IETF Logo Mail Archive

Re: [Emu] EMU Meetings

Dan Harkins <dharkins@lounge.org> Thu, 27 January 2022 21:16 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A00C23A0E08 for <emu@ietfa.amsl.com>; Thu, 27 Jan 2022 13:16:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.613
X-Spam-Level:
X-Spam-Status: No, score=-2.613 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.714, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZZvfnQWEIl_x for <emu@ietfa.amsl.com>; Thu, 27 Jan 2022 13:16:19 -0800 (PST)
Received: from www.goatley.com (www.goatley.com [198.137.202.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3961D3A0E05 for <emu@ietf.org>; Thu, 27 Jan 2022 13:16:19 -0800 (PST)
Received: from kitty.bergandi.net (cpe-76-176-14-122.san.res.rr.com [76.176.14.122]) by wwwlocal.goatley.com (PMDF V6.8 #2433) with ESMTP id <0R6E16I560F6GJ@wwwlocal.goatley.com> for emu@ietf.org; Thu, 27 Jan 2022 15:16:18 -0600 (CST)
Received: from [10.74.74.210] (kitty.dhcp.bergandi.net [10.0.42.19]) by kitty.bergandi.net (PMDF V6.8 #2433) with ESMTPSA id <0R6E0023U0F50L@kitty.bergandi.net> for emu@ietf.org; Thu, 27 Jan 2022 13:16:17 -0800 (PST)
Received: from 69-12-173-8.static.dsltransport.net ([69.12.173.8] EXTERNAL) (EHLO [10.74.74.210]) with TLS/SSL by kitty.bergandi.net ([10.0.42.19]) (PreciseMail V3.3); Thu, 27 Jan 2022 13:16:17 -0800
Date: Thu, 27 Jan 2022 13:16:16 -0800
From: Dan Harkins <dharkins@lounge.org>
In-reply-to: <CAOgPGoAikGuhczwoVSth9Nejq5yN7PTiBWRpyBhUFhmubbjc8Q@mail.gmail.com>
To: emu@ietf.org
Message-id: <e6543e1a-080d-65a8-f962-f8d846731e2e@lounge.org>
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_JWQRig0XTtVrGHi5sZxgpQ)"
Content-language: en-US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.3.2
X-PMAS-SPF: SPF check skipped for authenticated session (recv=kitty.bergandi.net, send-ip=69.12.173.8)
X-PMAS-External-Auth: 69-12-173-8.static.dsltransport.net [69.12.173.8] (EHLO [10.74.74.210])
References: <CAOgPGoAWz78BfYppQFNQfVXox0mOBA1zb1ccCmHMUm0XZH0UHA@mail.gmail.com> <HE1PR0701MB3050E55BBBEBDD67ECA5F98C89559@HE1PR0701MB3050.eurprd07.prod.outlook.com> <A5257AE5-AB7E-499D-AA7C-FECC38816D2F@deployingradius.com> <HE1PR0701MB3050DF0C6E47F4181E74FE8489599@HE1PR0701MB3050.eurprd07.prod.outlook.com> <169749C9-5C37-40A3-8434-9B11D928C889@deployingradius.com> <CAOgPGoAikGuhczwoVSth9Nejq5yN7PTiBWRpyBhUFhmubbjc8Q@mail.gmail.com>
X-PMAS-Software: PreciseMail V3.3 [220125b] (kitty.bergandi.net)
X-PMAS-Allowed: system rule (rule allow header:X-PMAS-External noexists)
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/ae1MbfnSBMfpn125E9Xjw6mUdxQ>
Subject: Re: [Emu] EMU Meetings
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jan 2022 21:16:24 -0000

   Hello,

On 1/24/22 8:20 PM, Joseph Salowey wrote:
> We are requesting a session at IETF 113.  There has not been a whole 
> lot of discussion on the list of any topic. Before scheduling an 
> interim we would like to understand what the topics would be.
>
> Do we need an interim for EAP-Types or is it ready for last call?
>
> What is the working group interested in meeting on?

   I'd like to present tls-pok (or tls-eap-dpp, or whatever we want to 
call it).
Owen and I did some rejiggering of the exchange based on feedback from
the TLS WG and it's much simpler and more congruent with the TLS exchange
than before. It can slide pretty easily into TEAP (as described in the 
draft).

   We will be updating the repository very soon but I'd like to get on the
agenda for Vienna.

   regards,

   Dan.

>
> Thanks,
>
> Joe
>
>
> On Wed, Jan 19, 2022 at 4:58 AM Alan DeKok <aland@deployingradius.com> 
> wrote:
>
>     On Jan 19, 2022, at 6:38 AM, John Mattsson
>     <john.mattsson@ericsson.com> wrote:
>     > >    draft-arkko-emu-rfc3748bis
>     >
>     >   I heard significant opposition to that at the last EMU
>     meeting.  I don't see a compelling reason to rev 3748.
>     >
>     > John: I think we should get back to this topic for more
>     discussion on if and how. Bernard expressed opposition to obsolete
>     as he said that would require recertification of products. But
>     there was also a suggestion that we should instead do Internet
>     Standard instead. EAP does definitly deserve to be an Internet
>     Standard. Another suggestion was to make an update instead of
>     obsolete which would not trigger recertification.
>
>       Are there any implementors of EAP who are asking for it to be
>     updated?  From what I can see, the answer is "no".  Which means
>     that the IETF is free to work on a document, but it will be either
>     opposed, or at best, ignored.
>
>     > The following has been brought up as reasons for doing some kind
>     of update:
>     > - EAP is essential for network acces authentication and should
>     be an Internet Standard
>
>       Like RADIUS accounting.  But we've lived for 25+ years without
>     that.  I think it's fine.
>
>     > - "Master" should be changed to "Main" tofollow inclusive
>     language recommendations (TLS is already doing this).
>
>       This reminds me of a comment about "codes of conduct" for
>     software projects.  The observation was that in many cases, the
>     proponents of such codes engaged in such extreme behavior that
>     they should have been banned under the codes which they were
>     proposing.  Yet that never happened.  The only conclusion then is
>     that something else is going on.
>
>       In linguistics these re-naming of "bad" things is called the
>     "euphemism treadmill".  History has other names for such morality
>     plays.
>
>     > - Several of the methods defines in RFC 3748 like MD5-Challenge
>     would benefit from security consideration and references to more
>     recommended methods such as EAP-TLS.
>
>       While that's true, I would like to see how that benefit is worth
>     the effort involved in updating the standard.
>
>     > - There are errata.
>     > - The consideration and recommendations for identity protection
>     is not up to data with current best practice.
>
>       For me, that's been adequately patched in updates to EAP
>     methods.  i.e. methods where identity protection matter. For
>     insecure methods, they're used in situations where identity
>     protection doesn't really matter.
>
>     > - RFC 3748 does not even mention forward secrecy is more and
>     more becoming a requirement to acceptable security.
>     > - Mention new access technologies such as 5G where EAP is an
>     essential part.
>
>       I don't understand how this is useful.
>
>     > - Mention of recommend use of documents such as [RFC4137]
>     [RFC5113] [RFC5247] [RFC6677] [RFC7029].
>     >
>     > IETF is at least nowadays very often making updates such as this
>     (RFC7296, RFC8446bis, RFC7616, RFC8489, RFC8656, RFC8445, etc.)
>     >
>     > My personal view would be that the security considerations
>     considering MD5, identity protection, and forward secrecy would be
>     worthwhile doing in some way. It would also be good to mention
>     essential updates such as RFC 4137.
>
>       Given the significant opposition, I don't see how WG consensus
>     can be achieved here.  The only way forward would be to ignore all
>     of the EAP implementors, and declare consensus despite their
>     objections.
>
>     > >    draft-ingles-eap-edhoc
>     >
>     >   That seems useful for limited situations (i.e. IoT). It also
>     has issues with publicizing identities.
>     >
>     > John: I think the only thing that is missing is to mandate use
>     of ananymous NAIs.
>
>       I don't see any provision in the draft for providing a "real"
>     identity.  So the only NAI used is the outer one, which therefore
>     cannot be fully anonymized.
>
>       Alan DeKok.
>
>     _______________________________________________
>     Emu mailing list
>     Emu@ietf.org
>     https://www.ietf.org/mailman/listinfo/emu
>
>
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu

-- 
"The object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." -- Marcus Aurelius

v2.23.0 | Report a Bug | By Email