Re: [Emu] Fixes and suggestions for draft-ietf-emu-tls-eap-types-09
Alan DeKok <aland@deployingradius.com> Thu, 05 January 2023 00:24 UTC
Return-Path: <aland@deployingradius.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 540DFC14CEE0 for <emu@ietfa.amsl.com>; Wed, 4 Jan 2023 16:24:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aRaujLLcsd9e for <emu@ietfa.amsl.com>; Wed, 4 Jan 2023 16:24:30 -0800 (PST)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 894B1C14F744 for <emu@ietf.org>; Wed, 4 Jan 2023 16:24:29 -0800 (PST)
Received: from smtpclient.apple (135-23-95-173.cpe.pppoe.ca [135.23.95.173]) by mail.networkradius.com (Postfix) with ESMTPSA id 11DD72E9; Thu, 5 Jan 2023 00:24:25 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <CAA7Lko_u5S3CKj3nQ=42Qd9kQMwp6W=8rWE-VFtAD6j7wRKd9w@mail.gmail.com>
Date: Wed, 04 Jan 2023 19:24:24 -0500
Cc: EMU WG <emu@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <B2D3E23F-BD48-46A7-8B99-8BD604380D28@deployingradius.com>
References: <CAA7Lko_u5S3CKj3nQ=42Qd9kQMwp6W=8rWE-VFtAD6j7wRKd9w@mail.gmail.com>
To: Heikki Vatiainen <hvn@radiatorsoftware.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/LJrYasV4dPlyixtgJ4_A3iT4vBU>
Subject: Re: [Emu] Fixes and suggestions for draft-ietf-emu-tls-eap-types-09
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2023 00:24:36 -0000
On Nov 18, 2022, at 8:50 AM, Heikki Vatiainen <hvn@radiatorsoftware.com> wrote: > > Please find below some fixes and suggestions for draft-ietf-emu-tls-eap-types-09 > > Apart from the first item (TEAP label), which could also be considered a typo, I think these are clarifications, not functional changes. I agree. > > Labels used with TEAP > ++++++++++++++++++++ > Section 2.2 says: > > session_key_seed = TLS-Exporter("EXPORTER: session key seed", Type, 40) > > This is missing 'teap ' and should be: > session_key_seed = TLS-Exporter("EXPORTER: teap session key seed", Type, 40) Fixed, thanks. This aligns the document with RFC 7170. > TLS Finished > ++++++++++++ > Search for 'finished' shows that TLS Finished message is written, and sometimes used, in different ways. My suggestion is to replace the variations with: Finished message > > 'Finished message' is what the TLSv1.3 RFC mostly uses too. This draft already uses, for example, 'NewSessionTicket message' therefore 'Finished message' would be a good match. Fixed. > Other Finished message / CONNECTED state notes > ---------------------------------------------- > The first paragraph in section "3. Application Data" currently says: > Some implementations use a "TLS finished" determination as an indication ... > > This might be better written as: > Some implementations use receipt of Finished message as an indication ... I think that's good. > The second paragraph in section 3. says: > ... a transition to "TLS finished" also meant that there was no application data available ... > > Because there's no such TLS state, a fix could be: > ... a receipt of Finished message also meant that there was no application data available ... That's good. > The first sentence in the second paragraph of section 3. says '"TLS finished" method' which is one case where simple 'Finished message' would work. Fixed. > Indication vs indicator > ++++++++++++++++++++++ > EAP-TLSv1.3 RFC 9190 does not use 'indicator', it only uses 'indication'. This draft uses the both, mostly indicator, but it might be clearer to use 'indication' to match RFC 9190. Fixed, thanks. > Spelling of CHAP variations > +++++++++++++++++++++++++++ > Suggestion: Search for 'CHAP' and ensure that only 'CHAP', 'MS-CHAP-V1' and 'MS-CHAP-V2' are used for the non-EAP variations. Fixed. > Section 6.1., inner tunnel replacements > +++++++++++++++++++++++++++++++++++++++ > Paragraph starting with 'It is RECOMMENDED ...' does not suggest using MS-CHAP-V2 or EAP-MSCHAPv2 as a replacements for MS-CHAP-V1. Adding this would match the previous paragraph. I agree. I've fixed it. > > Other minor suggestions and fixes > +++++++++++++++++++++++++++++++++ > EAP-Response/Identity could be used as the common notation for the two uses in section 3.1. Fixed. > Section 6.1 has '... do not provided ...'. Remove 'ed'. Fixed. > Section 7 has a typo: tje Fixed. Thanks for the comments. Hopefully we can get an IETF last call soon. Alan DeKok.
- [Emu] Fixes and suggestions for draft-ietf-emu-tl… Heikki Vatiainen
- Re: [Emu] Fixes and suggestions for draft-ietf-em… Alan DeKok