IETF Logo Mail Archive

RE: [Emu] Crypto-binding in TTLS-v0

"Nancy Winget \(ncamwing\)" <ncamwing@cisco.com> Thu, 16 August 2007 04:46 UTC

Return-path: <emu-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1ILXFp-0002dn-JT; Thu, 16 Aug 2007 00:46:41 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1ILXFo-0002VW-Ix for emu@ietf.org; Thu, 16 Aug 2007 00:46:40 -0400
Received: from sj-iport-3-in.cisco.com ([171.71.176.72] helo=sj-iport-3.cisco.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1ILXFn-00008V-Rc for emu@ietf.org; Thu, 16 Aug 2007 00:46:40 -0400
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-3.cisco.com with ESMTP; 15 Aug 2007 21:46:39 -0700
X-IronPort-AV: i="4.19,269,1183359600"; d="scan'208"; a="513992376:sNHT101271210"
Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id l7G4kdZ7006344; Wed, 15 Aug 2007 21:46:39 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id l7G4kLa9029219; Thu, 16 Aug 2007 04:46:34 GMT
Received: from xmb-sjc-222.amer.cisco.com ([128.107.191.106]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 15 Aug 2007 21:46:27 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Emu] Crypto-binding in TTLS-v0
Date: Wed, 15 Aug 2007 21:46:26 -0700
Message-ID: <08A9A3213527A6428774900A80DBD8D804AC37C8@xmb-sjc-222.amer.cisco.com>
In-Reply-To: <5F3AAFB2FEC5ED4AA6DE79A3E0B47D80061C13F5@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Emu] Crypto-binding in TTLS-v0
Thread-Index: AcfektFpOqH8oMANSTSC+dU82hk0MwAAT7aAAA08NNAAAOKgMAA81zvw
From: "Nancy Winget (ncamwing)" <ncamwing@cisco.com>
To: Ryan Hurst <Ryan.Hurst@microsoft.com>, Alan DeKok <aland@deployingradius.com>, Stephen Hanna <shanna@juniper.net>
X-OriginalArrivalTime: 16 Aug 2007 04:46:27.0575 (UTC) FILETIME=[680D1070:01C7DFC0]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=4347; t=1187239599; x=1188103599; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ncamwing@cisco.com; z=From:=20=22Nancy=20Winget=20\(ncamwing\)=22=20<ncamwing@cisco.com> |Subject:=20RE=3A=20[Emu]=20Crypto-binding=20in=20TTLS-v0 |Sender:=20; bh=AXGWod1MGn45IsfdCwEnEulA67+8JU4dXGBTWku2TX4=; b=Nsi0vUGMhTXIR/II4L/i+cdbaaxmCKJAMlM2e1J2OFMm5e3w6dihN+XJIu4ziHaomhQIlOZg cr3BBoIjQPg5mpCbfGK/+pwUG0W66MmYqXnz/IPCUg/tnQ9B97SuLntm;
Authentication-Results: sj-dkim-4; header.From=ncamwing@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 287c806b254c6353fcb09ee0e53bbc5e
Cc: emu@ietf.org
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Errors-To: emu-bounces@ietf.org

Hi Ryan,

Well, I thought presenting tunneled methods were in general out of scope
for the password based authentication.  But it is a viable means to
meeting the requirements.....which I believe, is what the design team
presented with PP-EAP.

My point is that if we contemplate TTLS as a working group item, we
should also be analyzing PEAP and EAP-FAST.  Though PEAP may not have as
much traction, I believe though EAP-FAST was instantiated after TTLS, is
also widely deployed and addresses some of the deployment challenges
(like crypto binding and the ability to establish tunnels without the
need of asymmetric crypto) that were presented by PEAP and TTLS.

	Nancy.

-----Original Message-----
From: Ryan Hurst [mailto:Ryan.Hurst@microsoft.com] 
Sent: Tuesday, August 14, 2007 4:45 PM
To: Nancy Winget (ncamwing); Alan DeKok; Stephen Hanna
Cc: emu@ietf.org
Subject: RE: [Emu] Crypto-binding in TTLS-v0

I agree that PEAPv0 is a orthogonal issue Nancy, did not mean to suggest
it was although in hindsight I can see how it might have read that way.

On the topic of TTLS as a EMU working group item, I am not opposed to
this as from the customer engagements I have had it appears to have a
very strong existing deployment across a number of customer segments and
from a protocol standpoint is pretty clean (It just needs a couple of
additions like CryptoBindings).

Ryan
-----Original Message-----
From: Nancy Winget (ncamwing) [mailto:ncamwing@cisco.com]
Sent: Tuesday, August 14, 2007 4:29 PM
To: Ryan Hurst; Alan DeKok; Stephen Hanna
Cc: emu@ietf.org
Subject: RE: [Emu] Crypto-binding in TTLS-v0


Publishing TTLS and PEAPv0 (and PEAPv1) is a worthy cause given that
there are deployments out there.  However, I think that is a different
item/issue than having it be taken as an EMU work item.  For instance,
it can be published as an informational RFC much the same way EAP-FAST
is now RFC 4851.

It is not clear why TTLS should become an EMU work item or standardized
as the means to deliver a strong password based method.  There are other
tunnel methods such as PEAP and EAP-FAST that can also meet the
requirements.  If we are discussing what would need to be
changed/updated to TTLS to meet the requirements, perhaps we should also
be evaluating PEAP and EAP-FAST as alternatives as they also meet the
requirements and perhaps more so than TTLS.

	Nancy.

-----Original Message-----
From: Ryan Hurst [mailto:Ryan.Hurst@microsoft.com] 
Sent: Tuesday, August 14, 2007 9:57 AM
To: Alan DeKok; Stephen Hanna
Cc: emu@ietf.org
Subject: RE: [Emu] Crypto-binding in TTLS-v0

I agree, I also want to see PEAPv0 published for the same reasons (I am
working on a draft of this, no ETA I can share at this time).

-----Original Message-----
From: Alan DeKok [mailto:aland@deployingradius.com]
Sent: Tuesday, August 14, 2007 9:47 AM
To: Stephen Hanna
Cc: emu@ietf.org
Subject: Re: [Emu] Crypto-binding in TTLS-v0

Stephen Hanna wrote:
> draft-funk-eap-ttls-v0-01.txt describes EAP-TTLSv0 as it has been 
> implemented by vendors and adopted by other SDOs. We plan to submit 
> this for RFC status as part of the ongoing effort to document popular 
> EAP methods as RFCs.

  I think this document should be published.  It's widely used, and
deserves documentation in the IETF process.

> As to your question about whether EAP-TTLSv0 is a chartered work item 
> for the EMU WG, that may depend in part on how the WG decides to 
> address the work item to deliver a strong password-based method. At 
> the EMU WG in Chicago, there were two proposals: my proposal to use 
> EAP-TTLSv0 with these new AVPs and another proposal to define a new 
> EAP method especially for this purpose. The results of a hum were 
> inconclusive and it was agreed to take this discussion to the email 
> list.

  I am in favor of EAP-TTLSv0 + new AVP's.

  Alan DeKok.

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email