Re: [Emu] I-D Action: draft-ietf-emu-tls-eap-types-13.txt
Heikki Vatiainen <hvn@radiatorsoftware.com> Fri, 17 February 2023 15:42 UTC
Return-Path: <hvn@radiatorsoftware.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82799C14CE30 for <emu@ietfa.amsl.com>; Fri, 17 Feb 2023 07:42:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=radiatorsoftware-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hP52njexouDC for <emu@ietfa.amsl.com>; Fri, 17 Feb 2023 07:42:52 -0800 (PST)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C197BC14CE3F for <emu@ietf.org>; Fri, 17 Feb 2023 07:42:52 -0800 (PST)
Received: by mail-ed1-x52f.google.com with SMTP id ee31so7317347edb.3 for <emu@ietf.org>; Fri, 17 Feb 2023 07:42:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=radiatorsoftware-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=tTrmiPr7Za7bi9fy4x94DWhixbSP6ST7EU0iV+ts6To=; b=bMB6CPrHLkgRpvgDk6JqrM667kIWbnDnQyLoWCtED9BKsurx1WMGEttJMMzAZwKGdB oSy7mfgYlTSDRLrXq6iBWQrmGMLEYUJoAeVpdG4kFdSTQIPXKbpzIZEeIuePUrc/dMI/ ZcREgoF+0PDcR4Iv868zs69uqsU86EQdHhyA8EZoOVSDLYUxl23KzOB5E540QyTwh+tH HpcS7uN9UsVTVa3paHjnvLrbazGGd6OebS2Tx2l4dUiqGjGF+SRIf9ucxENP9sa/CcNS bdhD198AoC9FdQ83DAx6VrmiSjoIc9DQxYGYCNWBJhu7jeSCl3kYf7Dy4eQiWKsWK8/9 fVOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=tTrmiPr7Za7bi9fy4x94DWhixbSP6ST7EU0iV+ts6To=; b=T3ndy2T3osNejnH/uqVgr22JdRzJlwAm/NUzA3Yde9SeIgfzQA9Z0CQhyFRLspOt5/ WWunpftDEIREe9NYfKQSL2kxkkY5eg8PPDLS6I81c0207BmLwRbUgF78xzGKPQwg5kRw 0AVOPXO/GuwLIun9HXs/H+crfleeSjf5Mfv6s9GDJwjPS2twqAzk/UZaoS7k9b19Xn9J Fag45aiV7Su4p2Tg97Dj7ux9gSQgjc5K2yNN7m2AF2ZrFhCy+Rv+Hp55Yl/8wCfCiVwi sKKw79ESMwnTb6nRy0i+TYCc1tj/lQTiYUUzfeCMDtn2nnd5VTtAMoXMCFvi6oLSDK3q 1MRg==
X-Gm-Message-State: AO0yUKXvq7lL3/o2AVqL+/Wuc8cpuFWnninj6QswaxsthIN6/pcgy20F ia8ymLhC/R2jge0rZNKB2S19gRaccvnW+sALRIBw4A==
X-Google-Smtp-Source: AK7set/CUW8u0Wv80vyZbEv6Gk1sZIMtnea8pcrwg9U3Ecu3mH8aTObU36qeuNJfvnqo4g4b9LmX2NR5RW9mlgs+YhI=
X-Received: by 2002:a17:906:e217:b0:8b1:38d6:9853 with SMTP id gf23-20020a170906e21700b008b138d69853mr447491ejb.2.1676648570572; Fri, 17 Feb 2023 07:42:50 -0800 (PST)
MIME-Version: 1.0
References: <167657471890.30901.11646937454194029805@ietfa.amsl.com> <B46B66BE-86F4-480D-85E3-CEE8A5A1BE43@deployingradius.com>
In-Reply-To: <B46B66BE-86F4-480D-85E3-CEE8A5A1BE43@deployingradius.com>
From: Heikki Vatiainen <hvn@radiatorsoftware.com>
Date: Fri, 17 Feb 2023 17:42:34 +0200
Message-ID: <CAA7Lko_27vf0aV0gB0OLaNcmBC0juXJeeXoURTDRu3AB9P60cQ@mail.gmail.com>
To: Alan DeKok <aland@deployingradius.com>
Cc: EMU WG <emu@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/ftMDsxTF5VMN6Z35eO_e_dFfu2E>
Subject: Re: [Emu] I-D Action: draft-ietf-emu-tls-eap-types-13.txt
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2023 15:42:56 -0000
On Thu, 16 Feb 2023 at 21:16, Alan DeKok <aland@deployingradius.com> wrote: > > This version addresses all outstanding reviews from the IESG. The second paragraph of section '6.1. Handling of TLS NewSessionTicket Messages' ends with this sentence where the end of sentence is repeated: If the server allows the session to resume without verifying that the user had first been authenticated, the malicious client can then obtain network access without ever being authenticated network access without ever being authenticated. Regarding the newly added text, it's good that it's now clearly said that TLS session resumption by itself is not sufficient for EAP success. Here's how the above text continues: As a result, EAP servers MUST NOT assume that a user has been authenticated simply because a TLS session is being resumed. Heikki > > On Feb 16, 2023, at 2:11 PM, internet-drafts@ietf.org wrote: > > > > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > > This draft is a work item of the EAP Method Update WG of the IETF. > > > > Title : TLS-based EAP types and TLS 1.3 > > Author : Alan DeKok > > Filename : draft-ietf-emu-tls-eap-types-13.txt > > Pages : 23 > > Date : 2023-02-16 > > > > Abstract: > > EAP-TLS (RFC 5216) has been updated for TLS 1.3 in RFC 9190. Many > > other EAP types also depend on TLS, such as EAP-FAST (RFC 4851), EAP- > > TTLS (RFC 5281), TEAP (RFC 7170), and possibly many vendor specific > > EAP methods. This document updates those methods in order to use the > > new key derivation methods available in TLS 1.3. Additional changes > > necessitated by TLS 1.3 are also discussed. > > > > > > The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/ > > > > There is also an htmlized version available at: > > https://datatracker.ietf.org/doc/html/draft-ietf-emu-tls-eap-types-13 > > > > A diff from the previous version is available at: > > https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-tls-eap-types-13 > > > > > > Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts > > > > > > _______________________________________________ > > Emu mailing list > > Emu@ietf.org > > https://www.ietf.org/mailman/listinfo/emu > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu -- Heikki Vatiainen hvn@radiatorsoftware.com
- [Emu] I-D Action: draft-ietf-emu-tls-eap-types-13… internet-drafts
- Re: [Emu] I-D Action: draft-ietf-emu-tls-eap-type… Alan DeKok
- Re: [Emu] I-D Action: draft-ietf-emu-tls-eap-type… Heikki Vatiainen
- Re: [Emu] I-D Action: draft-ietf-emu-tls-eap-type… Alan DeKok