Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-07.txt
John Mattsson <john.mattsson@ericsson.com> Sat, 21 September 2019 08:55 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31276120929 for <emu@ietfa.amsl.com>; Sat, 21 Sep 2019 01:55:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nLRMpBdzBlmq for <emu@ietfa.amsl.com>; Sat, 21 Sep 2019 01:55:01 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40050.outbound.protection.outlook.com [40.107.4.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7C6A120227 for <emu@ietf.org>; Sat, 21 Sep 2019 01:55:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D0gwNt1ZfERKwV3Qze+CO3o1mriPeLGlHsh9Df1GI9UlxJj8sIuW9aliW0rD09CzPoNqID+x7nBj+XR4Xx9N89ePD/TbUNIY1crXYd0yFOx6t4uld1QPOnXCdzAMAN1l9rwaDu37M9nTTLQMK0apyD009n47gja/L94+o74cb+Nq6eSpT5a90zp2XanmD+jQya2nGNicy5IgoW0CqSJEIsx4pvDsyNRgdgLaqxMxdlAF9RNkGxNHf2/7+PkYANXLCc28CLXCDHlsL5C/Ca9uSttD/jiLufVT5cycNCr9dihNgVo3uLsuSOFk65kL85fAk7/pTsdztMgm9w6cTOh9MA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CLJQ+8TEFfxVP2BT9ig7UqxP+kFKgLOeThcFIEboZd0=; b=BgJ+Wys4ADLf/Nqhdqi6BuR7Qxuucj3ISs6yAbUkCP027RoKFlwYnsA0fGiae0DWOf5Q/HMEmAAiJ8KgqQljSbIiJ/lLmMRh1+smSDdn1VWspL1trG+C4VNGRsiXKc3P/IUAJsYTXyqxY/5uneRExQB8iUPiR5rubnU403vO+8BB3U3ryusN6PCyPMtLGLCi502bdHsqMS5GEUsGdIZHaMYvS8Ni9SbqhISRz768uAnRAdnCHVJZU0Gv0QOMnT7a6Kz9vWmH1emd8c+CXrFlUkIaNLoF4C+0GAWdI9lHh43w2ahTT4ZT1eqUvycC0DtHsCBfUfo0Z/OoAWNgcxB3Uw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CLJQ+8TEFfxVP2BT9ig7UqxP+kFKgLOeThcFIEboZd0=; b=TLzOOnpFZo6xu88GYxEFw3HGqsuHNDX2SExKr/kxXrHbVHObfVm7v3+qHjyCbjHocGV4TDHGQJGcPNqVxGTN5IE4XUHl73bBpA8IhuS6Ev1tTq58Lh5uRquDKy0bwzNEMBXQ9a4vAa4sd3NwwH7I+BWoDz0AjK5cdtDfkdguGwg=
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.165.153) by HE1PR07MB3465.eurprd07.prod.outlook.com (10.170.247.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.11; Sat, 21 Sep 2019 08:54:58 +0000
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef%6]) with mapi id 15.20.2284.023; Sat, 21 Sep 2019 08:54:58 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "emu@ietf.org" <emu@ietf.org>
Thread-Topic: [Emu] I-D Action: draft-ietf-emu-eap-tls13-07.txt
Thread-Index: AQHVcFgKD8ZQZeSknEKkvHUpOLrQDKc19VIA
Date: Sat, 21 Sep 2019 08:54:57 +0000
Message-ID: <189DB4A5-D63E-4AF7-AB45-EB39DB46CF84@ericsson.com>
References: <156905513812.22986.12652600171760389302@ietfa.amsl.com>
In-Reply-To: <156905513812.22986.12652600171760389302@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1d.0.190908
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [82.214.46.143]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 05b2f417-4ddc-4320-eddd-08d73e716153
x-ms-traffictypediagnostic: HE1PR07MB3465:
x-ms-exchange-purlcount: 6
x-microsoft-antispam-prvs: <HE1PR07MB34653E1D9542C1B7F2BEF8A0898B0@HE1PR07MB3465.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0167DB5752
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(376002)(346002)(396003)(39860400002)(136003)(199004)(189003)(13464003)(305945005)(99286004)(71190400001)(71200400001)(58126008)(66476007)(186003)(7736002)(36756003)(6916009)(316002)(76176011)(14444005)(66946007)(102836004)(66446008)(64756008)(25786009)(66556008)(6246003)(76116006)(6306002)(66066001)(478600001)(6512007)(6436002)(5640700003)(2906002)(81156014)(86362001)(8936002)(486006)(66574012)(2501003)(966005)(14454004)(6486002)(26005)(91956017)(256004)(33656002)(81166006)(6506007)(229853002)(476003)(2616005)(2351001)(1730700003)(11346002)(3846002)(6116002)(5660300002)(44832011)(446003)(8676002)(574754004); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3465; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: gLJsvlhoecjaFZbwXhN1XpxD1QCTU5NiwTg6gs8GmgIL3OoQ6/QWSTz9sKj7ALAWjrClbAASOyhForgeubFxz7ecuOuTskN44bX1mJjJ7Y/6kNWgA+mUsMtyykx2VtvCpGfvfdwjf2G+3db5HTd2POA+F3p1/LunlJtUz/CnONE3LKMwtceZWlQdxobhJYddmjlNkYHxBa6831QlsOcPu23nVrbrKAGlwHEQbLV2ZKaiiPqIwsfQDFO9f96j9cZrsVNfHKQbBudnCN6DzUfSaL71PYJIx32Jn12wR7IJNW2WvjS95/aQjgAH2Ra0k3FX/+HCN78zMAVAVGu2r2mUqTV/WJEYm3AamYPljxsLkza2jw2HZJ4dl7i+L1j/P5D9RioRQXeUqldjlHXY355wJy6oFSgvWuDlc1p4sU7zjBc=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <D35D5918B7E8F34D883452545F5B4219@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 05b2f417-4ddc-4320-eddd-08d73e716153
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Sep 2019 08:54:57.9912 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: WalFLzzzuqBaTro/lLBeaSxf33TbnQ6otFuGm0kH7/Asn77HpQwvcWG7lKd0mMT9Ht64Hj0XAyFd/S7BrrtEBZxSkSWckzL8PjU6TSRfYYs=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3465
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/VZGDyUPGCTvv1rv76CRH5iFHlho>
Subject: Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-07.txt
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Sep 2019 08:55:04 -0000
The changes from -06 to -07 are based on the comments from Jim and Alan - Mention record padding where it makes sense (introduction, state machine, and privacy considerations) - Mention that fig 1 contains neither HelloRetryRequest nor Post-Handshake messages - Use the term Commitment Message instead of TLS Application Data - Some additional clarifications and rewordings in sections 2 and 5.7 - References to Sections 4.2.11, 8.1, 8.2, and C.4 of RFC 8446 - Reference to draft-ietf-emu-eaptlscert The only remaining discussion is about the TLS PSK mode. I made an issue for this on Github: https://github.com/emu-wg/draft-ietf-emu-eap-tls13/issues/10 Right now there seems to be disagreement about technical things like the security properties of the different EAP methods. Right now I think we need a better understanding regarding the security offered by the different method and what the use cases we would like to solve (PSK and/or password) (tunnelled and/or non-tunnelled). Cheers, John -----Original Message----- From: Emu <emu-bounces@ietf.org> on behalf of "internet-drafts@ietf.org" <internet-drafts@ietf.org> Reply to: "emu@ietf.org" <emu@ietf.org> Date: Saturday, 21 September 2019 at 10:39 To: "i-d-announce@ietf.org" <i-d-announce@ietf.org> Cc: "emu@ietf.org" <emu@ietf.org> Subject: [Emu] I-D Action: draft-ietf-emu-eap-tls13-07.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Using EAP-TLS with TLS 1.3 Authors : John Preuß Mattsson Mohit Sethi Filename : draft-ietf-emu-eap-tls13-07.txt Pages : 28 Date : 2019-09-21 Abstract: This document specifies the use of EAP-TLS with TLS 1.3 while remaining backwards compatible with existing implementations of EAP- TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 further improves security and privacy by mandating use of privacy and revocation checking. This document updates RFC 5216. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-07 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13-07 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-07 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
- [Emu] I-D Action: draft-ietf-emu-eap-tls13-07.txt internet-drafts
- Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-07… John Mattsson