Re: [Emu] draft-ietf-emu-eap-tls13-16.txt

Alan DeKok <aland@deployingradius.com> Fri, 18 June 2021 21:48 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1635B3A1059 for <emu@ietfa.amsl.com>; Fri, 18 Jun 2021 14:48:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UJmomncHE8PC for <emu@ietfa.amsl.com>; Fri, 18 Jun 2021 14:48:24 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0800B3A1056 for <emu@ietf.org>; Fri, 18 Jun 2021 14:48:23 -0700 (PDT)
Received: from [192.168.46.129] (24-52-251-6.cable.teksavvy.com [24.52.251.6]) by mail.networkradius.com (Postfix) with ESMTPSA id A5D6A12F; Fri, 18 Jun 2021 21:48:21 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <DB6PR0701MB30475BB3FE63914734BD8851890D9@DB6PR0701MB3047.eurprd07.prod.outlook.com>
Date: Fri, 18 Jun 2021 17:48:20 -0400
Cc: Joseph Salowey <joe@salowey.net>, Bernard Aboba <bernard.aboba@gmail.com>, Mohit Sethi M <mohit.m.sethi@ericsson.com>, EMU WG <emu@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <9CEC1DE4-253A-4B4B-AAC2-F59F8C72A4A8@deployingradius.com>
References: <CAOgPGoBXRAABeC_kCcCrsUPC03e8C_GGpzJHB+aWAue5sE=9zw@mail.gmail.com> <4789411B-9D6A-4A33-B465-DCEC2369E671@deployingradius.com> <BA5BC7E9-EC6F-4A10-9F19-284572AF2710@deployingradius.com> <ac3fda5a-65ef-0e57-fdb0-fffdc08bb9e1@ericsson.com> <4F473CF1-CE5C-4834-AF7E-7FCB2457B199@deployingradius.com> <CAOgPGoCoFRF-0uowFiVRtDyWATzr0d3pNKz7DJo5CDBesiDP5Q@mail.gmail.com> <7B957BC5-DEC4-48D6-A032-C8AC1CBFD210@deployingradius.com> <HE1PR0701MB3050725DA65963DCAB065A90890E9@HE1PR0701MB3050.eurprd07.prod.outlook.com> <63475285-E12B-43FA-9340-CCE99B50ECF9@deployingradius.com> <CAOgPGoA7HgsMPgUJi=2kNp7SMCQsXqted-3MoWcwr90T91E9ww@mail.gmail.com> <DB6PR0701MB30475BB3FE63914734BD8851890D9@DB6PR0701MB3047.eurprd07.prod.outlook.com>
To: John Mattsson <john.mattsson@ericsson.com>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/OuM-35HiiCCHG3uoh53P42hT700>
Subject: Re: [Emu] draft-ietf-emu-eap-tls13-16.txt
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jun 2021 21:48:29 -0000

On Jun 18, 2021, at 5:23 PM, John Mattsson <john.mattsson@ericsson.com> wrote:
> Joe: How about:
> "[4] Cryptographic Negotiation: The TLS layer handles the negotiation of cryptographic parameters. When EAP-TLS is used with TLS 1.3, EAP-TLS inherits the cryptographic negotiation of AEAD algorithm, HKDF hash algorithm, key exchange groups, and signature algorithm, see Section 4.1.1 of [RFC8446]."
>  
> John: I made a commit based on Joe’s suggestion to shorten this down. Having this text is a requirement from RFC 3748 if I am correct.

  That's good, thanks.

> Joe: Add note that "Section 2.2 has additional discussion on identities."
>  
> John: I added "Note that Section 2.2 has additional discussion on identities."

  Excellent.

> Joe: It's not clear what to add here.
>  
> John: Alan has a good point here. I suggest just deleting "While certificates may have long validity periods,". There is already text describing that certificates can have very short lifetimes.

  Sure, that works.

  The rest of the changes look good, thanks.

  Alan DeKok.