Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls13
Mohit Sethi M <mohit.m.sethi@ericsson.com> Tue, 10 March 2020 16:43 UTC
Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F02F93A14D9 for <emu@ietfa.amsl.com>; Tue, 10 Mar 2020 09:43:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wrijXuJG7H2J for <emu@ietfa.amsl.com>; Tue, 10 Mar 2020 09:43:31 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130082.outbound.protection.outlook.com [40.107.13.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37E563A0FDC for <emu@ietf.org>; Tue, 10 Mar 2020 09:43:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z0J8oizvMjCQwQz+UywRpxE6fZPEwcLyB+vi+MoMdoyDy9iSK7CExXQSeYYVzXyiEh0FMi3WiIvft3TNQtNNNWucBod8vRWiMZV1++lAk9CDglHEym48+lvjvdfqY4ftnBI3UwlsY0HJcXjR5++1ddGbQGmy+YxyVV63Wtgi/M98ghhY7ageQoeYKmgwUD3tTDPzSn3aKuORw2IrUUR5q6456+9ALTciq7P6JLc+Jbp5mbtytPt5gCM/sMEFZn1cEqgoAOguZKOXeJGKaj+FiqmlzhrPUpUpy3iIR02Ao3024df1S/7Q0zQD2AVpGOiZOE9EoW3p5t2vRvUL2HxYsA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=IBeHkRojYFuXgtpHCc+/Jb2UhlbyEiUfZt9Itvnpdts=; b=UgM1Z4sqfrYPA1YCU1nWhR6EjBiryuXwiWQ8EF5EQcH+B6UYWUQenveYGnL9nw5Cfp9btqAWqkPGYKG5vqIzv3pF3z7kfwyXjVxYukxaC/pLvT2R7saTropikSBEq60roNBU+hB5djmB6th06p761F81VhzK/b5CIUbfgwX6ho4u3exLAguNnWiRl+DXyIqvtMQwT57NHui5lzPDfJKBgqTDxAMKBg0egR5NwKd6pw6EmTA/+K4cfjilPTviUhTFucZsnig8oIyHxeVl//4oBsh3njX0RY9DJm7S72BKu48XZnmHqoY3PHF4sYKKdtCqIjhwkAovJAuyXZS5qInlzA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=IBeHkRojYFuXgtpHCc+/Jb2UhlbyEiUfZt9Itvnpdts=; b=Oh+mqyvTkKS4+ZI62WPTiV3W3w9YmDl+a2h/z/23UXEuyjMsR8Sy56Qo99IyW7VVHAjI93/zDsTt81erlNhO4AXp6vR1JVnd/vaIB27ZrrIusWqn+0f9BeJ/OTYWQ1w/QZF7B6yTEL4OamtqcniQumBXcN5qE5hRgUjmgnzzcTQ=
Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com (10.168.98.146) by HE1PR0701MB3036.eurprd07.prod.outlook.com (10.168.96.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.9; Tue, 10 Mar 2020 16:43:28 +0000
Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::3454:e504:3d25:aff1]) by HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::3454:e504:3d25:aff1%5]) with mapi id 15.20.2814.007; Tue, 10 Mar 2020 16:43:28 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: Russ Housley <housley@vigilsec.com>, John Mattsson <john.mattsson@ericsson.com>
CC: EMU WG <emu@ietf.org>
Thread-Topic: [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls13
Thread-Index: AQHV9vsG5NtNOajZtUiXhfAHNRf4aw==
Date: Tue, 10 Mar 2020 16:43:28 +0000
Message-ID: <7f5af3b2-8218-5e4a-d56f-605ab326f55d@ericsson.com>
References: <MN2PR11MB39011F2754371931D1CFF0CCDB780@MN2PR11MB3901.namprd11.prod.outlook.com> <FC4CD2F5-B5E2-4FFB-B81F-A67DC55CD24E@deployingradius.com> <3113156B-EB01-4BBA-B51A-38883656E457@vigilsec.com> <89644402-9B35-401A-92E1-062962B69BC0@ericsson.com> <54BA1048-104B-4CB6-8CF6-D23F463BE382@vigilsec.com>
In-Reply-To: <54BA1048-104B-4CB6-8CF6-D23F463BE382@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com;
x-originating-ip: [2001:14bb:180:17b0:4507:547b:be4:5621]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ac9152a3-ad0a-45cb-7df0-08d7c512293a
x-ms-traffictypediagnostic: HE1PR0701MB3036:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <HE1PR0701MB3036D46F57EB56DEC3E28464D0FF0@HE1PR0701MB3036.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 033857D0BD
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(376002)(366004)(136003)(346002)(189003)(199004)(6636002)(2616005)(4326008)(186003)(76116006)(31686004)(110136005)(6486002)(316002)(6512007)(81166006)(66946007)(66556008)(66446008)(478600001)(66476007)(64756008)(71200400001)(966005)(5660300002)(36756003)(8936002)(86362001)(31696002)(6506007)(53546011)(8676002)(2906002)(81156014); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB3036; H:HE1PR0701MB2905.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: x4q6xgFzZ9U4lYaEdXOh/znhMW2iRMrAK1E6fZ3r9u7k2+ZqLI/ZsRmpoCcWvTEq4vm/7krO8WNNO12E09ojQiqK2eiwA/32yg5uNwf1zqUGkJ/VWLdEYiZsh/MZhv6tcok4h81IgxBEbPXZEZbEki9vt7DU6V3zbj4XufY5ahb756VNobSDrAAAvC3yS/MvAfme1RluYX7T9kNSNdaCXAz5YGVTXXpve9dX3IxlSQpZLUE8sUo4OmNyjTnceeOWEfjdXpnf04R7vNz5/5igXJgzFigmxHjqDwjAnUhcHa+5M1l6U6szeMDDkAcpnShfo9+cFHTTwUcSAPkYg63SoKUqhbyOcM26CNhG3d83JYmz5QbXVMnn7NJyvlCxRgVgwvmytD736hErbE8t6vuZTPeP9XpKARrf0hl8EqZSEhx1UXC5QMyPNpJoViF846ivlLi/GRUWvA1iPJ/IZHN+rRqqsQ2tAy5L7G69eGz9jDpiqKhMDtn7tUpZuN0492cy0lovkO90PS5i7Hv+OI4NwQ==
x-ms-exchange-antispam-messagedata: uSn8qcRLlWCX9pUuHOebqItTrlcTLF9iVZNHco/N2b6mJqVgvmRWJU5KMVH6xk/G9u5Wh8XaG56CBGuJ1nk+SvzncQqoDuT16Llgq5VV+BdxkONl3U4S3T84B4an+Vip/JHta30nTMS7uZiXiZcVywl0cLcphHKZPhRJLYIsCNhFSQiFZy6Wta3/NBy0vJ036A5Q6xLEx/xyRSFroflHLg==
Content-Type: text/plain; charset="utf-8"
Content-ID: <B15242443C43E44CADB08802B7D69180@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ac9152a3-ad0a-45cb-7df0-08d7c512293a
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Mar 2020 16:43:28.7027 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: sW6qkY0xd66pubkr4fIVbp6fXlerrCbw34rE3YA1PaBa6ZbwHMmnxwAiiF0sqmGKDa7i6vK0+oqQO9OzQdSNavgr4CKpgcyqM9bBQiXQdmA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB3036
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/LoFMUCddVqU2PDR2f7fdF5UADPY>
Subject: Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls13
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2020 16:43:34 -0000
Hi Russ, You can listen here: https://youtu.be/YJLG4JUftqI?t=1144 We plan to support it in EAP-TLS-PSK instead: https://tools.ietf.org/html/draft-mattsson-emu-eap-tls-psk-00. We have already added a reference to draft-ietf-tls-tls13-cert-with-extern-psk and plan to use it. I think using an external PSK any ways requires ironing out some issues like what is the relationship between NAI and the PSK identity? And do we allow user-configured PSK identities/PSKs etc.? Would it be reasonable if we specify the usage of draft-ietf-tls-tls13-cert-with-extern-psk in EAP-TLS-PSK instead? --Mohit On 3/10/20 6:30 PM, Russ Housley wrote: > I do not understand the reason for Bernard's objection. I looked at the minutes, and I do not find any rationale there. Can you help? > > Russ > > >> On Mar 9, 2020, at 5:59 AM, John Mattsson <john.mattsson@ericsson.com> wrote: >> >> Hi Russ, >> >> Sorry for the late reply. I actually brought up your draft [ID-ietf-tls-tls13-cert-with-extern-psk] during my EMU presentation at IETF 106 as something that should probably be in EAP-TLS. Bernard Aboba then expressed a very strong opinion that [ID-ietf-tls-tls13-cert-with-extern-psk] should absolutely not be included in the EAP-TLS Type-Code 0x0D. After this the WG decided as a way forward to specify EAP-TLS with PSK authentication in a new draft. >> >> Given these strong opinions from Bernard Aboba, and the wish to publish draft-ietf-emu-eap-tls13 soon. I think the best way forward would be specify the use of [ID-ietf-tls-tls13-cert-with-extern-psk] in the same new draft as EAP-TLS with PSK authentication. Does that sound like an acceptable way forward? >> >> Cheers, >> John >> >> -----Original Message----- >> From: Russ Housley <housley@vigilsec.com> >> Date: Monday, 13 January 2020 at 18:29 >> To: John Mattsson <john.mattsson@ericsson.com> >> Cc: EMU WG <emu@ietf.org> >> Subject: Late WGLC Comment on draft-ietf-emu-eap-tls13 >> >> John: >> >> Section 2.1.1 says: >> >> Pre-Shared Key (PSK) authentication SHALL NOT be used except >> for resumption. >> >> I would rather this say: >> >> Pre-Shared Key (PSK) authentication SHALL NOT be used except >> for resumption or in conjunction with the "tls_cert_with_extern_psk" >> extension [ID-ietf-tls-tls13-cert-with-extern-psk]. >> >> Russ >> >> >> > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu
- [Emu] EAP questions (RE: POST WGLC Comments draft… Owen Friel (ofriel)
- Re: [Emu] EAP questions (RE: POST WGLC Comments d… Alan DeKok
- [Emu] BRSKI-TEAP vs regular connection (was Re: E… Michael Richardson
- Re: [Emu] EAP questions (RE: POST WGLC Comments d… Owen Friel (ofriel)
- Re: [Emu] EAP questions (RE: POST WGLC Comments d… Alan DeKok
- [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls… Russ Housley
- Re: [Emu] BRSKI-TEAP vs regular connection (was R… Eliot Lear (elear)
- Re: [Emu] BRSKI-TEAP vs regular connection (was R… Michael Richardson
- Re: [Emu] BRSKI-TEAP vs regular connection (was R… Eliot Lear (elear)
- Re: [Emu] BRSKI-TEAP vs regular connection (was R… Michael Richardson
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… John Mattsson
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… Russ Housley
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… Mohit Sethi M
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… Russ Housley
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… John Mattsson
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… Mohit Sethi M
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… Alan DeKok
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… Owen Friel (ofriel)
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… Alan DeKok
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… John Mattsson
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… Alan DeKok