IETF Logo Mail Archive

Re: [Emu] More TEAP issues

"Owen Friel (ofriel)" <ofriel@cisco.com> Fri, 16 December 2022 11:43 UTC

Return-Path: <ofriel@cisco.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B47A8C14CE55 for <emu@ietfa.amsl.com>; Fri, 16 Dec 2022 03:43:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.598
X-Spam-Level:
X-Spam-Status: No, score=-14.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=NoVKRarL; dkim=pass (1024-bit key) header.d=cisco.com header.b=hDNtRZQm
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IsnOLzdhGbRa for <emu@ietfa.amsl.com>; Fri, 16 Dec 2022 03:42:55 -0800 (PST)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D21DC14CE53 for <emu@ietf.org>; Fri, 16 Dec 2022 03:42:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3556; q=dns/txt; s=iport; t=1671190975; x=1672400575; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=qg7I3FXKr512foS5RZAKoTRwJg65Kaa5dekqOGS1iFQ=; b=NoVKRarLLYujk4E2d2qzfzPfmo6WNL3gYbBPzs2BIcPIYD0iW/a+ZRYs iva/ySeu+y41N4Gxb5/4bn9PL3bR0zd0MDWrj84F3ezICFlYudA3SfIEK FxEkbYjlnGzevHj2gJjoQMc4kuTxphD3L+m8r79a+C0UoTdC/6TRAYuHo U=;
X-IPAS-Result: A0ADAAC9WJxjmIUNJK1aGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBQIE7BQEBAQELAYFaUoEFAlk6RYROg0wDhFBfiCEDgROad4EsFIERA1YPAQEBDQEBLgsLBAEBhQUCFoR3AiU0CQ4BAgQBAQEBAwIDAQEBAQEBAwEBBQEBAQIBBwQUAQEBAQEBAQEeGQUOECeFaA2GVgEBAQEDAQEQEREMAQEsCwELBAIBCBEEAQEBAgIRFQICAiULFQgIAgQBDQUIGoJcAYMiAwEPpi0BgT8Cih96gTKBAYIIAQEGBASBPAIQQZ0OAwaBFCwBiQ6DY4QxJxyBSUSBFUOCMDc+gmIBAQIBgRYvGhUogxg5gi6YQAqBQIEBaBw3A0QdQAMLOzIKQzUGBQxMKxobB4EKKgkfFQMEBAMCBhMDIgINKDEUBCkTDSkmawkCAyFhBQMDBCgtCSAEHAcVESQ8B1YSJQEEAwIPHzcGAwkDAh9UcAslJgUDCxUqRwQINgUGHDYSAggREg8GJkMOQjc2EwZcASoLDhMDUIFPBC9EgRoKAgQpKJkdXoEtAWtEJgQDTgIiOT1sEh0KKRGWDaxKCoNti1OVKBaiFIYwXpdCII0llE+FQAIEAgQFAg4BAQaBYjqBW3AVO4JnUhkPjiAZg1mFFIVKdQIBOAIHAQoBAQMJjDEBAQ
IronPort-PHdr: A9a23:fTQDORH6ozIDaMkZgyXyDJ1GfiYY04WdBeZdwpYkircbdKOl8tyiO UHE/vxigRfPWpmT8PNLjefa8sWCEWwN6JqMqjYOJZpLURJWhcAfhQd1BsmDBAXyJ+LraCpvG sNEWRdl8ni3PFITFtz5YgjZo2a56ngZHRCsXTc=
IronPort-Data: A9a23:DjMFcaIMb5ZLdQYjFE+R/5UlxSXFcZb7ZxGr2PjKsXjdYENS0jRVn zQaWmiDMv6KZjajet52OY/loBgEvMXWyN43QFAd+CA2RRqmiyZq6fd1j6vUF3nPRiEWZBs/t 63yUvGZcIZsCCW0Si6FatANl1EkvU2zbue6WbCs1hxZH1c+En570Ew7wYbVv6Yx6TSHK1LV0 T/Ni5W31G+Ng1aY5UpNtspvADs21BjDkGtwUm4WPJinj3eC/5UhN6/zEInqR5fOria4KcbhL wrL5OnREmo0ZH7BAPv9+lrwWhVirrI/oWFih1IOM5VOjCSuqQQ23fggLNYHV3wUmjOMtOFX5 /Nw6qK/HFJB0q3kwIzxUjFRFyV4eKZB4rKCeCH5us2IxEqAeHzpqxlsJBhpZstDpKAuWicXr qdwxDMlNnhvg8qxzqi6R+1EjcU4J86tN4Qa0p1l5WuGXKh3H8CcK0nMzdlmzTwyj+NJJtrTW pQGRTs2TwXJWhIabz/7D7pnzLv32RETaQZwpVeIjas6/2aVyxZ+uJDkNNPTdvSGSN1RmVeZo G3c9mj4HwpcP9uaoRKH9X+EnebLmjz2ScQUGaHQ3vpniUe7wmEaElsdVTOGTeKRg0q6XZdUL FYZv3N366Mz70esCNL6WnVUvUJooDYYVIRLC8Eh1jrO26zRyDe/KU45EQBOPYlOWNANeRQm0 VqAntXMDDNpsaGIRX/1yltyhW7vUcTyBTJfDRLoXTfp8PG4+9hq0UynosJLVf/r0IKkQFkc1 hjQ9EADa6MvYdnnPklR1XnDhz+qznQiZlFovlyMNo5JA/8QWWJIT4Ws7V6e5vFaIcPAFx+Kv WMPnI6V6+Vm4XCxeM6lHbRl8FKBvqnt3NjgbbhHRMBJG9OFoCfLQGyoyGsiTHqFy+5dEdMTX GfduBlK+LhYN2awYKl8buqZUpp1lPG6RIy/B6mENrKih6Sdkifao0mCgmbNgAjQfLQEzcnTx L/CK5/3VCZGYUiZ5GPsGLx1PUAXKtAWnDOPGs+TI+WP2ruFb3ndUqYeLFaLdYgEAFCs/m3oH yJkH5LSkX13CbSmCgGOqNJ7BQ5RdxATW8upw/G7g8beeGKK7kl7Va+IqV7gEqQ495loehDgo ivnBBQElAOj2xUq62yiMxheVV8mZr4nxVpTAMDmFQ3AN6QLCWp30JoiSg==
IronPort-HdrOrdr: A9a23:wHzCtKjcienPrG1xjmv/oqUgDXBQX2513DAbv31ZSRFFG/FwyP rBoB1L73DJYWgqNE3IwerwRJVpQRvnhPpICPoqTMiftW7dySeVxeBZnMbfKljbehEWmdQtrZ uIH5IOauEYSGIK8PoSgzPIXOrIouP3i5xA7N22pxwGIGEaCJ2IrT0JcDpzeXcGIzWucKBJba Z0kfA3wQZIF05nC/iTNz0gZazuttfLnJXpbVotHBg88jSDijuu9frTDwWY9g12aUIA/Z4StU z+1yDp7KSqtP+2jjXG0XXI0phQkNz9jvNeGc23jNQPIDmEsHfoWG0hYczDgNkGmpDs1L8Yqq iIn/7mBbU215rlRBD3nfIq4Xim7N9h0Q6l9bbSuwqcnSWwfkNKNyMGv/MBTvMcgHBQ5+2VF8 lwrjqkXtNsfGP9tTW46N7SWx5wkE2o5XIkjO4IlnRaFZATcblLsOUkjQto+bo7bVTHAbocYa BTJdCZ4OwTfUKRbnjfsGUqyNuwXm4rFhPDRkQZoMSa3zVfgXg8liIjtYYit2ZF8Ih4R4hP5u zCPKgtnLZSTtUOZaY4AOsaW8O4BmHEXBqJOmOPJlbsEr0BJhv22tXKyaRw4PvvdI0DzZM0lp iEWFREtXQqc0arEsGK1I0jyGG7fIx8Z0WY9ihz3ekNhlSnfsuZDcSqciFdr/ed
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.96,249,1665446400"; d="scan'208";a="27969687"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 Dec 2022 11:42:54 +0000
Received: from mail.cisco.com (xfe-rtp-005.cisco.com [64.101.210.235]) by alln-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 2BGBgs23028675 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Fri, 16 Dec 2022 11:42:54 GMT
Received: from xfe-aln-003.cisco.com (173.37.135.123) by xfe-rtp-005.cisco.com (64.101.210.235) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Fri, 16 Dec 2022 06:42:53 -0500
Received: from NAM02-DM3-obe.outbound.protection.outlook.com (173.37.151.57) by xfe-aln-003.cisco.com (173.37.135.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9 via Frontend Transport; Fri, 16 Dec 2022 05:42:53 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=H3uF/dfagNl2G+dUH0omR8yqwYr/qjTPT2Yifi/I0Wlx6xTEAzLSkt5RVMEpIgahwHbgBvDMWWvPMJYAWmo5/p8nsNGtS1/jQ0B7pPDWeMs9FitqMRx7waTzw7vbFiovd1pA+dAuuOf4eUdYeO9xGvK6KnpQAG14w8tIde2QwPiZBEVHXR8EMs+Fd7ux1a3Od9jfzCzn+RNpRUIl0ql80JlohuOi2sHhbH1WbFAv5upn09sRPX3BhJK68WhjNeZsToCAO7BRjk5axET8//j/nUAT3WDBrK5D1s71BqdtbbBq2A+PhC59XAZtivT1LBg0prZZ3Qm4ZIFrkluTlyu8UQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qg7I3FXKr512foS5RZAKoTRwJg65Kaa5dekqOGS1iFQ=; b=SszysRj95JyqyQrnGiMSUvsVWD94Nksgoh6fA0B3oRHTucSTtwkR+Nq8bV3yz/kvlxS1o7cQhbyLL4TQdGOqDCY+zv46Ij/Vbe1NgK5EKLjtLuSLnB1SpxBTehY6PukDnVC5Cw9Y80jZXp1gll/dNi/LdB9iQVVyPlm5elm66DmAa+91O3hqVHxgG/zJ01SFniMqgWGtUx8Jw9z0OT5j9dE9RwiHS5RCupPa5XH6yawX1xvgM05eBJpkjd+IDyrYGdJdX2oS/FueYfwyOfFoGTbI4RIBOVoDqB7G9incvRAdxep7Qywi/fBu6CHHOJe2JBFV7wy3x/4VbDGVCjPQ/Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qg7I3FXKr512foS5RZAKoTRwJg65Kaa5dekqOGS1iFQ=; b=hDNtRZQmNWvbHzwZHdDhqnGJBhEgzVMbDqdoNBlV3Y+BClXAfxD6VqcJYgR7PnFhqckbNwI5rD91Uct49VcQe6YzzUnOnZx1UiIBjj9wlLn85ZYEVU/xaY8aD/uSPUuvTFyoYa2SZ+uLrqPsMfpA0SRqrTIrhUuyHbEdSdaTyUY=
Received: from DS0PR11MB6445.namprd11.prod.outlook.com (2603:10b6:8:c6::11) by SJ0PR11MB5184.namprd11.prod.outlook.com (2603:10b6:a03:2d5::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.12; Fri, 16 Dec 2022 11:42:52 +0000
Received: from DS0PR11MB6445.namprd11.prod.outlook.com ([fe80::d17f:b9f6:3e91:4a8f]) by DS0PR11MB6445.namprd11.prod.outlook.com ([fe80::d17f:b9f6:3e91:4a8f%7]) with mapi id 15.20.5924.012; Fri, 16 Dec 2022 11:42:52 +0000
From: "Owen Friel (ofriel)" <ofriel@cisco.com>
To: Eliot Lear <lear@lear.ch>, Joseph Salowey <joe@salowey.net>, Alan DeKok <aland@deployingradius.com>
CC: EMU WG <emu@ietf.org>
Thread-Topic: [Emu] More TEAP issues
Thread-Index: AQHZBELefK3+RvAGoUuDYe32C6mpea5WqZYAgABWoYCAGXu74A==
Date: Fri, 16 Dec 2022 11:42:52 +0000
Message-ID: <DS0PR11MB6445F73386C2ACFB49E805C1DBE69@DS0PR11MB6445.namprd11.prod.outlook.com>
References: <449FBD6E-34F7-49A2-A9A1-72BD716E1DDA@deployingradius.com> <CAOgPGoCwk3UVq7Wv+1SNh8cQta70VegiNAz917aHVhvO2QtA7A@mail.gmail.com> <2fe44c6e-6450-2ce3-e4bd-88b4d22e53a0@lear.ch>
In-Reply-To: <2fe44c6e-6450-2ce3-e4bd-88b4d22e53a0@lear.ch>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DS0PR11MB6445:EE_|SJ0PR11MB5184:EE_
x-ms-office365-filtering-correlation-id: 939c9a6a-b8fc-4d72-b7b8-08dadf5aaa1d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: hNev/u5W8LIemVrmXS2tNSM4Ym++Vng5yuU+7dflSZEuoZ/YX72jOrFuQijDydSexUD1Xe/gB63ERUI0Ya5+B5UZx8c+RBXaM/BrAx8+e5Hx7mGgBLk8X7HrbsIPL5rb5ZZSqZJ5gVKuB8H08SZX/yNRchE4qAtmAi4I1fA55EeGbStDf8RoaPPcgGw5oG+yn9fi67f+YaObUP+K/sMxOYFoW4qFYpAapO2m2ZcC+qYfLsNmNTPq88PtRB4FATYGUHougDrV/hcV3bVqw4gzfOsOqjiYLAJFNnvsmY8Eo5IQSo7bR+l5LgVhnZXUlZ7WlU+bFhQw3gkd/G45k00W+cxA7gK5RKeagY2J8YMvl/ihtzd3VL+GE1SdDFO2in14gNG7F81lZ/QAVvFDvvuD+5OqbYCQJH61If1OMWcJB05lhILYimR0q3R4czwZ8PgmTxR+HXiop/F0iNb+XaBN3rdPAvYpp09UNxgSycJl/7741lDHVsdCBbJW9jfQK3zpiA1ax51YoFGBdhRskIpGXi7Kd2IJXiK7Dg2z5x74KPIyc856bPTEt0dyuk6gVV8EG4frO8qo3+/XPw0JxS9aHruSUURHbKXQKmAWu5JXwMB0d8qH5dESn4q2pZOxNCbdWWWZS4pJ18FaevYZM28V1TnSD0gGoTZF+VhUxhI+PXATaZaLjFgTQEAy4kibJWDoA7x/IPtLce+nRZOaKBpabwKy90dpie9FHt527c7boES6noe1lqM0PHOECCqjexXMlQzMBUdKDWUBQV2LmUGRCQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DS0PR11MB6445.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(136003)(376002)(366004)(39860400002)(346002)(396003)(451199015)(86362001)(66946007)(66446008)(8676002)(64756008)(38070700005)(4326008)(66476007)(66556008)(316002)(33656002)(76116006)(38100700002)(83380400001)(122000001)(71200400001)(2906002)(53546011)(966005)(186003)(26005)(9686003)(478600001)(6506007)(55016003)(7696005)(110136005)(41300700001)(5660300002)(52536014)(8936002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: YEuVQicaM3ojum9TQK542LOMrQZUCabWkMOq/ntZKcmD29eKkSfdsBzlbRIAI0G+bbmS8zFUD2jojmwvX4oFNiLJrIslljkUANxSt9NphT5AndtNrEfo2TL7D0eVDcOggS2zzTh3SUaQ8sxd4Um3HjvvIPcaoYY8OXQpm6Y7fIqE6960FO8WNb6R0UcrHE5gOuy7/2tsRqUzlohucNw1G3LV73ZPBk3gl5K97VCPiaibMtmpwF8/nm++QOp2h04ZczcmcTm62Hwp8gZFDdTWOg+TB+tziQOb9bjnGZSBkxqBBMa6Kx8I6LNOKUTOMwR0d7PDUOkqP+ubU0gO73IJ5SY+prgG3ob/WE71JUm0VkR3ejx1VdLxhADD8Et04B/f5n0LxV6qbu5zPhPalrHnhSMAHtl8BFXkd5MvRV9hUmtKOJa+qxktBRJsYQqkB4Yj/iddabkFMUQ4U6UyUVJg1igvqVIl5CU8l5EMl9Hc/Asgb4W8UVRCyzkZdmVFt96sIqSfWu2Y0oI9CEoVbZ4uBdC/LXFRP4KwR9Le2yWGJJ+QaQok0gh3jxP+0HmVLFL0muJUvebKIhMftKTMsGsla9Efupg7IQ82T57gzz4+GFAVWJ2xaRfN1BQDMOC8c76FxPrezK9x3/5O/bPfYfNfBErDiaXmUqzLt3GgE0giYQLUarw9eAxK59I8lVfzq1s6ZwmKzRr2pVurMw0J7r0ShWSnUeiWtcDapMKrq7WvZnDHDYiuTJAeu8U1qu1FRcceKZiUrybNmTJ8g6o1KRZLPxjOQ7rvYxRBdaSza0Fa1cAAExqnkFSJY/m23MXzUGqk3Y0yrNg1ITzh95lln2EDFM+gTISYrwZ4FJTtpTUBMCiy5/uKHQGxWEiohv3rOhXin9vslYibiDIaW+VnuVQcfo35zZJCn618vWphzBC4IY9nI+MFeCdiWNA0Bj+2W/xrEuQFs0eaQOLLty3WnaZX4zFQaVUJcbvjo4+k1FAJsRbQfG+spDtsXZo1M4ePZ6F/NNMx9uxK9zoJrHP/iE0ymWErhvs9rPoudxOp9Y6go8tlD6bXOBKWVVz8QdnMz/w8DL1A5u0gNNTaYPRKIHBIb/8G56mx6Kqpk7NV/7lQ1rfd6GU0AAxJLeCwRwIMyeXHjZaNQXZURKeG0tKHOEGfdrNvBZAm8+XMjF/1GKI7AVrLI5OZ122vMR9DPPfyxldwCEQkUJtQ85/8o8Z/5uyudcjU18xupIcwy+zg/BMR2vNwSu40Zg2+KLdUfFDIuAxJta8ZCUEkwIap+U4gx2IRIbeuxq6EdbO5tYVd0uGqfop1Bak0zug+7v2yFJ5MLEH7Ihs9iOD8kPm9ZKiF9/dhuYa0DU1O9EEDnPfygJio1NrsZNiH15tUMYbITcBUCEyCefLCAenZ2tZBx1hPuVp9NL21Q9dBkcNDc1vxMPRuJBjvKWo/Df537itn46AhaWcOwHlDQOfQ/IPoNHbibdZLkIcLfb/shyA3vm/FhaIMVxIJa4gDE/WOV5UkLEw5xBTsvjzetA+Sbj0fKTuigTvhbyRsBTZYcaE5sCDpRK1AONo=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DS0PR11MB6445.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 939c9a6a-b8fc-4d72-b7b8-08dadf5aaa1d
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Dec 2022 11:42:52.0315 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: UnW11G8RYSqyz5NR6ajMvIuzlgzII/f9CAAoBM1+P2K2XrE/4GCbLEbWhhzbUWsCc4RVAVf3gRzHnzWzhIOJ2Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB5184
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 64.101.210.235, xfe-rtp-005.cisco.com
X-Outbound-Node: alln-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/SsLugqGzX0G4-RIMSNyQXsNGixY>
Subject: Re: [Emu] More TEAP issues
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Dec 2022 11:43:01 -0000

There are a few useful TLVs defined in https://datatracker.ietf.org/doc/html/draft-lear-eap-teap-brski-06

CSR Attributes as Eliot has mentioned, as well as e.g. Retry-After TLV which could be useful if the TEAP server has to communicate with a backend CA to get a PKCS#10 CSR signed.

There is also a cert issuance use case that https://www.rfc-editor.org/rfc/rfc7170#section-3.8.2 does not account for. The section recommends using tls-unique channel binding in the PKCS#10 CSR so that server can verify that the client holds the private key associated with the public key in the CSR. This assumes that the public/private keypair were used in the outer tunnel TLS handshake. This makes sense if a client is using an LDevID to establish the TEAP tunnel, and wants to reenroll to get a new LDevID that has the same keypair e.g. the cert is about to expire.

It does not account for the bootstrapping use case where a client has a manufacturing time installed IDevID and needs a deployment-specific LDevID for network access. It establishes the outer tunnel using the keys in its IDevID, but is sending a PKCS#10 CSR with different keys. Therefore the proposed tls-unique binding will fail. Maybe addressing this (and the various TLVs proposed in draft-lear-eap-teap-brski) is too much to bite off in rfc7170bis and we need to revisit and address in draft-lear-eap-teap-brski.

-----Original Message-----
From: Emu <emu-bounces@ietf.org> On Behalf Of Eliot Lear
Sent: Wednesday 30 November 2022 06:24
To: Joseph Salowey <joe@salowey.net>; Alan DeKok <aland@deployingradius.com>
Cc: EMU WG <emu@ietf.org>
Subject: Re: [Emu] More TEAP issues

I'd support a revision as well.  See below:

On 30.11.22 02:14, Joseph Salowey wrote:
> [Joe] speaking as a participant, I'd be happy to assist with a 
> revision.  I think it is needed.  Most of the current errata are 
> tracked here - https://github.com/emu-wg/teap-errata/pulls. I think 
> the target would be to obsolete 7170 with a revision that just fixes 
> the errata and makes any needed clarifications.  We can also work on 
> posting the Errata, but the revised document would be more effective 
> at getting these issues fixed.

I'd also like to take some time to consider what additional TLVs may be required.  Right now there is an incongruence between TEAP and other protocols that sign certs in that there is no CSR attributes TLV.  There may be several others to consider.

Eliot

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email