Re: [Emu] [Technical Errata Reported] RFC7170 (6157)
Eliot Lear <lear@cisco.com> Wed, 20 May 2020 13:56 UTC
Return-Path: <lear@cisco.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE1F73A0A01 for <emu@ietfa.amsl.com>; Wed, 20 May 2020 06:56:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xg3JUb05Jfve for <emu@ietfa.amsl.com>; Wed, 20 May 2020 06:56:52 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CC303A09F8 for <emu@ietf.org>; Wed, 20 May 2020 06:56:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=18085; q=dns/txt; s=iport; t=1589983012; x=1591192612; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=z7w/WYAHu90rNIoLma0GKsPwS3k2fSAqhkPfZv+H26c=; b=LyyVwJm8b8t/F07VpiImNMKnkjJQTGoLzyMnMYiLIhGsbwebZZ1Z29qF +1WGlKJg5WhlA+ULrQCaBe3WBtFJsFKaJMxbJLNHKJ+JIHY8eWH0cqprg 3UxJ0QWc1xIFzpUb+eICpIXix5CDYl93YO6XiLs2xESjhKwqxfvH+eTdV c=;
X-IronPort-AV: E=Sophos; i="5.73,413,1583193600"; d="scan'208,217"; a="24049247"
Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 20 May 2020 13:56:50 +0000
Received: from dhcp-10-61-103-179.cisco.com (dhcp-10-61-103-179.cisco.com [10.61.103.179]) by aer-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 04KDun1C004337 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 20 May 2020 13:56:49 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <71B273AC-A87A-4662-90CA-BFF6503A0F5D@cisco.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_ED969EBA-715D-4690-BFB4-4FE8A4FE71AA"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Wed, 20 May 2020 15:56:48 +0200
In-Reply-To: <20200509002042.GZ27494@kduck.mit.edu>
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, hzhou@cisco.com, ncamwing@cisco.com, jsalowey@cisco.com, steve.hanna@infineon.com, rdd@cert.org, joe@salowey.net, mohit.m.sethi@ericsson.com, emu@ietf.org
To: Benjamin Kaduk <kaduk@mit.edu>
References: <20200504102000.851D1F406F5@rfc-editor.org> <20200509002042.GZ27494@kduck.mit.edu>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
X-Outbound-SMTP-Client: 10.61.103.179, dhcp-10-61-103-179.cisco.com
X-Outbound-Node: aer-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/SUbWkh_lkeUUzG3ogTGZWtaxwSQ>
X-Mailman-Approved-At: Wed, 20 May 2020 12:13:19 -0700
Subject: Re: [Emu] [Technical Errata Reported] RFC7170 (6157)
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 May 2020 13:56:55 -0000
Hi Ben, My apologies for the delay. You are pointing out a separate issue that might need to be opened, but I will do my best to discuss below: > On 9 May 2020, at 02:20, Benjamin Kaduk <kaduk@mit.edu> wrote: > > On Mon, May 04, 2020 at 03:20:00AM -0700, RFC Errata System wrote: >> The following errata report has been submitted for RFC7170, >> "Tunnel Extensible Authentication Protocol (TEAP) Version 1". >> >> -------------------------------------- >> You may review the report below and at: >> https://www.rfc-editor.org/errata/eid6157 >> >> -------------------------------------- >> Type: Technical >> Reported by: Eliot Lear <lear@cisco.com> >> >> Section: 4.2.9 >> >> Original Text >> ------------- >> Status >> >> The Status field is one octet. This indicates the result if the >> server does not process the action requested by the peer. >> >> Corrected Text >> -------------- >> Status >> >> The Status field is one octet. This indicates the result if the >> party who receives this TLV does not process the action. >> >> Notes >> ----- >> The status field is carried in the "Request-Action" frame. As is repeatedly stated in the chapeau of the section, the frame can be sent either by the server or the peer. > > This looks like one where I can't pick up on the needed context just from > the section in question. The intent of the 'Status' field still seems > unclear: this text seems to suggest that it's a sort of "fallback" error > code to use if the request to perform an action is ignored. But that > doesn't make much sense if I also look at the text about: > > Two Request-Action TLVs MUST NOT occur in the same TEAP > packet if they have the same Status value. [...] > > Why am I not allowed to have two requests that would get the same treatment > if the request was ignored? I can’t answer this question authoritatively because I didn’t write the RFC (;-), and in general the language here is hard to parse. For instance, what does it mean for the request-action frame to have a PKCS#10 request in it? Does that mean that the receiving peer must either attempt to generate a PKCS#7 message or return the most fatal of (result(PKCS#7 generation),”Status”)? That doesn’t seem to make sense, because the conversation could continue if Status == non-fatal without the server having processed the request. On the other hand, sending a normal PKCS#10 frame seems to have nearly identical semantics. Eliot > > Thanks for helping me understand, > > Ben
- [Emu] [Technical Errata Reported] RFC7170 (6157) RFC Errata System
- Re: [Emu] [Technical Errata Reported] RFC7170 (61… Benjamin Kaduk
- Re: [Emu] [Technical Errata Reported] RFC7170 (61… Eliot Lear