IETF Logo Mail Archive

Re: [Emu] EAP and Fragmentation

Mohit Sethi M <mohit.m.sethi@ericsson.com> Thu, 14 February 2019 11:54 UTC

Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A81B130EB3 for <emu@ietfa.amsl.com>; Thu, 14 Feb 2019 03:54:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=Hm10ULXl; dkim=pass (1024-bit key) header.d=ericsson.com header.b=QDkWb0bn
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 92Qf4xFzqp5H for <emu@ietfa.amsl.com>; Thu, 14 Feb 2019 03:54:46 -0800 (PST)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACFAB131164 for <emu@ietf.org>; Thu, 14 Feb 2019 03:54:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1550145283; x=1552737283; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=+uLtb8jYMUzwCqF9+jZhgehG+wZ2uqeKbzdQ5xwpCwU=; b=Hm10ULXls5QgOhDK56UnOYiiBiPboYC+AGHpW7gAleL2lvm5HMDaAjLWGZPFKtfq eyjtaWm3LR52UqwASCikCKCYWls1exROqa3BK7jJ0rP61Bk+BMZlTTe3KDjs0gHh rdjWJ2m6SgwA3lvYrWf/nsT5KAH8FXbKf6fPQmxChKw=;
X-AuditID: c1b4fb3a-5c9c29e00000672c-63-5c655703a0a5
Received: from ESESBMB504.ericsson.se (Unknown_Domain [153.88.183.117]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 1A.9F.26412.307556C5; Thu, 14 Feb 2019 12:54:43 +0100 (CET)
Received: from ESESSMR502.ericsson.se (153.88.183.110) by ESESBMB504.ericsson.se (153.88.183.171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 14 Feb 2019 12:54:42 +0100
Received: from ESESSMB501.ericsson.se (153.88.183.162) by ESESSMR502.ericsson.se (153.88.183.110) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 14 Feb 2019 12:54:42 +0100
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Thu, 14 Feb 2019 12:54:42 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+uLtb8jYMUzwCqF9+jZhgehG+wZ2uqeKbzdQ5xwpCwU=; b=QDkWb0bna8GlwtAovaYjqSW1RLD4ayin6+200R1f9HlfHliXgXc8LMaHgAffWcKYiUPsR/puSk5FfwNpHp7NxFtUtH+vd6+rO4lGeiYrITeOkyqDdbQvN75LvqziIE7w2OSA5NgocH9hyGdy/dl8EKk/iyMvfe1cq6+a+s7oqjg=
Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com (10.168.98.146) by HE1PR0701MB2713.eurprd07.prod.outlook.com (10.168.188.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.7; Thu, 14 Feb 2019 11:54:41 +0000
Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::1cbb:43e1:d406:1a0a]) by HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::1cbb:43e1:d406:1a0a%6]) with mapi id 15.20.1643.004; Thu, 14 Feb 2019 11:54:41 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: "Dr. Pala" <director@openca.org>, Mohit Sethi M <mohit.m.sethi@ericsson.com>, EMU WG <emu@ietf.org>
Thread-Topic: [Emu] EAP and Fragmentation
Thread-Index: AQHUxFwPnkPBm43f0kqflrUiCzSSKA==
Date: Thu, 14 Feb 2019 11:54:41 +0000
Message-ID: <b5a2a434-b631-6edc-840d-0b3b9b78f27e@ericsson.com>
References: <f7548f45-e9ed-3c96-fd55-d87006c5ce70@openca.org>
In-Reply-To: <f7548f45-e9ed-3c96-fd55-d87006c5ce70@openca.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0
x-originating-ip: [89.166.49.243]
x-clientproxiedby: HE1PR05CA0183.eurprd05.prod.outlook.com (2603:10a6:3:f8::31) To HE1PR0701MB2905.eurprd07.prod.outlook.com (2603:10a6:3:57::18)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 584068ba-c417-43ca-0e78-08d6927333bc
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(2017052603328)(7153060)(49563074)(7193020); SRVR:HE1PR0701MB2713;
x-ms-traffictypediagnostic: HE1PR0701MB2713:
x-ms-exchange-purlcount: 1
x-microsoft-exchange-diagnostics: 1;HE1PR0701MB2713;23:zRFN7v/Qn2DUVOWv08FBq8/Bw+DEHSR7g/nj3hVQcOaOd/9Bij9gyDLzeh2Tu8eMDvwtBMXHukgLTEgPSJJ+7qScD/rlDYe2YL6d+bqsPjiI9Tks+E42ogaaCEKZXM3fMnzfxlJLbq78N/5wO4QrrgGfze/SxkRF2x7KtNiik3y52CdVR0QndBFcLHg9idNlWBJP5hGt71IeRT5ikLhuJ3BL3dxM/B20+OPZTdDP0QHpkDnWEzMg+HNxAAEpreK24QBQt7FbamxCQmWAviUZeVHXhGmRSJN6O47R+dj4w38O+MKPe67v57S+z8kOeyX9x+oEdx7Qy+CRhuwX6ogXw2EBYiTLfAtyJOM1Lr/kUwnYOQiUFftDtM4VHOgzhayqOTzhT4PF1VkVQnf0UzYSoUilu8OGw9TGj4CzfLhR8mjFBsbI96FON72wMCDCsGwtZANoshSBR1klJwUScGQkx0akX+AWysaxSwEtgo851EdB+bm+7EZHuqzk7ef4aIJSlnOjC2xbsAGlRQdTAzJLJIh8Jxgf+Phhryr32yERYd/rPEwuOEdz2JMECrULGlm5yjMtXUovXwtguPq1jfT6GdgZNh0QD8PVwKfYyHwxIx8rzQPh3haAjTuc5dfGvGzlE1LcecWhTojW+Sfe2nJvdJic7u8UwIHSXiFd1nFXYu1uHnJ9yX2Xj71PiFoKsrZbjwMiPJcaxaph6y3rfnonzR9J3Vy9ky1+LrmAvsFjAxfIatWSVKPJncLb8efaMpgwzai9MdPGyLuepvxY6n1Bty6GgqQfozCTAzaBHyCNP8wxno0LTLsKPK6NP2pIDL1Bxwby+gMqCWN0uVwzo5Pjt8Qk51r5AjdfH63rRBdXJa+k3OvJXJj5g/leZEVEAwhV0D5xKjN7CLFHhk0pk6Pao2w02ZBBv9iFAcaan0yqaoEFRdYgPMrrPAuaicosyGVbBR+n5jShwQMOfSbQ/TW+7t7XRIb8LomAOWh6we3uVta/fgKOp364d8hW7qaTow0tPIOLHfAOR0gaZJeo8BPar3OpIGA6WQ0lvUjMfXvjspE3itYBi6BhChFfgLcIJm5Ns7aApmQwmBpD4qPVMiVykPkkDvo3MQr4T3POVa59B3HRrduYEPJ5FB41fvRNjf6CnWGE2ww22mswIpjlGTM4c6atcMzNnEdYl5wx7Z5fPn1DqdhLIbtTi7Ck1p3T3oxTdaB1e18Lz4klW1xSrE6ECHbGM+qYL+qGfIli12xmE+04GhUobonQrSdjJWgTt8SNG3gKSQCMzx2jjfWtzP+4rM5Q6WCP7XQEflfH9FfxssAQBA7OSxzJEeAvv1PKvj95M39IL9iqlX8Q1bsXqeU8Djh7Cv1SX51/vskfMOx0j+G+QPZtZWrvoL0hzAoxFuYZM8NX5T1LWjXy7JF2DipO3Ae0nYdefIJ0brUlnxyvWQWIhauuidZseOJeJJOjRz11792wGuD7cQ94oOA8ky5ZD5Q0qJwEAGeDPMrotnqa2Og=
x-microsoft-antispam-prvs: <HE1PR0701MB2713E5A41884C2C4ADFDAC8CD0670@HE1PR0701MB2713.eurprd07.prod.outlook.com>
x-forefront-prvs: 09480768F8
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(376002)(366004)(39860400002)(396003)(136003)(199004)(53754006)(189003)(486006)(65956001)(99936001)(65826007)(65806001)(2616005)(11346002)(446003)(8936002)(476003)(25786009)(8676002)(81156014)(81166006)(66066001)(31686004)(36756003)(6486002)(53546011)(186003)(76176011)(386003)(68736007)(6506007)(99286004)(561944003)(6246003)(26005)(229853002)(64126003)(106356001)(97736004)(52116002)(105586002)(6116002)(3846002)(102836004)(7736002)(14454004)(733005)(110136005)(6306002)(54896002)(316002)(256004)(53936002)(86362001)(54556002)(2906002)(413944005)(236005)(606006)(966005)(31696002)(71190400001)(6512007)(71200400001)(6436002)(478600001)(58126008); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2713; H:HE1PR0701MB2905.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: MDE4a7I+jnELXIJXZBXeGfKLoaDb6AuAnVusg1SdGiBmEUQnIaPcLiyUlx7Nw+oRvVTkzdwAMAvwpxBU9AqNpA/rLdEomdzTo6QTqItNZ6W74ds64kWtfYcFCscYYMhWXb7r0xwdQuMg5u7wXdRS+vvHLCrOpZunO9xEzo5n5pd+KX6VrsPYljcQRxMK++l6VawvI/1xKt4kdeL5jkElP3C9QZTR5KsCrcc4d10DuiONQl5izM1nNOAKjL5nDgZORjGVc2DtTS8yC9CjMFvYQPwr42urKPR2cIab3/Ebc3sXiX1JTumeAwACRFeZuzEPx+OtCKmMmTYtkREh/Yxc/6y7tGBHANwmNd3cH2729pjpO9UoyX3PeIkpNZ66do5QOM7aHBX1pTtsR0hlaIOcH12TUyjioAqX6CARedBwwmk=
Content-Type: multipart/related; boundary="_004_b5a2a434b6316edc840d0b3b9b78f27eericssoncom_"; type="multipart/alternative"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 584068ba-c417-43ca-0e78-08d6927333bc
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Feb 2019 11:54:40.3658 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2713
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA1WSe0hTcRTH+93dzbla/Jwzj4sIV4plPjKlEVYGQUYFBUUmhl30pqu1ye6U jCTFXs6wiWbvaWThKh9l4qOgNrXsYakUrSyG+UipRA2syKx791tg/33O95zz/X05/KQiRb5E JdXqTaxRz+jUEhl9PqExM0y0k02KvNsVrHlQt1nzqLaajqPiKyt/UvFni130VipRFpvK6rRZ rDFizR5Z+leLJuO38eDxol6Uix4ZzEgqBRwN36qyzUgmVeA2BFenXyAz8uaLSQQ9LWLS4PnZ y7depKikwGHrkggFjS0iGLbeQqRTRsGrgqOeYghBa2+vWDCT4EgoKa3yEliJtWC1jEgE9sUh cLmsXUL0JdDZ1iAiHA71JQ/dQWgcBFfyvlBCWDleC/Xl20i+1WC+lude9cZroNRa72aE58H3 p7cogUXYH94NlLsZsBL6up9JCPvBSP+0O5ofToCaSQcieiB0jvZRQn7AZxBYHreIieluGPtz 2mO0DDrfDHgWFkBPeaGHt4C5/Y2HBxHceR1NDrwMOk7sIrIKOrrbxYSrlTB5P8eCIi/MiEr4 CDSdmxIJLMc+8OT8AE30FCg4M4gu8K4i/lq1LRFEDoTSwj4vwiFw7NJlD8fD+NU6+v8ZYTUa Jsb8iLwEXK4m/lUZz9UIGp29EjITBU3TO2auVqC5N5Afx3LcgbSoqHDWqE3hOIM+XM+a7iD+ O9rv/lrVhOyf1jkQliL1HPnzzWySQsxkcdkHHGgx7/Ox7mYXUtF6g55VK+X52/m2PJXJPsQa DcnGTB3LOdB8Ka32l08pfJIUOI0xsftZNoM1/utSUm9VLlrYYE2w+8as0JUEtDX7nxx3bUNy X8cpxqKxhSY6J54O2zp8nZWtrvq5U8Hrtxy/eHZ7Uf+o6t6+WcnJTlva1GFZBbNxw6uEsvdh u4NiA0x7DZuUA7Nzih3NKz/HzK+4/oNrDS0Ju+0Yyq2hJ8bSP9hdVdaCt7U6mymZuRkij1uk prl0ZvlSkZFj/gLcmIZUlgMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/fQKJ_iCb3LC6siook1sZNLM7Esw>
Subject: Re: [Emu] EAP and Fragmentation
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Feb 2019 11:54:50 -0000

Dear Dr. Pala,

On 2/12/19 7:36 PM, Dr. Pala wrote:

Hi all,

I am working on a draft for credentials management via EAP. When looking at the different specifications, it seems a bit weird that EAP does not provide Fragmentation control and requires each method to define their own way.

This, led me to my first question: is there a de-facto "standard" way to add Fragmentation support we can just use (without having to re-invent the wheel all the time) ? If we had such a mechanism, then we could just say "implement the mechanism as defined in ... ". This would definitely help developers that could safely re-use code/libraries. The other approach would be to modify EAP to add Fragmentation support there. The main reason to have a standard behavior is to have also better management for ack and nak packets. As far as the solution goes, the main ones I looked at are the ones mentioned in EAP-TTLS and EAP-TEAP. They are both practically the same, active ACK-based - are there other methods that have been implemented ? Has anybody ever looked at how fragmentation is handled in practice and if there are better solutions than others ?

No hat: I think having a standard mechanism for supporting large messages and fragmentation independently of any particular EAP method would definitely be something useful. As you said, it would allow developers to safely re-use code. If you have a draft proposal, I would be happy to review it. Perhaps we could start by looking at existing mechanisms used by EAP-Pwd/EAP-TTLS.

--Mohit

Further thinking let me to my second question: the method we are going to propose requires some form of authentication for the server, therefore I can see its use mainly as a tunneled method where the communication with the server is assumed to be already secure. If we go down the route of requiring the use of an outer method that provides authenticity and, optionally, confidentiality we would also not need to provide support for Fragmentation control, since the records would be encapsulated within the outer-method messages that already provide fragmentation support. Would this be acceptable ? Or should the method not have such assumptions and provide support for explicit fragmentation control ? What would be the preferred path here ? I personally would like to have a method that could be used independently, but I would also like to focus on simplicity of implementation so that if you already have EAP-TTLS/EAP-TEAP support, adding support for EAP-CREDS would be very simple.

Looking forward to some great guidance and advice :D Also, if you would like to collaborate/contribute, please let me know!

--
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
[OpenCA Logo]



_______________________________________________
Emu mailing list
Emu@ietf.org<mailto:Emu@ietf.org>
https://www.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email