Re: [Emu] New Version Notification for draft-ietf-emu-eap-tls13-00.txt
Jouni Malinen <jkmalinen@gmail.com> Thu, 31 May 2018 21:48 UTC
Return-Path: <jkmalinen@gmail.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AB02131C41 for <emu@ietfa.amsl.com>; Thu, 31 May 2018 14:48:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S5ty9fQseCuw for <emu@ietfa.amsl.com>; Thu, 31 May 2018 14:48:32 -0700 (PDT)
Received: from mail-wr0-x22e.google.com (mail-wr0-x22e.google.com [IPv6:2a00:1450:400c:c0c::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3D531317F8 for <emu@ietf.org>; Thu, 31 May 2018 14:48:31 -0700 (PDT)
Received: by mail-wr0-x22e.google.com with SMTP id v13-v6so22690520wrp.13 for <emu@ietf.org>; Thu, 31 May 2018 14:48:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=MbflVyIPqXPzh7WfoUVZTSpSB702ESzkkIBdRwee0iU=; b=hIbp20XYA75N3TKOrTqsykWhuXqf0rrgxYC/d931OYg4FSCSN0W1v2KP1FySHLEfub pyK5k/AaX8PIODLx7Yj2gMg91FWDbd3ktQzj/Uy/tJTbS8UidNO8LSd0X+qin3o0flYM f9zqF0zyxeV0A/dXeLvEUnp49F/vm6SUAbythDje0uQxl06fFCdDKzQpRQvmtesVCu0X gZQkseAbbKWw5ALd1ES3/EIh4sv2zvE/kyITlWhIb4/ulY76eQHbVnkPSrLgzb1yGRsm BaqoUPgJNMg7PhGGrGfXZuXKR5Bq/aAHeiH/adtLMiR82odKKXXfZP+RNQDvjhINEkbW rwMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=MbflVyIPqXPzh7WfoUVZTSpSB702ESzkkIBdRwee0iU=; b=VhLjlUDbHtRpYtzZF54gERVM6lAlEtQhnhyDYB8Ny4lqGXsZLKReuX35ddJN1YyaWl 81MqObs6Z5nuhr7xW+a/8zAL/JnyRbXITZJJG9sHJRuWEFtne8Nq0mc4yp7KNIlnURIo 1+O9QIMH35N57DHxxE2CRC4V87B1XCZ1bgjEZlEoDTM4N9wrQRYBb38wtADyOVPG3Blx TFlbXZ/Zbq4TpQ4aopaFzHmUxgNYJsnzxGkuLmboPGpQnKKXCgsVab8O/80WN+6QD1F+ kVjCDWd/sMRxN7pHn9UnJDzGKsIVDmrFq3DktLKTMsI7yarMyRMVwJt8NuimiyIHGh4J CzWA==
X-Gm-Message-State: ALKqPweHolTYyizUN45N18yQlQ5jb1Qd5c7vuMc5Ksfubx3xfjVCv3up +CqgLwp0TbzayGhNUsZ4qE9UTDlDNRS6pXhn3Sozag==
X-Google-Smtp-Source: ADUXVKIajy36uox9RnkUujFjs9RO2ocClgxYDA58ScZPEeNqNz5wBjoTKxgjBhtKkBGbdEqnFPTpuME0NgSTodpksUs=
X-Received: by 2002:adf:ec4d:: with SMTP id w13-v6mr6403512wrn.222.1527803310177; Thu, 31 May 2018 14:48:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a7b:c013:0:0:0:0:0 with HTTP; Thu, 31 May 2018 14:48:29 -0700 (PDT)
In-Reply-To: <D1B52763-CE34-4CAF-A94A-51F96EF84F2C@ericsson.com>
References: <152769860980.27836.9925201818758452856.idtracker@ietfa.amsl.com> <D1B52763-CE34-4CAF-A94A-51F96EF84F2C@ericsson.com>
From: Jouni Malinen <jkmalinen@gmail.com>
Date: Fri, 01 Jun 2018 00:48:29 +0300
Message-ID: <CANe27jK_23vKxwcReKXqH6NjiCP1XJwABpJAynuxZ0Xt1R+MNA@mail.gmail.com>
To: John Mattsson <john.mattsson@ericsson.com>
Cc: "emu@ietf.org" <emu@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000970199056d876d33"
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/SBdblHmLQTbBwoZHK8Rih-g5ne8>
Subject: Re: [Emu] New Version Notification for draft-ietf-emu-eap-tls13-00.txt
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2018 21:48:35 -0000
On Thu, May 31, 2018 at 2:45 PM, John Mattsson <john.mattsson@ericsson.com> wrote: > Except editorials, the main change is that the Exporter labels has been > changes to conform with RFC 5705 and that the labels are now to be > registered by IANA as they should be. > > Review and comments are very welcome. Preferable so that they can be > included in a -01 version before Montreal. > Based on implementation experiment of this (or well, the previous draft, so with the old labels), the most inconvenient part of this design was the way the session resumption is handled in TLS v1.3. When that is mapped to EAP-TLS in the way it is in this draft, the peer has no idea whether the NewSessionTicket is delivered after ClientFinished. In other words, the next message in the sequence could be either continuation of EAP-TLS method or EAP-Success. This means that the peer cannot use methodState=DONE, decision=UNCOND_SUCC per RFC 4137 state machine whenever using TLS v1.3 (while being able to continue to use that combination with TLS v1.0, v1.1, and v1.2). Instead, for TLS v1.3, methodState=MAY_CONT, decision=COND_SUCC needs to be used. While this may not sound very critical, it was a bit inconvenient to have make that behavior conditional on the TLS version. Would there be any way of avoiding this uncertainty about the next message on the client side within the EAP-TLS method itself? If not, I might as well as bring up another comment regarding the extra round trip from this NewSessionTicket delivery. That does not look very efficient. If we would not care about layering between the EAP method and EAP peer/server implementation, NewSessionTicket could actually be piggybacked on top of the EAP-Success message.. Sure, that would require a change in the EAP-Success definition, but this would remove this undesired uncertainty about the next message in the sequence and would get rid of one extra roundtrip in the exchange which could be a significant reduction in overall latency for the handshake. Having to change the MSK/EMSK derivation just for the sake of getting a new label string into use based on the TLS version is also a bit inconvenient. This is obviously assuming that the previous implementation was already using TLS-Exporter interface. In general, it would have been nicer if existing EAP-TLS implementations would work simply by updating the TLS implementation from v1.2 to v1.3. Anyway, if any one of these change is going to be needed in the end, the EAP method implementation will need to be made aware of the negotiated TLS version and other changes are coming with somewhat reduced implementation complexity. - Jouni
- Re: [Emu] New Version Notification for draft-ietf… John Mattsson
- Re: [Emu] New Version Notification for draft-ietf… John Mattsson
- Re: [Emu] New Version Notification for draft-ietf… Jouni Malinen