Re: [Emu] Question for draft-ietf-emu-tls-eap-types-03
Eliot Lear <lear@lear.ch> Sat, 03 July 2021 11:47 UTC
Return-Path: <lear@lear.ch>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65EF43A1065 for <emu@ietfa.amsl.com>; Sat, 3 Jul 2021 04:47:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.228
X-Spam-Level:
X-Spam-Status: No, score=-1.228 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, NICE_REPLY_A=-0.338, SPF_PASS=-0.001, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=lear.ch
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6-U1oZGwRU60 for <emu@ietfa.amsl.com>; Sat, 3 Jul 2021 04:47:38 -0700 (PDT)
Received: from upstairs.ofcourseimright.com (upstairs.ofcourseimright.com [185.32.222.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45AD33A1064 for <emu@ietf.org>; Sat, 3 Jul 2021 04:47:37 -0700 (PDT)
Received: from Lear-Air.local ([IPv6:2a02:aa15:4101:2a80:301b:2ce0:27da:f2a9]) (authenticated bits=0) by upstairs.ofcourseimright.com (8.15.2/8.15.2/Debian-18) with ESMTPSA id 163BlWRb035778 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Sat, 3 Jul 2021 13:47:33 +0200
Authentication-Results: upstairs.ofcourseimright.com; dmarc=none (p=none dis=none) header.from=lear.ch
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lear.ch; s=upstairs; t=1625312853; bh=3kY2yuwD47/4R6qvZ9fbv4rSFM/n/yIol3zmF653M78=; h=Subject:To:References:From:Date:In-Reply-To:From; b=eAtkFmqA8M8XlKV1aRR8xJ1yqfViOh46GOGsO7F95cxF2ig6npJPaF9oJUXz9NMIs ZMpxP6s/BvtUfL1WeGDGjEYeclZsdGp5glAWwoJUZSvR2wd24JCS61Nl7e4YtyQxJX zsvrdz0jTY/bz2M9/MCthQmDBH7lDSqyrspoUu5Q=
To: Alan DeKok <aland@deployingradius.com>, Tim Cappalli <Tim.Cappalli@microsoft.com>, EMU WG <emu@ietf.org>
References: <DB6D339A-710C-4EC4-9F8E-4B8602632AE1@deployingradius.com> <CABXxEz8EBUz_y1FmQTE9C8cpF+3vqy-mPCx8CnyUMZ72pNifAA@mail.gmail.com> <SJ0PR00MB1038767373E0DE9E3D7BE0DA95039@SJ0PR00MB1038.namprd00.prod.outlook.com> <C7DBE2EB-82BF-4229-B0AF-4BA48B2D45BC@deployingradius.com> <7332.1624927848@localhost> <4F79B7DB-7E55-4564-88AE-C6E2AF8FD293@deployingradius.com> <26359.1625006432@localhost> <BFA8E5C4-D368-41BF-AFA9-BAA35B666F8A@deployingradius.com> <a02d4815-dbfa-e0a0-99fb-0f53127f2fd1@lear.ch> <13DD39D5-57C4-48D2-868A-C4D530127095@deployingradius.com> <79e7dff7-c473-762f-b7f4-3d056b6953fe@lear.ch> <9235E3E6-1346-4481-A7C8-EEFEF4D56A7F@deployingradius.com> <SJ0PR00MB10384831490B8F890DE2FCC4951E9@SJ0PR00MB1038.namprd00.prod.outlook.com> <1A06136A-BA13-47A2-8C27-B6841F95D3CA@deployingradius.com>
From: Eliot Lear <lear@lear.ch>
Message-ID: <9e71b858-d5c6-8265-3c11-95d7d75cdeae@lear.ch>
Date: Sat, 03 Jul 2021 13:47:28 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <1A06136A-BA13-47A2-8C27-B6841F95D3CA@deployingradius.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="ptHmZxcom9WSaiO1L2an0bUB2VXlXq9KR"
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/QrkPQKorU-a9tgmPG2gOOXZqtLo>
Subject: Re: [Emu] Question for draft-ietf-emu-tls-eap-types-03
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Jul 2021 11:47:44 -0000
Hi Alan, I don't think Tim could be blamed for holding the view that there is a separation between specifications and how they are used. There's good and bad to the practice. The good is that the spec can be used in ways that the creators didn't intend, and thus perahsp there are fewer unnecessary constraints. On the other hand, not having a theory of operation section, as we do have in a good number of our specs, leads to people really not understanding when they are applicable, and perhaps more importantly, when they are not. All of this having been said, perhaps the best way to go forward is to have a requirements discussion in terms of the sorts of operations we would like to see as part of the authentication process – as opposed to elsewhere. I see tremendous opportunity here, to be honest. But it's a lot of work. Eliot On 03.07.21 13:35, Alan DeKok wrote: > > We have specs with Security Considerations, and implementation guidelines. They're a lot more than just what bits go on the wire. > > In general, a BCP is too late in the process. Vendors have already implemented the base spec, so what's "current" is a random grab-bag of stuff decided on by product managers, or by junior engineers. > > I've seen many, many, sites unable to deploy the security they want, due to a wide range of limitations in products. IMHO, these are security issues, and should be treated as such in the base specification. There should be clear guidance given on a wide range of issues, such as security, implementation, UI, workflow, etc. > > Not having those guidelines is a large source of income for me. But it is endlessly frustrating for everyone involved. I would prefer to help people build useful systems, instead of having them pay me to paper over issues in multiple products. > > Alan DeKok. > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu >
- [Emu] Question for draft-ietf-emu-tls-eap-types-03 Alan DeKok
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Oleg Pekar
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Tim Cappalli
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Alan DeKok
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Alan DeKok
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Tim Cappalli
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Alan DeKok
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Michael Richardson
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Alan DeKok
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Michael Richardson
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Alan DeKok
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Eliot Lear
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Alan DeKok
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Carolin Baumgartner
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Eliot Lear
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Tim Cappalli
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Alan DeKok
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Tim Cappalli
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Alan DeKok
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Eliot Lear
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Alan DeKok
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Carolin Baumgartner
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Eliot Lear
- Re: [Emu] Question for draft-ietf-emu-tls-eap-typ… Alan DeKok