Re: [Emu] Alissa Cooper's No Objection on draft-ietf-emu-eap-tls13-13: (with COMMENT)
Mohit Sethi M <mohit.m.sethi@ericsson.com> Fri, 08 January 2021 09:00 UTC
Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D891B3A117A; Fri, 8 Jan 2021 01:00:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.613
X-Spam-Level:
X-Spam-Status: No, score=-2.613 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.262, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mVHpLJIhjZEi; Fri, 8 Jan 2021 01:00:34 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2063.outbound.protection.outlook.com [40.107.22.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1F753A1179; Fri, 8 Jan 2021 01:00:33 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gf7VqHr5DTKqObFhrJ/3U569e9V8qmhCWrz3bYUxflbhj5CGN1T90x6AnV0NbzoYq848F1C7/h5TkkoXq3hr9JPfInU4B4XlBtXlx7VzZa6kyi87kwn5cOumis4K6vOElHnKwL6XdBe47wDFhvhuI3h4oLzuv/RFXl9xsGBOad/uRyMv8Q8l2YkN1cr4nU8kPDaMjeAIjNGR8iRyTJmDd7tRARe9K5otWrKhp5LbD83sIZNZG8R0PJ9n2rX1U/wCvVTDrrlKLbkUlOlRuErwqIgHkDedDzO97pXPeq+OVX26kUnI0Yxalu2Y/PIuNjP+NkQ/Xxh0hvq88v04/Ht+6w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n+lI1chA+J/PiHvfCSejKVtgoG1ZM1VpUHCeCAelI5o=; b=jxQVlioW4ksNd/CYmXl9GHPuL0Qn9h7q6ZiPMkMseYqGMcQ2SC3dWFycvbRSoVoLWj6RpQ1/vjlw5ckUVYLHdPZc50jrWCmEXpzx5HwZ53mJsMf7vWKEtCI+wUJ0SDGntagp0e/rNuD9eBCHt1p+5NPEJvece8eHHBIX7d4EvPUbQ+b+Tod/fqZP2IuPCcstZXSdmT0Qp9LFbLOb7tMpW04QYn7h2cWVkFZXKh42w4T1Q83IZUPFYawSB0FCNJ/YqWBHE24PuzugVkZ/QZ6ntH5H0wQ2l3SaFSDSUIZCi/t5FrULWTduivPM5zGG94b5dJZLSWknzxwnrGLMhJcfKQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n+lI1chA+J/PiHvfCSejKVtgoG1ZM1VpUHCeCAelI5o=; b=AqLLjls3tHQk6Wv3YSPL3Iz3ZdQDINFfSaFMX4cgeSicV4mEEca7XW280I6Q4k7qZuKNVs/TH25MbJw/twB0RdEexyk9hBlnNuRUDKZmI/RUDylKozLf/iKyTBaMSGKwZJ5pmzsO76ckKQ10ZAsb3ZFnjYcCjahpyl3GQUsEXuw=
Received: from HE1PR0701MB2394.eurprd07.prod.outlook.com (2603:10a6:3:70::13) by HE1PR07MB4361.eurprd07.prod.outlook.com (2603:10a6:7:a0::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3763.2; Fri, 8 Jan 2021 09:00:30 +0000
Received: from HE1PR0701MB2394.eurprd07.prod.outlook.com ([fe80::a012:f1c5:3df:a9d7]) by HE1PR0701MB2394.eurprd07.prod.outlook.com ([fe80::a012:f1c5:3df:a9d7%12]) with mapi id 15.20.3742.010; Fri, 8 Jan 2021 09:00:30 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: Alissa Cooper <alissa@cooperw.in>, The IESG <iesg@ietf.org>
CC: "emu@ietf.org" <emu@ietf.org>
Thread-Topic: Alissa Cooper's No Objection on draft-ietf-emu-eap-tls13-13: (with COMMENT)
Thread-Index: AQHW5FgE1OHFAG/Bv0mjTQsTINBKP6odcLyA
Date: Fri, 08 Jan 2021 09:00:30 +0000
Message-ID: <7585c2af-d7b3-340a-ade8-e3036f39632b@ericsson.com>
References: <160995695905.13112.13401440105403738850@ietfa.amsl.com>
In-Reply-To: <160995695905.13112.13401440105403738850@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
authentication-results: cooperw.in; dkim=none (message not signed) header.d=none;cooperw.in; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [188.67.160.225]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c16c155f-88b2-4758-b842-08d8b3b3d9c2
x-ms-traffictypediagnostic: HE1PR07MB4361:
x-microsoft-antispam-prvs: <HE1PR07MB436118753D5950DCA67B2070D0AE0@HE1PR07MB4361.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: hPTHWP50r9dYuiXWmxiYqJnMcV2KJ2IUk3wWDHFpl9MyJl71T8Tp7s1z8NgICsaEnO77ayMi71JivzuJDyu9O2Su/7Rw/MsPsYvgyeunTUhZ2/lfI8zGxyiMAPMavDnFkQqYE+4VgpCDK9eM+nnEl9MmuxLcfJC/Fri9uRFgxv/6vVZYLNpoo5PncUN656IJrOKXuOYxQyVQ7EubZ2dfQwF5UQRdSdl2Iw0v2bxUoObF+DzmlecTcg//UuSk7q06S3i0EeDumYqRhFMPGQX4zLNgHEDITcQ/iDXe8lkb3isEUNYmUc17H1K41xBmYoaQiqbe/ccKoW2WkiDsmwXaMVk7I72yjRU4xZI/6wJWUk2DUE/1sdY9IKMalQB3id7bUmlvKxcaiefD8e4Y5Rm86NQ0VxCngXaBBybaWOpQn+Vp/OHlyKSyztZOdV3GkQ60THto5x1oBs2k2OWAmBPlnIrgQFFO/op7YinRWzQPVI5/NeCErtXykwYDwmu0hUxhN2xTesf/VJBbPdo/aItHNYN+RdPmiNwqhjdD+6AVUIpNoGMwZrr6dnuujOR+w3WK
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB2394.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(396003)(376002)(39860400002)(136003)(346002)(66476007)(5660300002)(64756008)(66446008)(71200400001)(66556008)(2906002)(31686004)(26005)(2616005)(186003)(6506007)(83380400001)(6512007)(6486002)(8676002)(8936002)(36756003)(53546011)(110136005)(66946007)(966005)(478600001)(76116006)(316002)(4326008)(31696002)(86362001)(43740500002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: ylJjbpvSQICvt5TSjYhnQftjzI4PKaVAY4bj6sRI/6UqMajiS+Xby1+JkpPDgLrd+9NFaE0cXAsrHS3rBuYXalcenpwadnTptQR6PR1O00nxP56wpPLpzibEbLTZW44A/7IHhZkUKNOt0kyOR3EuT30GmFBqeoGkClN/FuJukswBIisI3E/CJkzDd9dPi/8IB83yhbcntJnikU0PR9nIRfmvpZZwKNffzi+Ayo9gO7pf/BWHtppsoDkB7NLKaTpYnl/uezIbVDGNPCzNfSQTZk19BuThvJLm4kFMtC05ykKTO2wiH4pZJ0fhvG/GNhRh8Batd3T1To5etvL8yd9jN2ELYp1XKKb8u0Wzbp2//8ENpwkuga3ScUF1g7prqWGTHkEPvEB9W0psnK6+CrEVHjca7ORy6chsuCF5F6+OCq0u+L+3ihZzeEaQIcc9jSMWTWmdXzlgnnemLVjzhk5n4zZho8ftke/CW2OnFEw4CFswCdK7MBw5TomdjCDGwXTbKnLYDImQRIY9Qvr13I2Wxlr9Zg2V+nfiwWVz2ZrAWNZ8Ipi+GceMvCnAWLdV/jx8EcKGnsbihd0tIfGCzciiVLhzggx0O3g9fT3WW/swvydP2ZNeImqpyVY6URJmGkSGJoGRrfErIrOmHj9QbGyX6IeWrwpd5GbU8UFhFS7zomljVPESjNuvQX78LdmSzWTtVgdVCk0SvGzDtzt3vIb4ZXPHYU5d1+pJyE1izq0h4CpyL5d+5hyQyrC+inwGHUM1Ik9NkhnartZNnzEoXmhsrnAFnHeO1derSyY2hJolfyMfvnyzOnomsLo9ry9Y4UQ1BsrxiETw/GQZsuqTfnllJEWPB8WEIcKTzH47JbxkIZiUyU9ibsUe7tA70WjEvzK+6G7+cp8kcuk9trCQhf3PDb+0PYT+PdWhM1xxgJQcw6eStsU4pyXnQqwXnPIaHCnm4MVBFPre+zKozs/xDyPeLcJx1AsrM51iSzVxmsgTIP0=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <399881F3BF29B94BA60E1CCB4AF3EDD1@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB2394.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c16c155f-88b2-4758-b842-08d8b3b3d9c2
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Jan 2021 09:00:30.5260 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: T6RrvbbXcjU9esp7ba4MB1X2P538nu7m3+iYGh43A6xLc3ut6HZnSkkoIBmgmzVwCs09oM0Jd3dYM1WGwCTClQczQPdL23pIizIJTsMp+Sk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4361
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/WImQKPtLBE1-FlckHDBNRtiiyeY>
Subject: Re: [Emu] Alissa Cooper's No Objection on draft-ietf-emu-eap-tls13-13: (with COMMENT)
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jan 2021 09:00:36 -0000
Hi Alissa, Thanks for your review. I think this commit should address your comments: https://github.com/emu-wg/draft-ietf-emu-eap-tls13/commit/69dab07b0b1c4dbb303e757c7e06ec6f4775e960 I have also explained the changes made in-line. --Mohit On 1/6/21 8:15 PM, Alissa Cooper via Datatracker wrote: > Alissa Cooper has entered the following ballot position for > draft-ietf-emu-eap-tls13-13: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Section 2.1.3: > > “When NAI reuse can be done without privacy implications, > it is RECOMMENDED to use the same anonymous NAI in the resumption, as > was used in the original full authentication. E.g. the NAI @realm > can safely be reused, while the NAI ZmxleG8=@realm cannot.” > > I think it would help to make this recommendation more specific. Does “without > privacy implications” mean without the username part? Or does it mean something > else? > > Should this text reference RFC 7542 for further context? The text is now updated to "When NAI reuse can be done without privacy implications, it is RECOMMENDED to use the same anonymous NAI in the resumption, as was used in the original full authentication [RFC7542]. For example, the NAI @realm can safely be reused since it does not provide any specific information to associate a user's resumption attempt with the original full authentication. However, reusing the NAI P2ZIM2F+OEVAO21nNWg2bVpgNnU=@realm can allow a potential attacker to associate a resumption attempt with the original full authentication." > > Section 5.7: > > “Where a good decision is unclear” —> “Where the decision is in doubt” (or > something like that; it isn’t obvious what a “good” decision is) The text is now updated to : " If a safe decision is not possible, EAP-TLS servers SHOULD reject the resumption and continue with a full handshake." > > >
- [Emu] Alissa Cooper's No Objection on draft-ietf-… Alissa Cooper via Datatracker
- Re: [Emu] Alissa Cooper's No Objection on draft-i… Mohit Sethi M