RE: [Emu] EMU PSK Method work Item
"Hao Zhou \(hzhou\)" <hzhou@cisco.com> Wed, 01 February 2006 18:13 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4MTZ-0007mz-Aw; Wed, 01 Feb 2006 13:13:05 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4MTX-0007m0-HK for emu@megatron.ietf.org; Wed, 01 Feb 2006 13:13:03 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA19735 for <emu@ietf.org>; Wed, 1 Feb 2006 13:11:19 -0500 (EST)
Received: from sj-iport-4.cisco.com ([171.68.10.86]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F4Mec-0007Bk-UO for emu@ietf.org; Wed, 01 Feb 2006 13:24:31 -0500
Received: from sj-core-2.cisco.com ([171.71.177.254]) by sj-iport-4.cisco.com with ESMTP; 01 Feb 2006 10:12:47 -0800
X-IronPort-AV: i="4.01,245,1136188800"; d="scan'208"; a="1772446384:sNHT32237976"
Received: from xbh-rtp-211.amer.cisco.com (xbh-rtp-211.cisco.com [64.102.31.102]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k11IC0WN012965; Wed, 1 Feb 2006 10:12:45 -0800 (PST)
Received: from xmb-rtp-212.amer.cisco.com ([64.102.31.111]) by xbh-rtp-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Wed, 1 Feb 2006 13:12:35 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Emu] EMU PSK Method work Item
Date: Wed, 01 Feb 2006 13:12:34 -0500
Message-ID: <9958B444368E884DBB215F3FEF36F5B701A680CB@xmb-rtp-212.amer.cisco.com>
Thread-Topic: [Emu] EMU PSK Method work Item
Thread-Index: AcYnWLg8fOEUOQigRyuB8F6c40zhagAAb3Mw
From: "Hao Zhou (hzhou)" <hzhou@cisco.com>
To: Bernard Aboba <bernard_aboba@hotmail.com>, "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>, emu@ietf.org
X-OriginalArrivalTime: 01 Feb 2006 18:12:35.0189 (UTC) FILETIME=[13A78250:01C6275B]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 34d35111647d654d033d58d318c0d21a
Content-Transfer-Encoding: quoted-printable
Cc:
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Sender: emu-bounces@ietf.org
Errors-To: emu-bounces@ietf.org
> Of course, EMU WG could create a new protocol based on TLS that would > *require* PSK support and allow optional certificate support. > However, this would not be EAP-TLS but something new. Agreed. That's what I proposed. Notice I wrote TLS based EAP method, not EAP-TLS. Having a requirement statement on the "small footprint" of the PSK is the key to evaluate whether we can do it within a single EAP method or not. > -----Original Message----- > From: Bernard Aboba [mailto:bernard_aboba@hotmail.com] > Sent: Wednesday, February 01, 2006 12:56 PM > To: Hao Zhou (hzhou); Joseph Salowey (jsalowey); emu@ietf.org > Subject: RE: [Emu] EMU PSK Method work Item > > It seems we might achieve this goal and the two other work group > >items, TLS-based EAP method and existing password database support, > >using a single EAP method, e.g., a TLS based EAP method > supporting PSK. > > One of the attractions of PSK is to implement it on an > embedded device. So while it is possible to address the PSK > work item using a TLS-derived protocol, attempting to glom > this onto the EAP-TLS specification is a bad idea. Since > EAP-TLS *requires* certificate support, adding PSK on to it > would effectively require embedded devices to include > certificate support just to support PSK, whether they needed > to support certificates or not. > This would greatly increase the required footprint. > > Of course, EMU WG could create a new protocol based on TLS that would > *require* PSK support and allow optional certificate support. > However, this would not be EAP-TLS but something new. > > > > >This would save us the work of trying to define two or three EAP > >methods. One thing might help us is to define what exactly > is "strong > >shared secret", "compact", and "simple" in a requirement or problem > >statement. They might be expressed in turns of desired number of > >exchanges, computing power, cipher suites limitations, etc. The > >security requriements are already addressed by RFC 4017. I > suggest we > >do the same for the other two items. Then we can evaluate > whether it is > >feasible to achieve the three goals with a single EAP method > and go from there. > > > > > -----Original Message----- > > > From: emu-bounces@ietf.org [mailto:emu-bounces@ietf.org] > On Behalf > > > Of Joseph Salowey (jsalowey) > > > Sent: Monday, January 30, 2006 12:22 AM > > > To: emu@ietf.org > > > Subject: [Emu] EMU PSK Method work Item > > > > > > The first work item on the EMU charter is to start work > on a shared > > > secret EAP method. The item on the charter is: > > > > > > "A mechanism based on strong shared secrets that meets RFC > > > 3748 and RFC 4017 requirements. This mechanism should > strive to be > > > simple and compact for implementation in resource constrained > > > environments." > > > > > > The emphasis here is to create a simple, secure mechanism > to support > > > pre shared secret keys. Support for optional enhancements may be > > > considered in the design as long as it does not bog down the > > > progress of the work item. Current work in this area > which should > > > be considered in the design including: > > > > > > EAP-PAX - draft-clancy-eap-pax-06.txt EAP-PSK - > > > draft-bersani-eap-psk-09.txt EAP-SAKE - > > > draft-vanderveen-eap-sake-00.txt > > > EAP-IKEv2 - draft-eronen-ipsec-ikev2-eap-auth-04.txt > > > TLS-PSK - RFC4279 > > > > > > Please send email to the chairs if you are interested in > > > participating as a contributor on the shared secret method design > > > team along with a description of your experience. > > > > > > _______________________________________________ > > > Emu mailing list > > > Emu@ietf.org > > > https://www1.ietf.org/mailman/listinfo/emu > > > > > > >_______________________________________________ > >Emu mailing list > >Emu@ietf.org > >https://www1.ietf.org/mailman/listinfo/emu > _______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu
- Re: [Emu] EMU PSK Method work Item Bernard Aboba
- RE: [Emu] EMU PSK Method work Item Magnus Nyström
- [Emu] EMU PSK Method work Item Salowey, Joe
- RE: [Emu] EMU PSK Method work Item Hao Zhou (hzhou)
- RE: [Emu] EMU PSK Method work Item Bernard Aboba
- RE: [Emu] EMU PSK Method work Item Hao Zhou (hzhou)
- Re: [Emu] EMU PSK Method work Item Thomas Otto
- RE: [Emu] EMU PSK Method work Item Bernard Aboba
- RE: [Emu] EMU PSK Method work Item Salowey, Joe
- RE: [Emu] EMU PSK Method work Item Salowey, Joe
- Re: [Emu] EMU PSK Method work Item Sam Hartman
- Re: [Emu] EMU PSK Method work Item Sam Hartman
- Re: [Emu] EMU PSK Method work Item Bernard Aboba
- Re: [Emu] EMU PSK Method work Item Jari Arkko
- Re: [Emu] EMU PSK Method work Item Jari Arkko
- [Emu] RFC 2716: request for implementations Bernard Aboba
- Re: [Emu] RFC 2716: request for implementations Jari Arkko
- Re: [Emu] RFC 2716: request for implementations Bernard Aboba
- Re: [Emu] RFC 2716: request for implementations Jari Arkko