IETF Logo Mail Archive

Re: [Emu] WG adoption call for draft-arkko-eap-aka-pfs

"Maisonneuve, Julien (Nokia - FR/Paris-Saclay)" <julien.maisonneuve@nokia.com> Fri, 21 December 2018 15:35 UTC

Return-Path: <julien.maisonneuve@nokia.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF7BF129AA0 for <emu@ietfa.amsl.com>; Fri, 21 Dec 2018 07:35:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.965
X-Spam-Level:
X-Spam-Status: No, score=-1.965 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GQ6cpVJ5baui for <emu@ietfa.amsl.com>; Fri, 21 Dec 2018 07:35:11 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0719.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1f::719]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B82312E04D for <emu@ietfa.amsl.com>; Fri, 21 Dec 2018 07:35:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O/aRxQqQW/YCXAIu6w11R5DNqNhmdlnmWf7Gh7IeLSQ=; b=OezGxdjJU8pl7t2izb80eMdf8/PuYcjOSl78AZ9Gv55pouJFHMHapNzWc5S4mUEekj9DPUnDjPtzHV0LRWgSG0mLtxnc2MLdn6OlI4Sod46NRxPrzy/qNLS8tbrfpPdyAYlFCZw72MsOqd5TeSzh16kd/SM1ouV5K3S9Y8zwI+8=
Received: from DB6PR07MB3464.eurprd07.prod.outlook.com (10.170.219.153) by DB6PR07MB4406.eurprd07.prod.outlook.com (10.168.24.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1471.13; Fri, 21 Dec 2018 15:35:00 +0000
Received: from DB6PR07MB3464.eurprd07.prod.outlook.com ([fe80::2044:e80a:a163:a7ff]) by DB6PR07MB3464.eurprd07.prod.outlook.com ([fe80::2044:e80a:a163:a7ff%2]) with mapi id 15.20.1471.012; Fri, 21 Dec 2018 15:35:00 +0000
From: "Maisonneuve, Julien (Nokia - FR/Paris-Saclay)" <julien.maisonneuve@nokia.com>
To: "emu@ietfa.amsl.com" <emu@ietfa.amsl.com>
Thread-Topic: [Emu] WG adoption call for draft-arkko-eap-aka-pfs
Thread-Index: AQHUmUK8/Vwiq+oeeUyjkrK+OOq0yA==
Date: Fri, 21 Dec 2018 15:35:00 +0000
Message-ID: <DB6PR07MB3464A066DD8E8C968D42777A92B80@DB6PR07MB3464.eurprd07.prod.outlook.com>
References: <DB6PR07MB34644E412C90AC5A7A4D9B5E92B80@DB6PR07MB3464.eurprd07.prod.outlook.com>
In-Reply-To: <DB6PR07MB34644E412C90AC5A7A4D9B5E92B80@DB6PR07MB3464.eurprd07.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=julien.maisonneuve@nokia.com;
x-originating-ip: [82.66.246.158]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB6PR07MB4406; 6:0zkMSpD+u8OsvEtTCHmoMRGoDOFeiJDZDzTNW6lGhhGMVipfKieh/0FtAsAfI8LdVkTarKgB/3VD/rURnWt8pmRm+TfBJL7kAyQ/13vhZNHdxsijW51pD9MUE5CrnVq1NvRAfFOInYKViCOL1giRNckT7PyG9u5dep5OoIYM1DH371BCGy46HXQAW9uk/uIwpbp+20TO0t3FBlWXxcsscw79pnDPybFGp7cx65ejb7SrQOMpi+wRE0smrfjsJ0uDOccyXZeL3ymMxnz5dcOonazlngH3ivrgWU8AqXBHBkzlUbo9dyf8BxJyVgl5qgICdXMbxtcKckxfriKgSBKJ+hgO/HnT+lcTjzG7ZANlcW3dRu2Ia31jN5osCLn+wjHA/62Hc7ToiBLd6GLpLvHAC9E3EhBfPPbO6xutovhoMQdqf5C0ihLkyV3Tx/9ZvQ600wM2ERfogtlqsLSjEZ+IGQ==; 5:+bqICGaudjLGAAHZbuPxXBqscri8wijcI8cCqEu2XuoQW5waucGnOBHXCur/Vtw9AQpo79Za0pviSQgUlmf3q2j7osFaxuPL7hNgEK1cRHGbEWprrNAd+DyUmxnvjISHrB6xtBNN2jmjFgrGAVE84QJcIxiDHllOLaggkOKmV6g=; 7:zz6vNur6ac6CMtYntuxwNNqOJx/Mm7LuJltXihCga4e7Kb2lfIcpW3xxphpDIjzSFCQYCBeDLg9ZcN9HRgBqHz6N7AHTBVNeUnK26Vr8L4w/PXdE3QfDoNfbcEHNFP4Bq4ZsGSl5NHNAdk5MJ4FYPw==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 6f758086-9704-4b9d-1f4b-08d66759deda
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7193020); SRVR:DB6PR07MB4406;
x-ms-traffictypediagnostic: DB6PR07MB4406:
x-microsoft-antispam-prvs: <DB6PR07MB440659AB6CD8324ECCE0696392B80@DB6PR07MB4406.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(999002)(11241501185)(806100)(5005026)(6040522)(2401047)(8121501046)(3231475)(944501520)(52105112)(93006095)(93001095)(3002001)(10201501046)(6055026)(149066)(150057)(6041310)(20161123558120)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(201708071742011)(7699051)(76991095); SRVR:DB6PR07MB4406; BCL:0; PCL:0; RULEID:; SRVR:DB6PR07MB4406;
x-forefront-prvs: 0893636978
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(136003)(346002)(396003)(376002)(39860400002)(189003)(199004)(8936002)(7736002)(7696005)(5660300001)(6246003)(76176011)(8676002)(478600001)(55016002)(102836004)(790700001)(6116002)(33656002)(14444005)(446003)(66066001)(11346002)(2501003)(3846002)(316002)(5640700003)(476003)(97736004)(2940100002)(6916009)(26005)(53936002)(93156006)(71200400001)(25786009)(81156014)(6506007)(6306002)(1730700003)(236005)(54896002)(81166006)(71190400001)(9686003)(186003)(68736007)(86362001)(99286004)(14454004)(6436002)(106356001)(2351001)(105586002)(256004)(74316002)(2906002)(229853002)(486006); DIR:OUT; SFP:1102; SCL:1; SRVR:DB6PR07MB4406; H:DB6PR07MB3464.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: T1GJ2zyD2UfLoB6rh0rn/89P/5ySDLqdE78sD0JcPsSMO4CO2alwkR3yFvzE7pfxl4tVYN2+7MC8o8PnXVq/fhWNK9yHyFTkZPlBEERXud3QlsZtlp/P3nb4sY1Rzzhdu61xkQBs/A3zpn9L1qt9X5D5YNLWSxE7WAwuYLM4IIC6hxaUtoKqGSjGbjSclmA3834iV7diF8LuSXWZ5Hw8KkdgHd0BS0d4EuXRt9ZOVd34XclXoXH3i8og8C1pTYrnsZ4NeLEvOK0OXXdJ1HjeTg7EtpHDfkojUVyD8VRLnoDuaorFNpTRQDa6JuaU+X81
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DB6PR07MB3464A066DD8E8C968D42777A92B80DB6PR07MB3464eurp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6f758086-9704-4b9d-1f4b-08d66759deda
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Dec 2018 15:35:00.7465 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR07MB4406
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/zvsHNAz43BLNR9Q8cCbx5El4CxM>
Subject: Re: [Emu] WG adoption call for draft-arkko-eap-aka-pfs
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Dec 2018 15:35:14 -0000

Hello,

Nevertheless this looks like a useful extension which can enhance security in 3GPP. As an option this at least this opens the possibility to gradually move towards PFS.
Best regards,
Julien Maisonneuve, Nokia Corporate Standards.



Jari Arkko <jari.arkko@piuha.net<mailto:jari.arkko@piuha.net>> Tue, 11 December 2018 16:23 UTC

Re: optional but everyone requiring a feature.

I think in this case the "can require everyone to do it" is probably far away in the future, in practice. Given that Release 15 does not require this extension, it only requires RFC 5448 EAP-AKA' (or the bis), this means that there will be lots of phones and networks that only do the base... if you mandated an extension you'd have lots of users having a problem connecting.

It is not completely unthinkable that at some point you'd be in a situation where there's enough deployment to start requiring something, but that would certainly be many years away. Plus some portion of 5G deployment happens in so called Option 3 model, which means no new core, no new protocols (incl. EAP) between the network and the UE. Before you can progress away from that and the RFC 5448-only modes, much time will pass.

Jari

v2.23.0 | Report a Bug | By Email