IETF Logo Mail Archive

[Emu] draft-arkko-emu-rfc3748bis

Jari Arkko <jari.arkko@piuha.net> Mon, 22 February 2021 08:11 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97CA83A0E12 for <emu@ietfa.amsl.com>; Mon, 22 Feb 2021 00:11:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.104
X-Spam-Level:
X-Spam-Status: No, score=-1.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UCVseYZ2YFqU for <emu@ietfa.amsl.com>; Mon, 22 Feb 2021 00:11:44 -0800 (PST)
Received: from p130.piuha.net (unknown [IPv6:2001:14b8:1829::130]) by ietfa.amsl.com (Postfix) with ESMTP id 8F88A3A0E11 for <emu@ietf.org>; Mon, 22 Feb 2021 00:11:44 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 25CFC6601F4; Mon, 22 Feb 2021 10:11:43 +0200 (EET)
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c_VCD2o8MYsg; Mon, 22 Feb 2021 10:11:40 +0200 (EET)
Received: from [127.0.0.1] (p226.piuha.net [193.234.219.226]) by p130.piuha.net (Postfix) with ESMTPS id E78EE66013A; Mon, 22 Feb 2021 10:11:40 +0200 (EET)
From: Jari Arkko <jari.arkko@piuha.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Mon, 22 Feb 2021 10:11:40 +0200
References: <161398018217.26050.17725992289491118149@ietfa.amsl.com>
To: EMU WG <emu@ietf.org>
Message-Id: <38EB47A7-B671-46C4-A288-BB781AC24A31@piuha.net>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/erfDIcl5W8Osj-3BAc6yNJBG5k0>
Subject: [Emu] draft-arkko-emu-rfc3748bis
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2021 08:11:47 -0000

Hi,

John and I have submitted a draft that updates RFC 3748, updating some of the security considerations, terms, references, the IANA considerations, and few other updates.  While the believe that the update from RFC 3748 is useful, it is by no means something that absolutely has to be done, but has been provided for your consideration, with an interest in maintaining the documentation. The document is available here:

 https://tools.ietf.org/html/draft-arkko-emu-rfc3748bis-00 (full)
 https://arkko.com/ietf/eap/draft-arkko-emu-rfc3748bis-from-rfc3748.diff.html (diff to RFC 3748)

Thoughts? Feedback?

There may be more security and other changes to incorporate, but so far the changes in this draft include:

  o  The names of the MSK and EMSK terms used to discuss and specify
     the protocol have been changed.

  o  The security considerations note the deficiencies in legacy EAP
     methods such as MD5-Challenge in Section 7.11.1, and recommend the
     use of more modern authentication methods.

  o  Ivo Sedlacek's errata on a reference to Section 7.12 rather than
     Section 7.2 from Section 3.4 has been adopted.

  o  IANA rules have been updated to comply with RFC 8126 and current
     allocations.

  o  References have been updated to their most recent versions.

  o  The security claim perfect forward secrecy has been added.

  o  References to 3GPP 5G has been added.

  o  The peer-name portion of the NAI SHOULD be omitted in the EAP-
     Response/Identity.

  o  Since the publication of RFC3748, several documents related to the
     core EAP document have been published: [RFC4137] offers a proposed
     state machine [RFC5113] defines the network discovery and
     selection problem, [RFC5247] specifies the EAP key hierarchy,
     [RFC6677] [RFC7029] explores man-in-the-middle attacks and defines
     how to implement channel bindings.  References to RFC 4137, RFC
     5113, RFC 5247, RFC 6677, and RFC 7029 3GPP have been added.

There are still some open questions, however.

Jari and John

v2.23.0 | Report a Bug | By Email