Re: [Emu] Author review of draft-ietf-emu-aka-pfs-07

John Mattsson <john.mattsson@ericsson.com> Sat, 06 August 2022 08:15 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 381D6C159496 for <emu@ietfa.amsl.com>; Sat, 6 Aug 2022 01:15:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.69
X-Spam-Level:
X-Spam-Status: No, score=-2.69 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.582, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hUjTYtaFm1-m for <emu@ietfa.amsl.com>; Sat, 6 Aug 2022 01:15:08 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130075.outbound.protection.outlook.com [40.107.13.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F981C14F747 for <emu@ietf.org>; Sat, 6 Aug 2022 01:15:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Pi74Vduz6ud1S8rA2KCwFmIDVugLZrm3MJQ9QfjPB+3agS7b/x1RZd9zDhhgBPz49BKucG6WjYm74ohZDDWFG3UNdGbayS0h9/AKqrEMD4WY8KBHGdIhCcnZd8nQvviotsDBRljJpI35e/WT6dPwtxvdcp3PbnfNNhry/kG+x9FDO6u+Q/xJ98p5YQWPgB19cvpwGprobyuhgmz7YgqqC2bgqL+mMVT+liKIZmmlcyu1HvqcQV3Tfqmv21qRYB1ONvQ0DQRVkqqDvedqoUN9+HvRZZMzndAHuVzwTxUKa3e7VIwfIvgTRUvmbp7PVAoNv3cg8syDcp7FjoconPNwAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5KSJHywK3Cn+1zuBOUo78m5UGStj2KZsX6nlxe8rdWM=; b=mXq62aUc5NGO0IX3ht0PiACItG0rhrx/e0JsPPEOdkdcwY5NBbSMBIXAGLPvIYoJIL53E5e0efIwqAan4ahAs3tYE4kV1LcD/vvEeQnQ0Rd3eOCQSL2rzQEGIE/+B4YnnAueCM+WObUn0INbnC1K5I79P3nqSns9po0CFDO3FZQtuosbH9+rPtd10GeRFLLgmlBOStArAbC8EOh+tcvtGu/IdeHOrhs5M+MnLI7q2wfYv4OsLZAtQ0eQ3fWNEsGoYjrZedE0Z4B+Kk9nCcdKo9QioS7Fge+J+7MrTweixXrsIGe8yo/m2TRDYRhCTiANPoli3vrx/sPGYe41hSBLUA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5KSJHywK3Cn+1zuBOUo78m5UGStj2KZsX6nlxe8rdWM=; b=CMKj3ogRzI1VTBqEpwxJ5Mi3LrN7v2V7AQV9DtW2W6VoKo9yrJwI7mqkUJGWH7av2fqaP9hWDFXcLLsMfcMvY1MGjDoHdvinC+aG0QdcerwjBIO7XsBezPHxgcJpbgNBsIwibOwTwSIbE+axUqAfmfdWO4oR0RMgL5+vxeUl74s=
Received: from DB6PR0701MB3047.eurprd07.prod.outlook.com (2603:10a6:4:74::7) by DB7PR07MB6060.eurprd07.prod.outlook.com (2603:10a6:10:8c::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5525.7; Sat, 6 Aug 2022 08:15:03 +0000
Received: from DB6PR0701MB3047.eurprd07.prod.outlook.com ([fe80::401f:fbad:cadc:c50e]) by DB6PR0701MB3047.eurprd07.prod.outlook.com ([fe80::401f:fbad:cadc:c50e%3]) with mapi id 15.20.5525.007; Sat, 6 Aug 2022 08:15:03 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "emu@ietf.org" <emu@ietf.org>
Thread-Topic: Author review of draft-ietf-emu-aka-pfs-07
Thread-Index: AQHYqWaQYi5Skbe1d0KNKciVbgp8Ta2hhkP2
Date: Sat, 6 Aug 2022 08:15:03 +0000
Message-ID: <DB6PR0701MB3047BDAE6865482D761B451989619@DB6PR0701MB3047.eurprd07.prod.outlook.com>
References: <HE1PR0701MB30504789D838349869FC33F289619@HE1PR0701MB3050.eurprd07.prod.outlook.com>
In-Reply-To: <HE1PR0701MB30504789D838349869FC33F289619@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bb6a81f3-32b3-45d8-f574-08da7783c3c2
x-ms-traffictypediagnostic: DB7PR07MB6060:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: amxt/q5ZMw/T0h4WIxFsPeUDMle+Xxma7gA38IYiDQvB33CXDWy4gHjteFfTGWrfclYBoagepk5QuX341H+DNPM5D9A+EyfO1LLB8sdEWU/xvLscfziKvF7zyzYH1wA8ZKcmfNag0RwdLyFgbw+bwQWOOOlPUwtmb8wAbgOLCdgWm+EmmAPX3dtwUZ8rGpRIQxoMUV4wJFaeoguEAsRPw6s91Jk27T4+JuZzUS1g96raF/V+uRPLGtWe+SQPzNDSvls9fZDtdiFM/vLJ8n+eYdpD8ITkFJ6cCDjo93AJA9c70i1Uha8Ky/Q+zGCAr3757VhPoSKBzENcXndtq7wSzOLD+6mQ0WeAtzkjf75+b9nU1NOq2XiOf6jnk54ok3vZyDc3+x+xzuA7UX705CTUO7nwE36Z0ZGWX8rO7Iqq+PGn0Gk44JpfjuRSmBgX0lwQFY8KKh10iF+y5sOLQ7BwHtvSSktGTDMWZUGLLftruNwD76FdBqNrLhV25/QzyGSJczRSx0CL8hHPouItjPMxhDeHYXHvW+2OXYmQfMGXz58NfQfpzAz+jD2ACRawzomHDJkYVC61ZUYnpbqygAMD2Kvn0VRkCoYBGVlFRFbWY83jGBJCH0j9HhC5ifgX+t8GBxS6ARHzAUCdD+luHgiY04AyVZBan6UY12+KoNkT0O5wNcSpsXpMUO3C1YMD9+VW3BltV4F/JBo5G8jVHGazTvm1SJ+NXh+TOwq064rQzjOZCfDU8dKiX3VuIriGTZpK4ePgK025Yj+cXUqNVzfjkDL9ZLexUhJBDB2E+bNw731b110qAFUjIXQT6BxfxOjjqtaTcLxJ1VbWL9EEvxUkwmeCGIN/pY+YkTj8/RCVWRY=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB6PR0701MB3047.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(376002)(39860400002)(366004)(346002)(136003)(396003)(66946007)(66476007)(91956017)(76116006)(186003)(66556008)(55016003)(83380400001)(64756008)(6916009)(8676002)(52536014)(66446008)(316002)(8936002)(38070700005)(86362001)(6506007)(53546011)(41300700001)(478600001)(7696005)(9686003)(26005)(2906002)(44832011)(33656002)(71200400001)(5660300002)(82960400001)(166002)(122000001)(38100700002)(966005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?dmWzuHtc5zx3ebz5cV6JVn5dZQGOYQMfzzwkQAkzLmSm4fnzfUCjAR/3?= =?Windows-1252?Q?Zz3yUyuMZgRBsa+EHLx0n8JkFTP+ayZzR1ydeUzO4CKUa1cX/MdAkGsp?= =?Windows-1252?Q?OR1Yz2IbBkIYskrjKqHpBUYFzOm/ONZFhf/tbBnWJT1MOZeceXGNbgPf?= =?Windows-1252?Q?iDWuvXf+iY7Te+aymn1t1JX3MhMb5RX2lJecEQ5vdXvyI07oZf28xIqB?= =?Windows-1252?Q?IOngMgrQ/bD+hrv2WIlGRosvQytaDoyClptpueUbvz45QNiqhiEpYtql?= =?Windows-1252?Q?RD+Tfah7MLC8/0lTxlTFTGHeNxmcXmIrK6HaA7QtAGWWEIxdG0yp1wnL?= =?Windows-1252?Q?T/8SiPZnq3Zzg848on/zwc3HhOufpHWQNwXljtmDcbp8GJyb6OmhLmwF?= =?Windows-1252?Q?LuHL+5Kaf9JDIb93zNIz6XimMBHmKV3OmZJBgIE85FHrV7cCFi1gyu1A?= =?Windows-1252?Q?MYP8b4uc16wv3sXzNKpTeSybFzczyImz3PAUwopAaHxBa5tXIU/O2X3K?= =?Windows-1252?Q?XCmRd5p2fJqsM/5odK2ezWfUFyS5s3OutPn0nYQf+DKqGLxGE2ddXy4S?= =?Windows-1252?Q?PqO/46SMmdS1XmLfc0hWA3AWcv3kPC+kqKMavYOzOYQUPP9H9z9XXNZm?= =?Windows-1252?Q?SbtuR09qodpBt6Heg5b/ZOFQZVQEIbbxOtvwLKXDAOZ1h7ah1aDIPuJN?= =?Windows-1252?Q?bJqgUnh6HeF06hte9cDsKZca+YsfbvyWhq4akj6EDTxKy1v11Zvptypx?= =?Windows-1252?Q?nos7uZ8vDdlfc4JS0VlvImLDLyNRotBNFsGXFDow1RItjfKRbm4yq7N8?= =?Windows-1252?Q?s3y8L0Mmvwqib8pfHqk685+ECxg9XajvTXD/tCKeiMTNqifCua37SUIO?= =?Windows-1252?Q?08rlzCMQk1K1ixED/hdiMbq8cNxRF2GJryz8gQUIHcE8VzUiIEUODvpY?= =?Windows-1252?Q?U1M5jZINcAriQcSFBn6RCChhn1lMy98ZdH5Sis6Htk2n1mreuQQKVZGY?= =?Windows-1252?Q?uU+bN/VkZ2s6v+Nvn73b58W1D2Woc+O34W3YiFc37KOd0LDwOk/oCF12?= =?Windows-1252?Q?ifRJhMDTslzZRQo9aCE+VPJzvy0foHlsMzWBT9dIcVYuan9E6Lhy0IkG?= =?Windows-1252?Q?4Czw11POXFIeGzoC4UwVJYVSTQVniQt+F5js2xPd9iSBh/PFWfAU4Ujy?= =?Windows-1252?Q?uSTny2bbKJrDDvOPN5ePwwEZFe6GQ1oLx8twp4cTBbN3VfnRVl8SpY1E?= =?Windows-1252?Q?yM8+cbP1evnhqCZ14k26qXXELcRot/zcVlmBDzKWbvPjECSuGMutCWLv?= =?Windows-1252?Q?baifwZNzjSphF40fp0U0RBtEF4yaYwwU0ouv2rxMdNaNZqsM/Shs1FTx?= =?Windows-1252?Q?KkldXTKxaN2Ti0/iM5YKDsctpH6NuVfbNpPa/CHOqIDXViDBhJKN+41V?= =?Windows-1252?Q?RdiP7jtyg8uUw3yL/lDArT+lmde3PiM/npRfq6+b/a3sfcUiaviK9jDB?= =?Windows-1252?Q?iDu7LKNCry5qzmhUlGLCr+2dm8W20RzS4+Q3KZqURK/cFjBUFocTA7oJ?= =?Windows-1252?Q?lcan0LzLzES12nvNt9JO7co0BsA/ih59aV7jGJOedfsUdllwOfHl/ZsH?= =?Windows-1252?Q?3BV+8SWc3LXTL/iUur5gYKpP7LV5glOoCm6tO4jhoeM3tpHkGXI6G3lM?= =?Windows-1252?Q?GWHGjwwjkpCYe4e3FcDgQs5rGY3YI5H3zbToR1HcuOcVvcp/6k6EEGb4?= =?Windows-1252?Q?Kws60KWnfirYAzAgM5k=3D?=
Content-Type: multipart/alternative; boundary="_000_DB6PR0701MB3047BDAE6865482D761B451989619DB6PR0701MB3047_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB6PR0701MB3047.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bb6a81f3-32b3-45d8-f574-08da7783c3c2
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2022 08:15:03.4476 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: BPgJQUqMcFP9uZrKh9gflpmPiflqZXOTHogXGY6TG1ZEJHygHbW1wmnHDWJB+RYGu8/7BW0F+FoQUo7DEy1THvojWtLyS794zkQHnnnQRq0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB6060
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/P2PXAfe0280s2viO8hZScOWqk0M>
Subject: Re: [Emu] Author review of draft-ietf-emu-aka-pfs-07
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Aug 2022 08:15:13 -0000

The correct link to the Diff is

https://www.ietf.org//rfcdiff?url1=https://www.ietf.org/archive/id/draft-ietf-emu-aka-pfs-07.txt&url2=https://raw.githubusercontent.com/emu-wg/eap-aka-pfs/master/draft-ietf-emu-aka-pfs-latest.txt<https://www.ietf.org/rfcdiff?url1=https://www.ietf.org/archive/id/draft-ietf-emu-aka-pfs-07.txt&url2=https://raw.githubusercontent.com/emu-wg/eap-aka-pfs/master/draft-ietf-emu-aka-pfs-latest.txt>

Cheers,
John

From: John Mattsson <john.mattsson@ericsson.com>
Date: Saturday, 6 August 2022 at 10:12
To: emu@ietf.org <emu@ietf.org>
Subject: Author review of draft-ietf-emu-aka-pfs-07
Hi,

I did a thorough very trough read of draft-ietf-emu-aka-pfs-07. I found several minor things that I think should be fixed:

- Fixed all names with non-ascii characters including my own. -07 dispays non-ascii characters in some of the references wrongly.
- I fixed all the idnits (to long rows and not mentioning update in abstract).
- Fixed the xml code for the references. They generated weird output when using the lastest version of xml2rfc.
- Added a formal reference to 3GPP TS 33.501
- Added proper figure captions and use of align center
- Reformated and aligned the figures. They used different horizontal and vertical spacing. No technical changes to the figures. They now use the full width.
- Renamed the new "Key Derivation Function" field "FS Key Derivation Function" in AT_KDF_FS to avoid confusion with the existing field.
- Split the quite long security considerations section into subsections.
- Removed mention of (R)UIM and added more explanation of USIM and SIM card. R)UIM has been superceeded by CSIM on UICC.
- Added that requirements for generation, validation, and processing depends on the curve.
- Added missing point validation for P-256
- Fixed some incorrect references to elliptic curve crypto.
- Processing “start again after validation falilure” apply to all curves.
- Added privacy-friendly to several places to align with the requirement in -07
- Added section on Unprotected Data and Privacy to align with BCP on pervasive monitoring.
- Added section on Post-Quantum Considerations. This section also describes that EAP-AKA’ FS can easily in the future be expanded with PQC KEMs.

- One issue I found is that the interactions between AT_KDF and AT_KDF_AT are not specified. The Specification is clear on how to derive keys when AT_KDF in {1} and AT_KDF_FS in {1,2} but does not give any descriptions on how other future combinations are supposed to work. For example, what happens if someone registers AT_KDF = 2?


https://github.com/emu-wg/eap-aka-pfs/issues/25

Currently suggested changes can be found on GitHub
https://github.com/emu-wg/eap-aka-pfs

A Diff can be found here:
https://www.ietf.org//rfcdiff?url1=https://www.ietf.org/archive/id/draft-ietf-emu-aka-pfs-07.txt&url2=https://raw.githubusercontent.com/emu-wg/eap-aka-pfs/master/draft-ietf-emu-aka-pfs-latest.txt<https://www.ietf.org/rfcdiff?url1=https://www.ietf.org/archive/id/draft-ietf-emu-aka-pfs-07.txt&url2=https://raw.githubusercontent.com/emu-wg/eap-aka-pfs/master/draft-ietf-emu-aka-pfs-latest.txt>

This current changes on GitHub includes a solution to #25 but I not sure that it is the correct solution.

I have not discussed with Jari yet. Comments on anything above is welcome. I expect that we will submit -08 quite soon after vacation. As discussed at IETF 114, the plan is to progress the draft during fall.

Cheers,
John