IETF Logo Mail Archive

Re: [Emu] WG adoption call for draft-arkko-eap-aka-pfs

Alan DeKok <aland@deployingradius.com> Tue, 11 December 2018 16:15 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EF2A130E4D for <emu@ietfa.amsl.com>; Tue, 11 Dec 2018 08:15:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sLRDF3FTD8bJ for <emu@ietfa.amsl.com>; Tue, 11 Dec 2018 08:14:59 -0800 (PST)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) by ietfa.amsl.com (Postfix) with ESMTP id 03A06130E57 for <emu@ietf.org>; Tue, 11 Dec 2018 08:14:59 -0800 (PST)
Received: from [192.168.20.203] (unknown [72.137.155.194]) by mail.networkradius.com (Postfix) with ESMTPSA id 822EC699; Tue, 11 Dec 2018 16:14:57 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <BC8F219E-4BE4-4980-A701-F8F296A19A4F@piuha.net>
Date: Tue, 11 Dec 2018 11:14:55 -0500
Cc: "Dr. Pala" <director@openca.org>, emu@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <ED694824-8D3B-4504-BA33-A88682C458BA@deployingradius.com>
References: <CAOgPGoBGZWbyHYybnMUbKG77Mei3yBOS1HyS4Uso1HKgxq1VNg@mail.gmail.com> <CAOgPGoAvGm7gfgAHsPHHdO9OU601wp=NY2fb9YjQyh0h6cy3nQ@mail.gmail.com> <45e7325b-f5d1-c4b8-edb2-3e39d03989fe@openca.org> <39E1238A-2E39-4FF4-89C3-2B549C1EA84F@deployingradius.com> <932256A8-6381-4EE9-95B2-C56B4E7F52D5@piuha.net> <98AB9912-1110-47F8-A4B0-94CB2E6A302E@deployingradius.com> <BC8F219E-4BE4-4980-A701-F8F296A19A4F@piuha.net>
To: Arkko Jari <jari.arkko@piuha.net>
X-Mailer: Apple Mail (2.3445.100.39)
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/_-_nyl1fZoV929LGK4rzr-CFrhc>
Subject: Re: [Emu] WG adoption call for draft-arkko-eap-aka-pfs
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2018 16:15:03 -0000

On Dec 11, 2018, at 10:32 AM, Jari Arkko <jari.arkko@piuha.net> wrote:
> I’ll first agree with your summary about the importance of the tech, that there’s some risk but the risk is likely low but non-zero, and that in an ideal situation you wouldn’t have to deal with this.
> 
> However, I would like to point out that
> 
> * The draft is an *optional* extension to something bigger, and no one is forced to implement it.

  I don't quite understand that argument.  It's superficially true, but not really correct.

  If a product is to be at all competitive in a landscape where the "big players" require this, then the product *must* implement it.  The alternative is to cede market share, revenue, etc.

  Standards do live in a larger environment than just the standards bodies.  They affect all kinds of things.

> * Regardless of that, even the base RFC had a similar IPR associated with it back in ‘09, so any discussion about an extension’s properties should be set in that context. A problem in the extension cannot be bigger than a problem in what the extension builds on, no? Not to mention the context of say, 5G phones.

  If the IPR is new (I haven't checked), then it could potentially add to the problem, yes.

> Neither me or you can change that context or even the situation with the base. Perhaps the world should operate on other kinds of rules, but what we have here is a tool that could have a real impact on billions of users’ security, and I think we could make it do that. But we need a standard. Can we have that?

  I agree absolutely that this is needed and useful.  I've said that before.

  The underlying issue here is that a company has gained control over part of the standard space.  And we rely only on their good will for continued use of an open standard.  That tends to make me nervous.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email