RE: [Emu] Crypto-binding in TTLS-v0
"Nancy Winget \(ncamwing\)" <ncamwing@cisco.com> Thu, 16 August 2007 04:46 UTC
Return-path: <emu-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1ILXFp-0002f0-On; Thu, 16 Aug 2007 00:46:41 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1ILXFo-0002Wf-Nh for emu@ietf.org; Thu, 16 Aug 2007 00:46:40 -0400
Received: from sj-iport-2-in.cisco.com ([171.71.176.71] helo=sj-iport-2.cisco.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1ILXFo-00008W-0V for emu@ietf.org; Thu, 16 Aug 2007 00:46:40 -0400
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-2.cisco.com with ESMTP; 15 Aug 2007 21:46:39 -0700
X-IronPort-AV: i="4.19,269,1183359600"; d="scan'208"; a="392529145:sNHT100689576"
Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id l7G4kdkw006348; Wed, 15 Aug 2007 21:46:39 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id l7G4kLaD029219; Thu, 16 Aug 2007 04:46:39 GMT
Received: from xmb-sjc-222.amer.cisco.com ([128.107.191.106]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 15 Aug 2007 21:46:27 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Emu] Crypto-binding in TTLS-v0
Date: Wed, 15 Aug 2007 21:46:26 -0700
Message-ID: <08A9A3213527A6428774900A80DBD8D804AC37C9@xmb-sjc-222.amer.cisco.com>
In-Reply-To: <5F3AAFB2FEC5ED4AA6DE79A3E0B47D80061C13F5@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Emu] Crypto-binding in TTLS-v0
Thread-Index: AcfektFpOqH8oMANSTSC+dU82hk0MwAAT7aAAA08NNAAAOKgMAA81zvw
From: "Nancy Winget (ncamwing)" <ncamwing@cisco.com>
To: Ryan Hurst <Ryan.Hurst@microsoft.com>, Alan DeKok <aland@deployingradius.com>, Stephen Hanna <shanna@juniper.net>
X-OriginalArrivalTime: 16 Aug 2007 04:46:27.0793 (UTC) FILETIME=[682E5410:01C7DFC0]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=4347; t=1187239599; x=1188103599; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ncamwing@cisco.com; z=From:=20=22Nancy=20Winget=20\(ncamwing\)=22=20<ncamwing@cisco.com> |Subject:=20RE=3A=20[Emu]=20Crypto-binding=20in=20TTLS-v0 |Sender:=20; bh=AXGWod1MGn45IsfdCwEnEulA67+8JU4dXGBTWku2TX4=; b=Nsi0vUGMhTXIR/II4L/i+cdbaaxmCKJAMlM2e1J2OFMm5e3w6dihN+XJIu4ziHaomhQIlOZg cr3BBoIjQPg5mpCbfGK/+pwUG0W66MmYqXnz/IPCUg/tnQ9B97SuLntm;
Authentication-Results: sj-dkim-4; header.From=ncamwing@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 287c806b254c6353fcb09ee0e53bbc5e
Cc: emu@ietf.org
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Errors-To: emu-bounces@ietf.org
Hi Ryan, Well, I thought presenting tunneled methods were in general out of scope for the password based authentication. But it is a viable means to meeting the requirements.....which I believe, is what the design team presented with PP-EAP. My point is that if we contemplate TTLS as a working group item, we should also be analyzing PEAP and EAP-FAST. Though PEAP may not have as much traction, I believe though EAP-FAST was instantiated after TTLS, is also widely deployed and addresses some of the deployment challenges (like crypto binding and the ability to establish tunnels without the need of asymmetric crypto) that were presented by PEAP and TTLS. Nancy. -----Original Message----- From: Ryan Hurst [mailto:Ryan.Hurst@microsoft.com] Sent: Tuesday, August 14, 2007 4:45 PM To: Nancy Winget (ncamwing); Alan DeKok; Stephen Hanna Cc: emu@ietf.org Subject: RE: [Emu] Crypto-binding in TTLS-v0 I agree that PEAPv0 is a orthogonal issue Nancy, did not mean to suggest it was although in hindsight I can see how it might have read that way. On the topic of TTLS as a EMU working group item, I am not opposed to this as from the customer engagements I have had it appears to have a very strong existing deployment across a number of customer segments and from a protocol standpoint is pretty clean (It just needs a couple of additions like CryptoBindings). Ryan -----Original Message----- From: Nancy Winget (ncamwing) [mailto:ncamwing@cisco.com] Sent: Tuesday, August 14, 2007 4:29 PM To: Ryan Hurst; Alan DeKok; Stephen Hanna Cc: emu@ietf.org Subject: RE: [Emu] Crypto-binding in TTLS-v0 Publishing TTLS and PEAPv0 (and PEAPv1) is a worthy cause given that there are deployments out there. However, I think that is a different item/issue than having it be taken as an EMU work item. For instance, it can be published as an informational RFC much the same way EAP-FAST is now RFC 4851. It is not clear why TTLS should become an EMU work item or standardized as the means to deliver a strong password based method. There are other tunnel methods such as PEAP and EAP-FAST that can also meet the requirements. If we are discussing what would need to be changed/updated to TTLS to meet the requirements, perhaps we should also be evaluating PEAP and EAP-FAST as alternatives as they also meet the requirements and perhaps more so than TTLS. Nancy. -----Original Message----- From: Ryan Hurst [mailto:Ryan.Hurst@microsoft.com] Sent: Tuesday, August 14, 2007 9:57 AM To: Alan DeKok; Stephen Hanna Cc: emu@ietf.org Subject: RE: [Emu] Crypto-binding in TTLS-v0 I agree, I also want to see PEAPv0 published for the same reasons (I am working on a draft of this, no ETA I can share at this time). -----Original Message----- From: Alan DeKok [mailto:aland@deployingradius.com] Sent: Tuesday, August 14, 2007 9:47 AM To: Stephen Hanna Cc: emu@ietf.org Subject: Re: [Emu] Crypto-binding in TTLS-v0 Stephen Hanna wrote: > draft-funk-eap-ttls-v0-01.txt describes EAP-TTLSv0 as it has been > implemented by vendors and adopted by other SDOs. We plan to submit > this for RFC status as part of the ongoing effort to document popular > EAP methods as RFCs. I think this document should be published. It's widely used, and deserves documentation in the IETF process. > As to your question about whether EAP-TTLSv0 is a chartered work item > for the EMU WG, that may depend in part on how the WG decides to > address the work item to deliver a strong password-based method. At > the EMU WG in Chicago, there were two proposals: my proposal to use > EAP-TTLSv0 with these new AVPs and another proposal to define a new > EAP method especially for this purpose. The results of a hum were > inconclusive and it was agreed to take this discussion to the email > list. I am in favor of EAP-TTLSv0 + new AVP's. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu
- [Emu] Crypto-binding in TTLS-v0 Lakshminath Dondeti
- AW: [Emu] Crypto-binding in TTLS-v0 Tschofenig, Hannes
- RE: [Emu] Crypto-binding in TTLS-v0 Stephen Hanna
- RE: AW: [Emu] Crypto-binding in TTLS-v0 Bernard Aboba
- Re: AW: [Emu] Crypto-binding in TTLS-v0 Hannes Tschofenig
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- RE: [Emu] Crypto-binding in TTLS-v0 Ryan Hurst
- Re: [Emu] Crypto-binding in TTLS-v0 Lakshminath Dondeti
- RE: [Emu] Crypto-binding in TTLS-v0 Glen Zorn (gwz)
- Re: AW: [Emu] Crypto-binding in TTLS-v0 Bernard Aboba
- RE: [Emu] Crypto-binding in TTLS-v0 Bernard Aboba
- RE: [Emu] Crypto-binding in TTLS-v0 David B. Nelson
- RE: [Emu] Crypto-binding in TTLS-v0 Joseph Salowey (jsalowey)
- RE: [Emu] Crypto-binding in TTLS-v0 Joseph Salowey (jsalowey)
- RE: [Emu] Crypto-binding in TTLS-v0 Stephen Hanna
- RE: [Emu] Crypto-binding in TTLS-v0 Stephen Hanna
- RE: [Emu] Crypto-binding in TTLS-v0 Matthew Gast
- RE: [Emu] Crypto-binding in TTLS-v0 Nancy Winget (ncamwing)
- [Emu] Channel binding (Re: Chennal binding) Lakshminath Dondeti
- RE: [Emu] Crypto-binding in TTLS-v0 Ryan Hurst
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- RE: [Emu] Crypto-binding in TTLS-v0 Nancy Winget (ncamwing)
- RE: [Emu] Crypto-binding in TTLS-v0 Nancy Winget (ncamwing)
- RE: [Emu] Crypto-binding in TTLS-v0 Nancy Winget (ncamwing)
- RE: [Emu] Crypto-binding in TTLS-v0 Nancy Winget (ncamwing)
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- RE: [Emu] Crypto-binding in TTLS-v0 Gene Chang (genchang)
- Re: [Emu] Crypto-binding in TTLS-v0 Hannes Tschofenig
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- RE: [Emu] Crypto-binding in TTLS-v0 david@mitton.com
- RE: [Emu] Crypto-binding in TTLS-v0 Gene Chang (genchang)
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- RE: [Emu] focus on deployed protocols Bernard Aboba
- RE: [Emu] Crypto-binding in TTLS-v0 Gene Chang (genchang)
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- RE: [Emu] Crypto-binding in TTLS-v0 Hao Zhou (hzhou)
- Re: [Emu] Crypto-binding in TTLS-v0 Jouni Malinen
- Re: [Emu] Crypto-binding in TTLS-v0 Sam Hartman
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- Re: [Emu] Crypto-binding in TTLS-v0 Lakshminath Dondeti
- RE: [Emu] Crypto-binding in TTLS-v0 Hao Zhou (hzhou)
- Re: [Emu] Crypto-binding in TTLS-v0 Lakshminath Dondeti
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- Re: [Emu] Crypto-binding in TTLS-v0 Sam Hartman
- [Emu] Chennal binding Sam Hartman
- RE: [Emu] Crypto-binding in TTLS-v0 Gene Chang (genchang)
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- RE: [Emu] Crypto-binding in TTLS-v0 Gene Chang (genchang)
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- Re: [Emu] Crypto-binding in TTLS-v0 Sam Hartman
- Re: [Emu] Crypto-binding in TTLS-v0 Sam Hartman
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- Re: [Emu] Crypto-binding in TTLS-v0 Sam Hartman