IETF Logo Mail Archive

Re: [Emu] Version Notification for draft-dekok-emu-eap-usability-00.txt

John Mattsson <john.mattsson@ericsson.com> Fri, 11 February 2022 11:04 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AFA83A0D66 for <emu@ietfa.amsl.com>; Fri, 11 Feb 2022 03:04:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.675
X-Spam-Level:
X-Spam-Status: No, score=-2.675 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uub0r-BLP5xB for <emu@ietfa.amsl.com>; Fri, 11 Feb 2022 03:04:30 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on0607.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0c::607]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3D0C3A0D5E for <emu@ietf.org>; Fri, 11 Feb 2022 03:04:29 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ab+mtQzMK3ALFUpMoxBMaEd+OiDD4g5bzjQmKWlJHdMtAuf5sj2GmcemjUXyoX9NOF/fYtyqT069JrIhUQ2n4F61b10a+SuEKF7SK/8FxkViJrKBKE68Sf7k70BWuGUJm4UxdPZSDMfZmBsoaFwjzMrTwI6WcNE/JAx+CMzFqC2MU6Axe5Q1hn7BUpdxm1F2M9LWGt8Yt6pGfOs+5/yMiGZEPnaVhRxR8wdZCm7WPZOklhIBjiYl/YosPqeROXduTTbRu+Kqj/X0+mvlNeUEim7OKSGM7XPtgw8Hd3np0nfZLXhi3eIzYrP9P7nVjLr6vkzdRqfi5xOYFZKdgFgl/Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KgNbpIeblA5B9GSz7YTVgca5aztbgv4C2sXEIhRALq8=; b=d3wyLXOQyX4FDIMSGmQNq6yQQZ67Wc8miHqEVcd935JF+XuHVOGk9RLX1oI8JUYfUmtH97Wx9MR4It7cmiVjgyLCPtn+JOGdcBb72xeUL/z095StLwscdVXPZU3SiX38TzxPoXijGdjX08144H9nsMMTnvMue0PBUTA75hZy3i2hmwIdrzqgEWtUKbtc2oCb7dxsEd9gGOXIkGYQhCFkOA1vO8ZMNsXWIoNw24abMaVF7KyJlQmZfc0DnaH5WRkPkQDAXCQBN4ZNnva4bVnVpwfDV3WnuImlPUUKSnWvwjYlZ8DrePh0VR1QEJyUWhq0XciOejN6sIezbJEi9LF9yg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KgNbpIeblA5B9GSz7YTVgca5aztbgv4C2sXEIhRALq8=; b=vCAiBTytrzCkShq5/B9fsHz9BOCDrTL51VAO+enOU/Uz6KirXNV5ikHr+fnXIioIuYd5NcJ+S6Ea/jilCTKrzdn7Ah3V8ZbN9ju3iRvoybuaopnweSeRsdI/TH5Tosv6kbWn1OqavcyDeaCvEl2zm9n3Qx+/sK6j+PLa+GhVFKg=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by AM7PR07MB6659.eurprd07.prod.outlook.com (2603:10a6:20b:1ae::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.8; Fri, 11 Feb 2022 11:04:24 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b462:480e:b937:c62c]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b462:480e:b937:c62c%7]) with mapi id 15.20.4975.011; Fri, 11 Feb 2022 11:04:23 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Alan DeKok <aland@deployingradius.com>, Carolin Baumgartner <latze@angry-red-pla.net>
CC: "emu@ietf.org" <emu@ietf.org>
Thread-Topic: [Emu] Version Notification for draft-dekok-emu-eap-usability-00.txt
Thread-Index: AQHXd0eXeweLtK2gj0ajtO6/OOMgcatEG50AgAA9/QCAARHOgIAAmJcAgUl7I8w=
Date: Fri, 11 Feb 2022 11:04:23 +0000
Message-ID: <HE1PR0701MB3050816DC3B7AF70E0AFE8F589309@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <162611255836.29278.13767587856449885761@ietfa.amsl.com> <D71E4C2D-53AC-4453-AF26-39D8684CEAF0@deployingradius.com> <887c07d9-c62f-0fa4-e422-4e9bcfc39756@angry-red-pla.net> <3FDB94D5-CD72-446F-839C-C0130E9FD5E0@deployingradius.com> <ff264fc0-b374-c564-da05-63483cdfa9a7@angry-red-pla.net> <974B27AF-1570-44EC-8232-3CFADA6DD6C8@deployingradius.com>
In-Reply-To: <974B27AF-1570-44EC-8232-3CFADA6DD6C8@deployingradius.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 88bd8eed-ef37-4687-5c10-08d9ed4e432c
x-ms-traffictypediagnostic: AM7PR07MB6659:EE_
x-microsoft-antispam-prvs: <AM7PR07MB6659503F12F5761FD50E4C2389309@AM7PR07MB6659.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: G0/l8Aokgn7+ejcIu0v6513tdz9viPGfis59niB2CejnMyXMe/u7wlQX2MeK1pNvu4HdXPlZJmvgCGxAEBbLWp21bq5X5eVTgUedWEB+I9CA7B1OjgOGVs4024ENIU07ArjBlihisW/KoMFZNPiP1pzUcUwMAqPKA35fHiZ7kyShlMRw1QrJPlhY9szyfq+hBAFCeB+ilaVe2NajR546DIGb3Y4BtM7tN5tV139UEKIRbOmOq9SG0qyUpQz9Inif3ors3EZByfw0coh54l1rmxQF1dP5Cw4gxCvyWKKKH+l60VBvC+UVZ7TKXIX0Cxve2zOHSxxQS+Cs5XT418VFHEKgPwMKaMLWXz71H8FA/Nza6TrQQhlgz9jRNEn/F6qmRBpO1c3NpP4x2SnzuA23OyZXR821kZD1Pc/Wwq2NIRugzxco4990Mz0UM7Ic/+GV2E2j4Ts0KwX5pUZWOpvmEs2BRITzV+MOzlR8WT3EOQw5nKoXylqFwZ6YhtX3uFpUoUWbah6+bKZtwGubbDU/8LPibTJ3SorojjkVJGLDZ/qI+N5y+c5ck7etImJUO6g70rugtoDLzZR/O0Ci/v6oS/JWmu+Ycr1fD/cU2gPnj13Brmmt4LUw5eiVF46dW+ueHDHvGYuOhFTjQH8Z89Y/gd4hfwKTpwZFtvR0Vh2yMKfuwvh/1eja9MZ3HmWlH3J+AOxSyCC9YJbEfXsiLCrHTaH8Y/DLVuBD7Whpp2UNb+soOCwWhaTjIw/0hlmjUvUEChDcLtP4gZGlFwc/mUy5Xx+o6c8ceuZWHD/nTfcZmQ+QWeWUGS5FIwwMjAaeRK2xXtXBGS3z1M4V021dh8tAsQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(9686003)(38100700002)(38070700005)(508600001)(316002)(5660300002)(44832011)(52536014)(186003)(26005)(8936002)(7696005)(33656002)(6506007)(71200400001)(53546011)(966005)(83380400001)(86362001)(66946007)(82960400001)(8676002)(66446008)(66556008)(64756008)(66476007)(122000001)(15650500001)(76116006)(110136005)(55016003)(2906002)(166002)(4326008)(91956017); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: +gwolC3M/S+bP+j/mHdaOr2Tuf4CCM40aAg54kEKCXdevRGhA2UM+aYEKm2Eb3I2yMQVOyVNFqgMP7g15q3cFX7CDd76m75snyCweHHvzGYTsiYr9FfuhQJM7JHZtswoY9V4ytBNo5gOZxYXNi8FldWBUcKJafDYrMtv9HYsA9QJE+51Vy6ya65U6aIh34EzpDCnvMqrEpXKVqVt4HbvFpwF8gXZuJR0bknNu3MlYkY1tUEKNjnUObo0st5WfgD81WHNejXdHCZ0sepUn+6tKrY+Nt7T6Jek7rip/KptykU8iwSAadwOOR8d1QiCuaV+rMRZ7Hoq9w4HuLu/gjQFZezEU6utG5U/bUeIafakb9IulmymIKbDMXIgbxXCDkbIVptXXsrv6hBdqAH1MkQLsDnWF0znFULW+mPoQkIQgoItsiVghDjJv7LGrDSN0PV0ZNvAbmLoqxnWfq3yC+Ue8hzpe12tZ/PdqDm8ikQiBMwWD2vCl2JvrpRSlaqIQpZ3rTCDDvPJ8beLQDeNoCaMsniyUIeoMAif9kTKQcCoKXQDc1bGL172nowgkJMlREjzad9/MSFRB1ZDlUQpuc9q3tYesyE5GqyR4TSjwLjvDKbX88P0cmNBWHfiwCoWoGzSbglIZzQSCtJmuyxGd0Do/m3It5vxwxJMd/+4yOS3RzmxswP/IzePvXyorVoHQiP7ogr238iUH0fKAFY2I6BayBK7PGxS/rZgK/8JvRrsqypSSTtzTAhveaikZdAYPsnE92XGOnPiqQBPTut7+hU9VkE+gETjeefKdwCBuz+dmelQ5MOSRuZnctVEZF6fvTbvRZB3SX9n5hyZ3BXVhB/hdEYAkTaUx278++jzjOAeGEvPrMC8GhW4wC/VVAmqI1xRe4YiUTZeF771hMG5NnZ/LQwjZQ/4giit1DX6RSGwsTg+rAzVA5x3xzyy5Y/hQXkdfCebc5zqSdP1fX/wtmkgYfHHg/5SpneJ0H6nDGWmBN/gyDQQNWteGP9mntdo84sn8m0DO0Z8MjgaNiY8B5Y+njjc20RfRhHBPDWbR1mVN3YhaG5UcPaosfBAnqs5IyFNOXLYD4ses4ZA8uaKwRlZ+s0Aj6tovq6ptFRYskgxu0dA9gfPWnhaSLH4ZaB4GaJB6ZP6UJL2NWOkmJM7jG6ovWwSFqT1EpEF5DxrE9a68YVJL/NsRwIoADcf7GIuklxBnYA6f6n+sciwYbsDl8yC3IlCECtG7HY3NhZqNHV4SYJGKzDzykIPnGMqp8Y9Dd2ktT6qISP/AX3mOS88FqKVQBBZddcyDDHNlP+JFNX4JajbJ2NG8ATIpkHEuGVZfEbggclvyWnq7R+0bGasNwFX9FackN5Sj/xSTuSmk38Mr/POFRUhL0Oe7vfw4SA2h1GcIhsHU2VgIhIT7nToE4FbLUqza4phYdTb1xjEhCL6gUMMna/jaRXmHUohAjO9uIDCLrXduNdr2uE61u9AO/Gn+gRiXstE/FkYrYdHdQADL/dG6nf5avXqCWVR4Fhvje+98qBGxCVS16fOnD9STTbBMunzHiOD09PkI9iMquEfqgH2UmmHkTJLvuhEc9MykDUM/5saxz4jBGm89OPeTfc1XKQjijc1UG3Crs0U/RYPxmKqTYQVoMBue/o5dIdiU5mG+4JXWq2eiOE1ZOOhrj9Fn7MLllM8jKIrqkiORV984pU=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB3050816DC3B7AF70E0AFE8F589309HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 88bd8eed-ef37-4687-5c10-08d9ed4e432c
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Feb 2022 11:04:23.8910 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5R2HUra/oUVOeZe3y1BCW82ZbL9khH/Yix0PCrHMRgP9nbzEzctqaPukBhhu37LtYzEYvQDDAYzbcOyvo0E+UcTqW4jNcQsck4DaJwzSOCg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR07MB6659
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/L30lMfacNOfoZO8ER94XjrrG_6k>
Subject: Re: [Emu] Version Notification for draft-dekok-emu-eap-usability-00.txt
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Feb 2022 11:04:38 -0000

Hi,

I think it would be very good if IETF/EMU could agree on simpler, more automatic, and secure deployment and configuration of TLS-based EAP methods. This is severely needed. Both complexity and security are very real problems.

https://threatpost.com/misconfiguration-university-wifi-login-credentials/175157/

RFC 8446, RFC 5216, and draft-ietf-emu-eap-tls13 does not give much guidance on this and the security requirement for cerficates are soft.

Any work should likely align with https://datatracker.ietf.org/doc/draft-ietf-uta-rfc6125bis/

I have not read draft-dekok-emu-eap-usability-00 yet. Inter-operability issues between implementations seems to be an issue, how easy will it be to reach consensus between different implementations?

Cheers,
John

From: Emu <emu-bounces@ietf.org> on behalf of Alan DeKok <aland@deployingradius.com>
Date: Friday, 16 July 2021 at 21:32
To: Carolin Baumgartner <latze@angry-red-pla.net>
Cc: emu@ietf.org <emu@ietf.org>
Subject: Re: [Emu] Version Notification for draft-dekok-emu-eap-usability-00.txt
On Jul 16, 2021, at 6:26 AM, Carolin Baumgartner <latze@angry-red-pla.net> wrote:
>>   Provided there's some network connection available, everything else can be automatic.
> ah yes. I guess it might make sense to make that clear towards the beginning of the document :-) I only got a later ....

  I'll definitely fix that.

> I finished the document now and really like it. I just think the normative part comes quite late in the document. Maybe it should also be referenced in earlier sections. To make it stronger, you could even use SHOULD instead of RECOMMENDED (in section 8.2), I guess

  SHOULD and RECOMMENDED are synonyms for this purpose.

  I left the normative bits to the end because I wanted to explain the problem, and then give examples of the solution first.  Once those are clear, they then motivate the normative text.

  I found that if I put the normative text earlier, then people would ask "why these decisions?", only to have them answered later in the document.

  Alan DeKok.

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email