Re: [Emu] Working Group Last Call for TLS-based EAP types and TLS 1.3
Oleg Pekar <oleg.pekar.2017@gmail.com> Mon, 21 February 2022 09:27 UTC
Return-Path: <oleg.pekar.2017@gmail.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 067D23A0D4E for <emu@ietfa.amsl.com>; Mon, 21 Feb 2022 01:27:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.837
X-Spam-Level:
X-Spam-Status: No, score=-1.837 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jp3aQIa4UdNN for <emu@ietfa.amsl.com>; Mon, 21 Feb 2022 01:26:59 -0800 (PST)
Received: from mail-pg1-x52b.google.com (mail-pg1-x52b.google.com [IPv6:2607:f8b0:4864:20::52b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 414F83A0D49 for <emu@ietf.org>; Mon, 21 Feb 2022 01:26:59 -0800 (PST)
Received: by mail-pg1-x52b.google.com with SMTP id p23so13800319pgj.2 for <emu@ietf.org>; Mon, 21 Feb 2022 01:26:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=D9in9C02H+191rJsaEv1+oqYFSXxjKlg+zbDasxBJCI=; b=HJbtR1CUs19fyKYAQgcLjrzmyGUeOc54rMB59F5SHMEznQQ1Lvg4xQnXZWMr53fBeE wReBPG0NWBTlh20woCYxf+p2M+VMhuRSQPRnz+3sunMGzkKki6jMt8H4CT+PPcDL7Fwy HnnFq3cmeccVJobXFdLS41ZmVueuLcLEd6DvihXKlNWyNbCpMSS1TZV/aUIG4r71utF5 uQZ1z8AJL3h8lXUYapxkizfJhgVHrxLOt7SyACrDHglySOeRCkr//DWhBpH/bwrhtGpK X5PkDYpAf8GXrIVz/rgk9hPNqMcuCZlCdHu15p7mfOtYrbq3zTYHvMKmb+2SjdTpLXON jirQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=D9in9C02H+191rJsaEv1+oqYFSXxjKlg+zbDasxBJCI=; b=erLV6iY9JuUcgN1zx/7lMGD2XvDjdgd4+KC8OsZfdld3OAPAkSqOzEhFo9fBwRN1An mjZDfwKXhs08Epa3v4cukUjAlOTPPD8It8h16huFBjc7QgjCBxrW0AJiEpITp90UzEFr eVLjlnpmg4qxsR65Tyy6a6gNymUuetVFsMT7tBu7o4Va696FNO/+d3+6FyFJAn6Dpf4m jMMmipMyGcRZHXmizR8aFIY2887gDooxNJeC24VZ2Hzq8nz2KF6PtBsDFprRHPHsnYMf uALZrGFRx11Z87pD5nB6TBmKl84qbJYBbG+TneoJuagW4fkSF+V1bX75iK74fR9xtcgS oFLg==
X-Gm-Message-State: AOAM530/cTJah2vbx2ZF2oUySsXVQnEhHP5s7sb7/ht49MfFKUoBBuwx okaGfrVduz5pY2mmkc+PtPzZzG5yMa9HF2+4/wsv63bCNK0=
X-Google-Smtp-Source: ABdhPJyU/ti1g1euNJfLLHXff6AS3Q0W36UcA/Gx5mPWeP4jGSXeeRT/gKdoBy8A4PWi7Re8Bh+I/MJqVqb3LATo3dY=
X-Received: by 2002:a63:6c83:0:b0:364:5899:a34b with SMTP id h125-20020a636c83000000b003645899a34bmr15460284pgc.47.1645435618392; Mon, 21 Feb 2022 01:26:58 -0800 (PST)
MIME-Version: 1.0
References: <CAOgPGoAYB0RsHgq5cPqMD7aqdkZNJVTcsYF2_jrfPB+VO9fDGQ@mail.gmail.com>
In-Reply-To: <CAOgPGoAYB0RsHgq5cPqMD7aqdkZNJVTcsYF2_jrfPB+VO9fDGQ@mail.gmail.com>
From: Oleg Pekar <oleg.pekar.2017@gmail.com>
Date: Mon, 21 Feb 2022 11:26:46 +0200
Message-ID: <CABXxEz--jQ6cjhURVsCsBs6zNawcxphSCDqTvNUfQssyZ=PCdQ@mail.gmail.com>
To: Joseph Salowey <joe@salowey.net>, Alan DeKok <aland@deployingradius.com>
Cc: EMU WG <emu@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000088fe4c05d883d52d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/YELBJpBRMwmmTixnMSqemZD0q_o>
Subject: Re: [Emu] Working Group Last Call for TLS-based EAP types and TLS 1.3
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Feb 2022 09:27:04 -0000
Here are my two cents: 1) Section: 2.1. Key Derivation When talking about EAP types "Type = value of the EAP Method type" suggest providing an example of a Type here so it will be clear what is it about for the rest of the document (e.g. for PEAP Type is 0x19) 2) Here TLS-Exporter function is mentioned for the first time in the document. Suggest to put a direct reference to the original document where it is defined: "TLS-Exporter is defined in [RFC8446] section-7.5 as TLS-Exporter(label, context_value, key_length) = HKDF-Expand-Label(Derive-Secret(Secret, label, ""), "exporter", Hash(context_value), key_length). This could help the reader to understand better what do the function parameters mean and what does the function do. Such a reference to a PRF is used in other documents (e.g. TEAP RFC 7170) 3) Section: 2.2 TEAP "IMSK = TLS-Exporter("TEAPbindkey@ietf.org", EMSK, 32)" - this may be not clear to the reader since this formula is effective when inner method generates EMSK. It worth mentioning that in other case IMSK is selected per TEAP RFC 4) In this sentence "For TLS 1.3, the hash function used is the same as the ciphersuite hash function negotiated for HKDF" suggest saying "the MAC function" instead of "the hash function" 5) Section: 2.3. FAST "For FAST, the session_key_seed is also used as the key_block, as defined in [RFC4851] Section 5.1" - suggest rephrasing to "For FAST, the session_key_seed is also a part of the key_block..." 6) There are references to implement some EAP-FAST keys with TLS 1.3 similar to TEAP. I think the section about the specific protocol should be self-contained since the reader may be interested in EAP-FAST but is not familiar with TEAP. We should also specify the exact key derivation schemes instead of referencing to TEAP. E.g. "T-PRF is replaced with TLS 1.3 TLS-Exporter function". 7) In addition, since TLS 1.3 allows session resumption using PSK, suggest to explain explicitly why PAC cannot be supported anymore. 8) "EAP-FAST previously used a PAC, which is a type of pre-shared key (PSK)" - it is more correct to say "PAC is a session ticket that contains pre-shared key and other data" Suggest also directly mentioning the PAC Provisioning RFC5422. 9) Section: 5. Implementation Status "Implementors have demonstrated significant interest in getting PEAP and TTLS working for TLS 1.3, but less interest in EAP-FAST and TTLS" - probably the last method should be "TEAP" 10) Section: 7. IANA Considerations "These labels are used only for TEAP" - should say "...for TEAP and FAST". 11) Section: 8.1. Normative References RFC 5422 "Dynamic Provisioning Using Flexible Authentication via Secure Tunneling Extensible Authentication Protocol (EAP-FAST)" is missing 12) Section: 2.5. PEAP Some PEAP versions support CryptoBinding. PRF+ is used there so we should mention that it is replaced with TLS-Exporter also. 13) Section: 3. Application Data "behavior seen in earlier TLS versions/" - typo, should end with a dot instead of a slash 14) Section: 3.1. Identities "Using an anonymous NAI has two benefits. First, an anonymous identity makes it more difficult to track users. Second, an NAI allows the EAP session to be routed in an AAA framework" - could you please explian what does the second benefit mean? 15) "EAP servers MUST cause authentication to fail if an EAP peer uses an anonymous "inner" identity for any TLS-based EAP method" - the word "inner" identity should be always either with double quotes or without. It was mentioned witout double quotes before and now with them. 16) If there is such a strict requirement "MUST fail" for anonymous identity used inside the tunnel - then it worth defining exactly what is anonymous identity 17) "The outer identity contains an NAI realm, which ensures that the inner authentication method is routed to the correct destination." - suggest explaining more on how NAI realm is used as outer identity. Should it be in the form of "anonymous@my_ad.example.com" or in any other form? 18) "In general, routing identifiers should be strongly tied to the data which they are routing" - could you please explain this sentence? 19) Suggest explaining explicitly what the routing identifier is. 20) "The inner identity can then be fully qualified (user name plus realm) of the organization" - suggest to rephrase "The inner identity can then be fully qualified name of the organization", since "fully qualified name" is a standard term On Fri, Feb 18, 2022 at 7:18 PM Joseph Salowey <joe@salowey.net> wrote: > This is a working group last call for TLS-based EAP types and TLS 1.3. The > document is available here: > https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/ > > Please review the document and provide comments by March 4, 2022 > > Thanks, > > Joe and Mohit > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu >
- [Emu] Working Group Last Call for TLS-based EAP t… Joseph Salowey
- Re: [Emu] Working Group Last Call for TLS-based E… John Mattsson
- Re: [Emu] Working Group Last Call for TLS-based E… Alan DeKok
- Re: [Emu] Working Group Last Call for TLS-based E… Russ Housley
- Re: [Emu] Working Group Last Call for TLS-based E… Alan DeKok
- Re: [Emu] Working Group Last Call for TLS-based E… Oleg Pekar
- Re: [Emu] Working Group Last Call for TLS-based E… Alan DeKok
- Re: [Emu] Working Group Last Call for TLS-based E… Jan-Frederik Rieckers
- Re: [Emu] Working Group Last Call for TLS-based E… Alan DeKok
- Re: [Emu] Working Group Last Call for TLS-based E… Heikki Vatiainen
- Re: [Emu] Working Group Last Call for TLS-based E… Alan DeKok
- Re: [Emu] Working Group Last Call for TLS-based E… Heikki Vatiainen
- Re: [Emu] Working Group Last Call for TLS-based E… Alan DeKok
- Re: [Emu] Working Group Last Call for TLS-based E… Hannes Tschofenig
- Re: [Emu] Working Group Last Call for TLS-based E… Heikki Vatiainen
- Re: [Emu] Working Group Last Call for TLS-based E… Karri Huhtanen
- Re: [Emu] Working Group Last Call for TLS-based E… Karri Huhtanen
- Re: [Emu] Working Group Last Call for TLS-based E… Alan DeKok