[Emu] [Errata Held for Document Update] RFC7170 (5767)
RFC Errata System <rfc-editor@rfc-editor.org> Mon, 01 April 2024 11:16 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48662C14F6AA; Mon, 1 Apr 2024 04:16:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.648
X-Spam-Level:
X-Spam-Status: No, score=-1.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W0N9YHsUz6GF; Mon, 1 Apr 2024 04:16:19 -0700 (PDT)
Received: from rfcpa.amsl.com (rfcpa.amsl.com [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7697BC14F6A6; Mon, 1 Apr 2024 04:16:19 -0700 (PDT)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 6787F5BDD43; Mon, 1 Apr 2024 04:16:19 -0700 (PDT)
To: j@w1.fi, hzhou@cisco.com, ncamwing@cisco.com, jsalowey@cisco.com, steve.hanna@infineon.com
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: paul.wouters@aiven.io, iesg@ietf.org, emu@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20240401111619.6787F5BDD43@rfcpa.amsl.com>
Date: Mon, 01 Apr 2024 04:16:19 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/ejhV1SuKLB_mDPASCcwjCuB_LJw>
Subject: [Emu] [Errata Held for Document Update] RFC7170 (5767)
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2024 11:16:23 -0000
The following errata report has been held for document update for RFC7170, "Tunnel Extensible Authentication Protocol (TEAP) Version 1". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid5767 -------------------------------------- Status: Held for Document Update Type: Technical Reported by: Jouni Malinen <j@w1.fi> Date Reported: 2019-06-28 Held by: Paul Wouters (IESG) Section: 3.3.1 Original Text ------------- EAP method messages are carried within EAP-Payload TLVs defined in Section 4.2.10. If more than one method is going to be executed in the tunnel, then upon method completion, the server MUST send an Intermediate-Result TLV indicating the result. Corrected Text -------------- EAP method messages are carried within EAP-Payload TLVs defined in Section 4.2.10. Upon completion of each EAP authentication method in the tunnel, the server MUST send an Intermediate-Result TLV indicating the result. Notes ----- TEAP description is somewhat vague in discussion about "EAP methods" vs. "EAP authentication methods" as it comes to the EAP methods performed in Phase 2 within the TLS tunnel. RFC 3748 defines Identity request/response as an EAP method. However, this method is not an "authentication method" which is a special case of an method where the Type is 4 or greater. RFC 7170 uses correct terminology in the first paragraph of Section 3.3.1 when talking about multiple authentication methods not being allowed by RFC 3748 in a single EAP conversation. However, many, but not all, of the following "[EAP] method" instances are actually referring to "[EAP] authentication method". This results in incorrect claims on when the Intermediate-Result TLV and Crypto-Binding TLV are used. They are not used after an EAP non-authentication method like Identity (e.g., see the example in C.3); they are used after each EAP authentication method like EAP-pwd. Furthermore, the comment about "more than one method is going to be executed in the tunnel" does not sound accurate. This applies even if only a single EAP authentication method is executed in the tunnel (Identity method is not required to be executed). The proposed text in this errata entry addresses these two issues in Section 3.3.1. The following additional changes would be needed to make rest of the specification use the terms more accurately: 3.3.3: "after each successful EAP method" --> "after each successful EAP authentication method" 3.8.3: "completion of the EAP method" --> "completion of the EAP authentication method" 4.2.11: "between multiple inner EAP methods within EAP" --> "after each inner EAP authentication method" 4.2.13: "after each successful EAP method" --> "after each successful EAP authentication method" -------------------------------------- RFC7170 (draft-ietf-emu-eap-tunnel-method-10) -------------------------------------- Title : Tunnel Extensible Authentication Protocol (TEAP) Version 1 Publication Date : May 2014 Author(s) : H. Zhou, N. Cam-Winget, J. Salowey, S. Hanna Category : PROPOSED STANDARD Source : EAP Method Update Stream : IETF Verifying Party : IESG
- [Emu] [Errata Held for Document Update] RFC7170 (… RFC Errata System