Mon, 21 Jun 2021 05:42:59 +0000
Message-ID: <HE1PR0701MB3050EAB11F12F8FDB7044F48890A9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <CAOW+2dv6MMwQHbZCDvEXG1o411KpP6LZ110bWF+s=Wiuw+MTNg@mail.gmail.com> <CAOgPGoA5-rksrT41AN11Snw-SOaxjcStzGJ0TrANwK-VTaG-XA@mail.gmail.com> <HE1PR0701MB3050CCBB882AB921AE3F01DE890C9@HE1PR0701MB3050.eurprd07.prod.outlook.com>, <CAOW+2dtguUgpJnwkTYfUJXBg4ktoekauBCCSizHOqZr_PqmqcQ@mail.gmail.com>
In-Reply-To: <CAOW+2dtguUgpJnwkTYfUJXBg4ktoekauBCCSizHOqZr_PqmqcQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 82a15491-44ae-4ce7-ca29-08d934776d9f
x-ms-traffictypediagnostic: HE1PR0701MB2507:
x-microsoft-antispam-prvs: <HE1PR0701MB2507071C44DEF210836C620F890A9@HE1PR0701MB2507.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ZTaFQ+PDBTbiHRZ0N2d+S0DwsPcCtnmF3LF+BhBEQj+3bb5kRUzveBvIwaKdAF/7doiFBPm5mgw4zxZPo/uqUfX381tiNIOVdZTALWPY2Hle12VMfY/HL7S/CQh1ESATE6QWsR0CCKhEbg3YJDH0bKX4V4HmDIrDhDZ5zr3SCFeu5Rwfome4J4xOWaRNOiRBbKVDE7yOq/joqunh3tBqq3EaLCdwgDz2S2IUN6tzD8YA3G81lelU4TDyiCDh9WKWdQBYYvg1oi84HT2nBDU1oXD6ScFUhfm3DCOWbVC9pg7rqk/SDJuMhIQB7sp8iI57Z+3LsptBvv6tOM6iQxcHSIwgkjiu7eDeCZ1a5DBjNscVxK+KLYsaoyz2wt+Cqdm1ulK9Hjh7WojU4Jnr1CggcnVMA7jUczMmkWYdZwbDOIrUe7F5iiuu624xOTeDbRAoI7uzjyK0wgLFmvpQgNh8UwvpiCY4aEB8d5yRJL9zq1anuJOpGFXbhcQUzn6bQwC0o9cETTBrXoT8Esn+xLVot9X3E4mA7hHe4oZpJvksmLnvzQsyuT/lB3phvp06Z/2jb495xVy1E/0kVRAq3hNVHON5/OKjDXS7mg7ilOobLBynwc62vzPcxWnBqtAesLwF3RenvwNaCrvWxFfn7BAgu3w4MoumtVEEuU8wi4cHfgmuwBFWTDck7KxbJyhxENgODUFWfFSVBhD7PFDP7rurvzGFJDMEiQeMeGhQKa0GWqRBaBKoiERoiIt9IooWARI8
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(346002)(366004)(376002)(396003)(136003)(33656002)(66476007)(64756008)(66446008)(186003)(66556008)(66946007)(52536014)(9686003)(4326008)(2906002)(966005)(44832011)(478600001)(122000001)(38100700002)(76116006)(5660300002)(6916009)(83380400001)(166002)(71200400001)(7696005)(54906003)(26005)(55016002)(8936002)(86362001)(316002)(53546011)(6506007)(8676002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: kYNjcKktRGouAtRRrTPOlT1Z7ByUvhrJkuka0a7WGa/uKtldLD4t3G5488LXKAsFrDsooLTt3FNODyR8klTQgD09RLLdm0kyDOOz2jr0OZEN2sybHnfPIpdY7CdE8cUknKdutVC1DuB45v7bBw9JzdJY3nyTXBaPjn0xnKLQHFl5Xw7chMBf/QNKJDQXG7khrvadJy8YjTa9hADKYfc/n/vicBwK1lkikeclJIibUYyQ/6zPKnnCZhwl+iKMAAiPgrK8LW8CllVXF4vFrqgFh78pXTAolwUNpQQmd/WDs1g+hroGmIeQL/9OTARpVQJfkLgfgsuLnzA4cWSQ1vPHZCGJ7KjWAd+ZtCGRR5v6jiPj0nu9Maqyk8JQpNJ0ezFx1sQU+mXQieIcJyc1BfPQjME7RxHttA2owOJ5XwDPZyV9sTx+eqSG41V3BXtUfB3Fs5M5V52QW5golxN9KOEv9Md1xaf171+soM3ey+5v1Ekux5ZEPXn6OAj7VBFdcVrNiIMg9fV3Y6i+cfkeV35HWLNM5svCx154vZofYibLrQA3J6xRdS2+pR/s7tCS8t24fFn9ZoEku8zawN66LRtEqAOtL7VBEqV6SqPlq4PjgcLjVf8p1pYlLAB60wmhhGlZ+DRkMdZOYYv8ewZIVXm5xE1onQ/VUpw9HcoEyE/UFkxludKK3NC3DOCpbF/UAUgazfjmwis62aLlYUg53+n9l822zAqXBZYQHxI4eF9ZFIbPqOPxsmXRC3vEmugxe/Ci+bvETcyXEaLHFnJTdvgiQgFQ1O39HJV39p0AvONvDohY+M69UKV+ByXapmpVBWPPB0omDvtyIJH1TMLEYpwUKpiA6c8aZZgtFNTX9RZkwY2Hwznolu9v7fQxdjT4b2kBGkIuFobXN5jQhL8QBTGTfOKW1kz+KrvmyJEcopfx9/zuRuu+V4zGc3L7FhNUZ8Y71Da4S30Gh+61iC3KLMjHJ+qLrLG7kD0otXguVhHpTFq3F0495zvKl8MMg2gaCrtrItSh9d2BX7g39HcKThm/JcOqr1yS5AsA7EGKqjrzNZbh/TG7kdP0pBsAhpdwW3b4OJwpI3wWasqCUBDIOAoy1LTCJ7Mf2O2s/x3qHJNcWEiaet+vuGz/ANWngMHnJXIOLf8mtLCSP4lb+oMkXKF1oB/RaeAjl/oyKWHcO39eBdSKylIjQpxE1NEoEaPuz9TPKItd7F/sfsXRf+hNWqIgJpL3iv2pREC3iuy+mqxT1MiH2USvck1mLiNuSGDB0loEZsdJYkDqba10nkGR0cpW2IdC8hRrAHq08iSHXn1WxfXTT1f/Rs7yLwz4a1i/DmY8R8Yf/WW9egyN72Lu/Y1jZQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB3050EAB11F12F8FDB7044F48890A9HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 82a15491-44ae-4ce7-ca29-08d934776d9f
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Jun 2021 05:42:59.3137 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: hZfRynBX/56j67uyj6UtKuwd2N/+5xDWcbUa2D1jJwh0vp18RAqCTopev3oAJLsqVysWLz3P3bz+kTJxNIq90j4/Cukf/dbKmorC+DFI5C4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2507
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/DA_Pv-usgW2OPzMdaFgFKx0lceA>
Subject: Re: [Emu] EAP TLS 1.3 backward compatibility with RFC 5216
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jun 2021 05:43:09 -0000

Your suggestion looks good to me. I added a commit to RR #83

https://github.com/emu-wg/draft-ietf-emu-eap-tls13/pull/83

From: Bernard Aboba <bernard.aboba@gmail.com>
Date: Saturday, 19 June 2021 at 16:47
To: John Mattsson <john.mattsson@ericsson.com>
Cc: Joseph Salowey <joe@salowey.net>, EMU WG <emu@ietf.org>
Subject: Re: [Emu] EAP TLS 1.3 backward compatibility with RFC 5216
I still find the proposed Section 2.1 confusing.  How about this?

"If the TLS implementation correctly implements TLS version negotiation, EAP-TLS will automatically leverage that capability.
The EAP-TLS implementation needs to know which version of TLS was negotiated to correctly support EAP-TLS 1.3 as well as to maintain backward compatibility with EAP-TLS 1.2.

TLS 1.3 changes both the message flow and the handshake messages compared to earlier versions of TLS. Therefore, much of Section 2.1 of [RFC5216] does not apply for TLS 1.3. Except for Sections 2.2 and 5.7 this document applies only when TLS 1.3 is negotiated. When TLS 1.2 is negotiated, then [RFC5216] applies."






On Fri, Jun 18, 2021 at 10:15 PM John Mattsson <john.mattsson@ericsson.com<mailto:john.mattsson@ericsson.com>> wrote:
Hi Bernard,

Thanks for your comments on backward compatibility. I think PR #83 addresses your comments. I did not write anything about TLS 1.0 and TLS 1.1 as RFC 8996 (which updates RFC 5216) formally forbids support and negotiation of these weak versions.

https://github.com/emu-wg/draft-ietf-emu-eap-tls13/pull/83/files<https://protect2.fireeye.com/v1/url?k=931ff3ea-cc84cac1-931fb371-866038973a15-a9a1d2b72b73651b&q=1&e=37b52464-2ebd-4ba4-aa0c-8087ad10b4ba&u=https%3A%2F%2Fgithub.com%2Femu-wg%2Fdraft-ietf-emu-eap-tls13%2Fpull%2F83%2Ffiles>

Below is how the two related paragraphs would look after merging #83.


1.  Introduction:

This document updates [RFC5216] to define how to use EAP-TLS with TLS 1.3. When older TLS versions are negotiated, RFC 5216 applies to maintain backwards compatibility. However, this document does provide additional guidance on authentication, authorization, and resumption for EAP-TLS regardless of the underlying TLS version used. This document only describes differences compared to [RFC5216]. All message flow are example message flows specific to TLS 1.3 and do not apply to TLS 1.2. Since EAP-TLS couples the TLS handshake state machine with the EAP state machine it is possible that new versions of TLS will cause incompatibilities that introduce failures or security issues if they are not carefully integrated into the EAP-TLS protocol. Therefore, implementations MUST limit the maximum TLS version they use to 1.3, unless later versions are explicitly enabled by the administrator.

2.1  Overview of the EAP-TLS Conversation:

TLS 1.3 changes both the message flow and the handshake messages compared to earlier versions of TLS. Therefore, much of Section 2.1 of [RFC5216] does not apply for TLS 1.3. EAP-TLS 1.3 remains backwards compatible with EAP-TLS 1.2 [RFC5216] . TLS version negotiation is handled by the TLS layer, and thus outside of the scope of EAP-TLS. Therefore so long as the underlying TLS implementation correctly implements TLS version negotiation, EAP-TLS will automatically leverage that capability. Except for Sections 2.2 and 5.7 this document applies only when TLS 1.3 is negotiated. When TLS 1.2 is negotiated, then [RFC5216] applies. The EAP-TLS implementation needs to know which version of TLS that was negotiated.

Cheers,
John


From: Emu <emu-bounces@ietf.org<mailto:emu-bounces@ietf.org>> on behalf of Joseph Salowey <joe@salowey.net<mailto:joe@salowey.net>>
Date: Monday, 14 June 2021 at 01:54
To: Bernard Aboba <bernard.aboba@gmail.com<mailto:bernard.aboba@gmail.com>>
Cc: EMU WG <emu@ietf.org<mailto:emu@ietf.org>>
Subject: Re: [Emu] EAP TLS 1.3 backward compatibility with RFC 5216


On Sun, Jun 13, 2021 at 2:44 PM Bernard Aboba <bernard.aboba@gmail.com<mailto:bernard.aboba@gmail.com>> wrote:
draft-ietf-emu-eap-tls13-16 Section 2.1 contains the following text:


   EAP-TLS 1.3 remains backwards compatible with EAP-TLS 1.2 [RFC5216] . TLS version

   negotiation is handled by the TLS layer, and thus outside of the

   scope of EAP-TLS.  Therefore so long as the underlying TLS

   implementation correctly implements TLS version negotiation, EAP-TLS

   will automatically leverage that capability.

I am concerned that this statement is potentially misleading. An implementation of RFC 5216 that negotiates TLS 1.2 and utilizes the key hierarchy defined in RFC 5216 Section 2.3 will not interoperate with an implementation of draft-ietf-emu-tls13-16 that also negotiates TLS 1.2 and utilizes the key hierarchy defined in Section 2.3 of that document.

So in what sense is EAP-TLS 1.3 "backwards compatible" with EAP-TLS 1.2?

The only way this makes sense to me is if it is stated that draft-ietf-emu-eap-tls13 applies only when TLS 1.3 is negotiated, and that if TLS 1.2, 1.1 or 1.0 is negotiated, then RFC 5216 applies.


[Joe] Good point.  I think this is missing from the draft.  The EAP-TLS implementation does need to know which version of TLS is negotiated.   I agree that this draft applies to when TLS 1.3 is negotiated and not previous versions of TLS.

_______________________________________________
Emu mailing list
Emu@ietf.org<mailto:Emu@ietf.org>
https://www.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email