Re: [Emu] Consensus call on EAP-TLS key derivation

Jorge Vergara <jovergar@microsoft.com> Wed, 12 May 2021 02:33 UTC

Return-Path: <jovergar@microsoft.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55F7F3A2FDD for <emu@ietfa.amsl.com>; Tue, 11 May 2021 19:33:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YUsaKqYRTHfN for <emu@ietfa.amsl.com>; Tue, 11 May 2021 19:33:39 -0700 (PDT)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2135.outbound.protection.outlook.com [40.107.243.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A19513A2FDB for <emu@ietf.org>; Tue, 11 May 2021 19:33:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ABFnEBdQ/yjvX7XhJeCCzdbNvi98yFdDeK1j16RvJVrmcYZg9OYoSlHaBrRYOUEV6teUz4pNuv3B4mkGXta1lD/LQalKYHiE62p9n08Q4qNS1YyEvrCaupXJ3ku0b2zhj7gw5dXJPU259F4X1WuYFjO13CuOLwz3+L+h+/OJicW3nXwGxilIWdP1KYVqquhLM8WD5p07JSgoCfQOKjSfIl6NnsXgPXFYGM2uONl38UQLOvm7XBCOk1TgajDWK0qTn5LajEDXsx0IYeJUPTz+mZm27yNR1ak/WkwK1qOniLDzeqb7QSaOuo/JKBFC3LtoTfFkkaA0ssnJTHtATTn5VA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kxIKyT/bdp3KU/AWZhYQ9IcDLlA+1k/YtoMIMOS9SPM=; b=OGDPfM2z0CgNPGN+8DkkC5DbWAUanzdE0ezyxVpeuLUUT9Gk7nWDOV98SO096jAyqS6INuIEgkFmgzjxBOzm1ZW0LeGnq0Ghr0kov9Q/pY4WYWzHOZh3bjPjMI4arenRC33LGwQoDNk8MBBYpzgw1oxmjfn3v3EhDpHUhplKZ7TVzWqP4XDigPxwDT11m4Cujls/QdqxdE/cy3kkcl4RmAGogYmbC2lOWXeUY+7a5sk1o6F/3FJVaA+b/RNt8T2ENcOZ8pRm1ka6JlAjFiccyylE0EfKOWvLE4bQiWan+Bg28fkTKetCpHF0jx1aI4HA7/g4/MoQ2J06sRhHzMkSMQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kxIKyT/bdp3KU/AWZhYQ9IcDLlA+1k/YtoMIMOS9SPM=; b=JbVNsp1c57Vo2G+cExfFUnVH5lWnf+P4ShALROSbArMxDt4S+yxeDoAj/CqvhMppkck6ix3hOvXZCAUIrwcU2FvFtvzM6lIufXUjNhpwrxt/lx4F0uf7OeK+1C14yHvI11p2dmJow1YNnSIosnUq0hcF77MyTqI+O+MGfdPqoTo=
Received: from MW2PR2101MB0923.namprd21.prod.outlook.com (2603:10b6:302:10::31) by MW4PR21MB1923.namprd21.prod.outlook.com (2603:10b6:303:7c::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.4; Wed, 12 May 2021 02:33:37 +0000
Received: from MW2PR2101MB0923.namprd21.prod.outlook.com ([fe80::addc:1ab3:9078:f48d]) by MW2PR2101MB0923.namprd21.prod.outlook.com ([fe80::addc:1ab3:9078:f48d%8]) with mapi id 15.20.4150.008; Wed, 12 May 2021 02:33:37 +0000
From: Jorge Vergara <jovergar@microsoft.com>
To: Joseph Salowey <joe@salowey.net>, EMU WG <emu@ietf.org>
Thread-Topic: [Emu] Consensus call on EAP-TLS key derivation
Thread-Index: AQHXRPxfobLCQUMyL0m+kkvlSOPLvKrfJCOw
Date: Wed, 12 May 2021 02:33:37 +0000
Message-ID: <MW2PR2101MB0923A3FD505F87E8B840D835D1529@MW2PR2101MB0923.namprd21.prod.outlook.com>
References: <CAOgPGoDtd2HAG8RrpLAZ8XQoiyXpJNz2k6+CAyxU2+gnbqEwjg@mail.gmail.com>
In-Reply-To: <CAOgPGoDtd2HAG8RrpLAZ8XQoiyXpJNz2k6+CAyxU2+gnbqEwjg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=9f6563a4-ad1b-4cc1-b86f-a9c64c3ab229; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-05-12T02:32:30Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: salowey.net; dkim=none (message not signed) header.d=none;salowey.net; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2001:4898:80e8:8:2d0b:dbd2:326d:2b10]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d8c2c81b-6c5b-46ce-0fcb-08d914ee58ac
x-ms-traffictypediagnostic: MW4PR21MB1923:
x-microsoft-antispam-prvs: <MW4PR21MB192317EFABCB7682EFA90732D1529@MW4PR21MB1923.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 8ZZAA/ejb0rlmLOzeS1DyrBkw3D8PKuIECkqIdSgChnuy3QnhPEd6DvXDV213qxy5rQDzwqmqUS2f2UdbkeOEXxdx1OKmiiidR3CM1HoMYVrz2LoT72Fj+x139D5WYyPPjEs87uRs+LUjp1LwfT7SUFKNGSYuZHWrnN2+QxaUrOf+x1X6idvfrwu/V+2cVwI8wbXPO77+McJtn9Q7YeF2KHZnO0kBvJ4R6qHEhF6WCeszlBk4xhw9ESEpr3Jy4rwoKzApc1SA6z/vUvsBfQFPQnyhvnrI/Z2AaUAldW+WG/77XTsG3f3mXTq/ojIPl3/B/ZU/c/7dCyjFpZQCnTViU1cqjcKR6R/6L4OLojzWRQDMVyidpkp8UY3itbLuiU/3qs3AA6wMsFe8aZ70y79i5I0AvLUDSwNNIPmDs+XaDfoxJ2FbK7lU6g9+9aFhYPyjGhbd/LC1miuGjtNvnpkZVEwfJ7ymkAEjkLfwT5Uthe7hzXPNkDq61H4xTuic+X3bxImjrko6CEJNfF7yRtb/0oL700NtbukGo3+aTj8FRmh182/GKLqWAslHKpJa4hzdek2cYSgI9F8zILvI6HoFJHZzrPCBY9mZzOzqnTp18k=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW2PR2101MB0923.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(38100700002)(122000001)(71200400001)(82950400001)(6506007)(53546011)(7696005)(33656002)(86362001)(83380400001)(8936002)(8990500004)(186003)(8676002)(55016002)(316002)(64756008)(66556008)(66946007)(2906002)(9686003)(66476007)(66446008)(110136005)(52536014)(10290500003)(478600001)(5660300002)(82960400001)(76116006); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: bGld8StvHI9HVqDXAs8Gm7+tZ7NtCtIp5FBqO/GvpKRQb0DtGUS+U734cwl4FTstC1nY3lV24YALe80Bxf10hsywd3HcDYbeCGUdUiMUfUHoQU0aTNE8+OVvVqSK5svrJrk5HnMUzJzNCyIpVkn6iBv5E5cToeQC/JyrFJ8cU6F8hc/IW6++5VD0EzxqlX7LinI56C3fM8/e/8duQ/7RjJyDZy4+PiJB0A8IjPlcsPgHko7fIIOy5Q2UkKTffIUAEq4pMi5/YUYuWWDrKbu275JOCOO9B2kqqmNB1Rsfy5eABwK2VWNqWesYizXEQfoOyqQXnEIQ/zWKKUQ5h2QfECxw/HPULFn6zUf4IdVYQzjmGgzXFoUw7GKySDr8Up5KFOxu5JYkjHljyfF4cmwv/QveYVvHCcBrcNruZfrtbz/d7xWe5ceDeEgmP4MJc6RiRSQZtkDqXClVhETjTRA3eec5coz+/MnLJSzKBuzNTkmrfQH90a4qEIa3CTZYOmGisdlSsG+XLu0mE4poDUXig2Srmu4xVHY/FnrSYgde+smEyITi7JkvpQAGGtJx3d5J2WPAdy+5nWh/zd2iItIsvQjpbo4GUNOi08N7jCZBXhAmr4gPVHUuCNH5f8OrDIbkLriUyr6f9xkOaioR80aBT+DoDFqCY7aSTaK+8k+uMwd/e0CZvek6mLMGEt1Y+63LJxZa+a7zqdQv9FKltmiWtcEPoj8r1nS5xS4ajQ62n0dZnZlxCkXi+Bco35+1JTWv7yQ41Dgq1UW2S3bowLOEd8UxzhUFcvAIAJhSaLHGIACsCQppmTWJNxshOEDGBsWFjQmX24ULos6VAYPSRxn5ls7vtLXesWyYnjKYB+Ayg2AUyD0HqkCoYlff+Yb3qXwddqwP3Sg7QU0P6hscaXpXU6uX/9A+BMo8mdLzJiW8i8yoWOuGLTyzQCegx/TRaHL3DUL9LF3PQAfKoWYZz3F4X6ePprquxWQ2l1X7p/+4
x-ms-exchange-antispam-messagedata-1: xuA1T6m5f149SXvxOpYqxyUWtsQZnn+AFBwfajCo7f5RZhE0AQ0+6JQSXePpTIvH33CvUPPJvHTqDcWXc9IhoIjaSTQ3tUoRMEegfrVNw2XX/onoTxLI3dIV9vyO+FmtvBthjKJdnuSSMBzaSDBsXyIYlv7kaAufUGnN0M19VttFampvn4yQzaO0OtEX4sjfWfhnsvfRpdaY6rddnyvoR569x+ZbS4/l5MIRANmwd7uoqt3HZXWd0OoaR98sradnGNmBsb1eO+arm3bfCy+gbH74zKJ9YC7TRZ0ZUBquR38r4cwRow7AJ9HQDYCAY9Qd36VPV9f9G2dAyvtbXEeN4LhrzFLRpYOcbCAjPvNtXlk3CByRUP/bBGKwAnXpwyzAHEg=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MW2PR2101MB0923A3FD505F87E8B840D835D1529MW2PR2101MB0923_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW2PR2101MB0923.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d8c2c81b-6c5b-46ce-0fcb-08d914ee58ac
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 May 2021 02:33:37.0839 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: cCmPZquJ4PFWwhamTa7LC1Hg7MPHNi5x1+OOXxit8kzyjed5U1vXCdjsRI0KVXU9lHGzuOdjoGhsKJgIZ82Fyw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR21MB1923
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/IzZIUXqkwAvoZ-2KYmX07i_3cIw>
Subject: Re: [Emu] Consensus call on EAP-TLS key derivation
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 May 2021 02:33:45 -0000

I am in favor of the switch back to draft-13 key derivations.

Jorge Vergara

From: Emu <emu-bounces@ietf.org> On Behalf Of Joseph Salowey
Sent: Sunday, May 9, 2021 10:54 AM
To: EMU WG <emu@ietf.org>
Subject: [Emu] Consensus call on EAP-TLS key derivation

We had discussion on the list on whether to include context in the key derivation, but we never closed on the issue of separating out the MSK and EMSK derivation.  As a result several implementers have gone down the path of implementing what is in draft 13 and not separating out the derivation.  The main difference is that draft 15 separated out the EMSK and MSK derivation using two different labels while draft 13 used a single label to derive key material which is partitioned into two keys.   The reason for the change was to enable different access control for these two different quantities for different callers, however in practice it is EAP-TLS application which needs access to both keys that is the caller of the TLS library so this separation is not particularly useful.   Therefore the recommendation is to align with implementation and derive the MSK and EMSK by partitioning the key material from the key material produced by a single label of the exporter function.

Please respond to the list if you support the change below or not to revert some of the text in the key derivation section.  If you object to the change please state why.  Please respond by May 20,2021.

Thanks,

Joe

The proposal is to use the following key derivation which is largely a reversion to draft 13:

Draft-15 Text:

Type-Code = 0x0D

MSK        = TLS-Exporter("EXPORTER_EAP_TLS_MSK",Type-Code,64)

EMSK       = TLS-Exporter("EXPORTER_EAP_TLS_EMSK",Type-Code,64)

Method-Id  = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id",Type-Code,64)

Session-Id = Type-Code || Method-Id

Proposed New Text:

Type-Code = 0x0D

Key_Material = TLS-Exporter("EXPORTER_EAP_TLS_Key_Material",

                               Type-Code, 128)

MSK          = Key_Material(0, 63)

EMSK         = Key_Material(64, 127)

Method-Id    = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id",

                               Type-Code, 64)

Session-Id = Type-Code || Method-Id



The rest of the text of the section remains the same as draft-15.