IETF Logo Mail Archive

Re: [Emu] Working Group Last Call for TLS-based EAP types and TLS 1.3

Oleg Pekar <oleg.pekar.2017@gmail.com> Mon, 21 February 2022 09:27 UTC

Return-Path: <oleg.pekar.2017@gmail.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 067D23A0D4E for <emu@ietfa.amsl.com>; Mon, 21 Feb 2022 01:27:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.837
X-Spam-Level:
X-Spam-Status: No, score=-1.837 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jp3aQIa4UdNN for <emu@ietfa.amsl.com>; Mon, 21 Feb 2022 01:26:59 -0800 (PST)
Received: from mail-pg1-x52b.google.com (mail-pg1-x52b.google.com [IPv6:2607:f8b0:4864:20::52b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 414F83A0D49 for <emu@ietf.org>; Mon, 21 Feb 2022 01:26:59 -0800 (PST)
Received: by mail-pg1-x52b.google.com with SMTP id p23so13800319pgj.2 for <emu@ietf.org>; Mon, 21 Feb 2022 01:26:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=D9in9C02H+191rJsaEv1+oqYFSXxjKlg+zbDasxBJCI=; b=HJbtR1CUs19fyKYAQgcLjrzmyGUeOc54rMB59F5SHMEznQQ1Lvg4xQnXZWMr53fBeE wReBPG0NWBTlh20woCYxf+p2M+VMhuRSQPRnz+3sunMGzkKki6jMt8H4CT+PPcDL7Fwy HnnFq3cmeccVJobXFdLS41ZmVueuLcLEd6DvihXKlNWyNbCpMSS1TZV/aUIG4r71utF5 uQZ1z8AJL3h8lXUYapxkizfJhgVHrxLOt7SyACrDHglySOeRCkr//DWhBpH/bwrhtGpK X5PkDYpAf8GXrIVz/rgk9hPNqMcuCZlCdHu15p7mfOtYrbq3zTYHvMKmb+2SjdTpLXON jirQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=D9in9C02H+191rJsaEv1+oqYFSXxjKlg+zbDasxBJCI=; b=erLV6iY9JuUcgN1zx/7lMGD2XvDjdgd4+KC8OsZfdld3OAPAkSqOzEhFo9fBwRN1An mjZDfwKXhs08Epa3v4cukUjAlOTPPD8It8h16huFBjc7QgjCBxrW0AJiEpITp90UzEFr eVLjlnpmg4qxsR65Tyy6a6gNymUuetVFsMT7tBu7o4Va696FNO/+d3+6FyFJAn6Dpf4m jMMmipMyGcRZHXmizR8aFIY2887gDooxNJeC24VZ2Hzq8nz2KF6PtBsDFprRHPHsnYMf uALZrGFRx11Z87pD5nB6TBmKl84qbJYBbG+TneoJuagW4fkSF+V1bX75iK74fR9xtcgS oFLg==
X-Gm-Message-State: AOAM530/cTJah2vbx2ZF2oUySsXVQnEhHP5s7sb7/ht49MfFKUoBBuwx okaGfrVduz5pY2mmkc+PtPzZzG5yMa9HF2+4/wsv63bCNK0=
X-Google-Smtp-Source: ABdhPJyU/ti1g1euNJfLLHXff6AS3Q0W36UcA/Gx5mPWeP4jGSXeeRT/gKdoBy8A4PWi7Re8Bh+I/MJqVqb3LATo3dY=
X-Received: by 2002:a63:6c83:0:b0:364:5899:a34b with SMTP id h125-20020a636c83000000b003645899a34bmr15460284pgc.47.1645435618392; Mon, 21 Feb 2022 01:26:58 -0800 (PST)
MIME-Version: 1.0
References: <CAOgPGoAYB0RsHgq5cPqMD7aqdkZNJVTcsYF2_jrfPB+VO9fDGQ@mail.gmail.com>
In-Reply-To: <CAOgPGoAYB0RsHgq5cPqMD7aqdkZNJVTcsYF2_jrfPB+VO9fDGQ@mail.gmail.com>
From: Oleg Pekar <oleg.pekar.2017@gmail.com>
Date: Mon, 21 Feb 2022 11:26:46 +0200
Message-ID: <CABXxEz--jQ6cjhURVsCsBs6zNawcxphSCDqTvNUfQssyZ=PCdQ@mail.gmail.com>
To: Joseph Salowey <joe@salowey.net>, Alan DeKok <aland@deployingradius.com>
Cc: EMU WG <emu@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000088fe4c05d883d52d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/YELBJpBRMwmmTixnMSqemZD0q_o>
Subject: Re: [Emu] Working Group Last Call for TLS-based EAP types and TLS 1.3
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Feb 2022 09:27:04 -0000

Here are my two cents:

1) Section: 2.1. Key Derivation
   When talking about EAP types "Type = value of the EAP Method type"
suggest providing an example of a Type here so it will be clear what is it
about for the rest of the document (e.g. for PEAP Type is 0x19)

2) Here TLS-Exporter function is mentioned for the first time in the
document. Suggest to put a direct reference to the original document where
it is defined:
   "TLS-Exporter is defined in [RFC8446] section-7.5 as TLS-Exporter(label,
context_value, key_length) = HKDF-Expand-Label(Derive-Secret(Secret, label,
""), "exporter", Hash(context_value), key_length).
   This could help the reader to understand better what do the function
parameters mean and what does the function do. Such a reference to a PRF is
used in other documents (e.g. TEAP RFC 7170)

3) Section: 2.2 TEAP
"IMSK = TLS-Exporter("TEAPbindkey@ietf.org", EMSK, 32)" - this may be not
clear to the reader since this formula is effective when inner method
generates EMSK. It worth mentioning that in other case IMSK is selected per
TEAP RFC

4) In this sentence "For TLS 1.3, the hash function used is the same as the
ciphersuite hash function negotiated for HKDF" suggest saying "the MAC
function" instead of "the hash function"

5) Section: 2.3. FAST
"For FAST, the session_key_seed is also used as the key_block, as defined
in [RFC4851] Section 5.1" - suggest rephrasing to "For FAST, the
session_key_seed is also a part of the key_block..."

6) There are references to implement some EAP-FAST keys with TLS 1.3
similar to TEAP. I think the section about the specific protocol should be
self-contained since the reader may be interested in EAP-FAST but is not
familiar with TEAP. We should also specify the exact key derivation schemes
instead of referencing to TEAP. E.g. "T-PRF is replaced with TLS 1.3
TLS-Exporter function".

7) In addition, since TLS 1.3 allows session resumption using PSK, suggest
to explain explicitly why PAC cannot be supported anymore.

8) "EAP-FAST previously used a PAC, which is a type of pre-shared key
(PSK)" - it is more correct to say "PAC is a session ticket that contains
pre-shared key and other data"
Suggest also directly mentioning the PAC Provisioning RFC5422.

9) Section: 5. Implementation Status
"Implementors have demonstrated significant interest in getting PEAP and
TTLS working for TLS 1.3, but less interest in EAP-FAST and TTLS" -
probably the last method should be "TEAP"

10) Section: 7. IANA Considerations
"These labels are used only for TEAP" - should say "...for TEAP and FAST".

11) Section: 8.1. Normative References
RFC 5422 "Dynamic Provisioning Using Flexible Authentication via Secure
Tunneling Extensible Authentication Protocol (EAP-FAST)" is missing

12) Section: 2.5. PEAP
Some PEAP versions support CryptoBinding. PRF+ is used there so we should
mention that it is replaced with TLS-Exporter also.

13) Section: 3. Application Data
"behavior seen in earlier TLS versions/" - typo, should end with a dot
instead of a slash

14) Section: 3.1. Identities
"Using an anonymous NAI has two benefits. First, an anonymous identity
makes it more difficult to track users.  Second, an NAI allows the EAP
session to be routed in an AAA framework" - could you please explian what
does the second benefit mean?

15) "EAP servers MUST cause authentication to fail if an EAP peer uses an
anonymous "inner" identity for any TLS-based EAP method" - the word "inner"
identity should be always either with double quotes or without. It was
mentioned witout double quotes before and now with them.

16) If there is such a strict requirement "MUST fail" for anonymous
identity used inside the tunnel - then it worth defining exactly what is
anonymous identity

17) "The outer identity contains an NAI realm, which ensures that the inner
authentication method is routed to the correct destination." - suggest
explaining more on how NAI realm is used as outer identity. Should it be in
the form of "anonymous@my_ad.example.com" or in any other form?

18) "In general, routing identifiers should be strongly tied to the data
which they are routing" - could you please explain this sentence?

19) Suggest explaining explicitly what the routing identifier is.

20) "The inner identity can then be fully qualified (user name plus realm)
of the organization" - suggest to rephrase "The inner identity can then be
fully qualified name of the organization", since "fully qualified name" is
a standard term

On Fri, Feb 18, 2022 at 7:18 PM Joseph Salowey <joe@salowey.net> wrote:

> This is a working group last call for TLS-based EAP types and TLS 1.3. The
> document is available here:
> https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/
>
> Please review the document and provide comments by March 4, 2022
>
> Thanks,
>
> Joe and Mohit
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu
>

v2.23.0 | Report a Bug | By Email