Re: [Emu] Question for draft-ietf-emu-tls-eap-types-03

Alan DeKok <aland@deployingradius.com> Fri, 02 July 2021 19:01 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02B813A289B for <emu@ietfa.amsl.com>; Fri, 2 Jul 2021 12:01:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id up5uhZOB5wmR for <emu@ietfa.amsl.com>; Fri, 2 Jul 2021 12:01:48 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBF663A293C for <emu@ietf.org>; Fri, 2 Jul 2021 12:01:39 -0700 (PDT)
Received: from [192.168.46.129] (24-52-251-6.cable.teksavvy.com [24.52.251.6]) by mail.networkradius.com (Postfix) with ESMTPSA id 64248389; Fri, 2 Jul 2021 19:01:37 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <79e7dff7-c473-762f-b7f4-3d056b6953fe@lear.ch>
Date: Fri, 2 Jul 2021 15:01:35 -0400
Cc: EMU WG <emu@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <9235E3E6-1346-4481-A7C8-EEFEF4D56A7F@deployingradius.com>
References: <DB6D339A-710C-4EC4-9F8E-4B8602632AE1@deployingradius.com> <CABXxEz8EBUz_y1FmQTE9C8cpF+3vqy-mPCx8CnyUMZ72pNifAA@mail.gmail.com> <SJ0PR00MB1038767373E0DE9E3D7BE0DA95039@SJ0PR00MB1038.namprd00.prod.outlook.com> <C7DBE2EB-82BF-4229-B0AF-4BA48B2D45BC@deployingradius.com> <7332.1624927848@localhost> <4F79B7DB-7E55-4564-88AE-C6E2AF8FD293@deployingradius.com> <26359.1625006432@localhost> <BFA8E5C4-D368-41BF-AFA9-BAA35B666F8A@deployingradius.com> <a02d4815-dbfa-e0a0-99fb-0f53127f2fd1@lear.ch> <13DD39D5-57C4-48D2-868A-C4D530127095@deployingradius.com> <79e7dff7-c473-762f-b7f4-3d056b6953fe@lear.ch>
To: Eliot Lear <lear@lear.ch>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/ihxYVyzfC09A_RthlmCHqQ_WwNQ>
Subject: Re: [Emu] Question for draft-ietf-emu-tls-eap-types-03
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jul 2021 19:01:53 -0000

On Jul 1, 2021, at 10:08 AM, Eliot Lear <lear@lear.ch> wrote:
> 
> On 01.07.21 15:23, Alan DeKok wrote:
>>   TEAP is one solution, but I don't think everyone is going to move to TEAP overnight.  It would be nice to have solutions for existing (and deployed) EAP methods.
> 
> Perhaps I lost the plot, but what do you propose?

  Less of a proposal than trying to define some requirements.

  EAP isn't used in a vacuum.  The current specs define the base protocols, but leave pretty much everything else undefined.  This means that people deploying EAP have to invent and/or discover their own methods to deploy certificates, tie users to machines, tie machines to credentials, etc.

  It would be very nice to say "here's how EAP can be used in the real world".

  Alan DeKok.