Re: [Emu] Short review of draft-friel-tls-eap-dpp-01

Dan Harkins <> Wed, 28 July 2021 16:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 717723A165A for <>; Wed, 28 Jul 2021 09:16:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Eu6w7z9siY_L for <>; Wed, 28 Jul 2021 09:16:06 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 40CD33A1659 for <>; Wed, 28 Jul 2021 09:16:06 -0700 (PDT)
Received: from ( []) by (PMDF V6.8 #2433) with ESMTP id <> for; Wed, 28 Jul 2021 11:16:05 -0500 (CDT)
Received: from blockhead.local ([]) by (PMDF V6.7-x01 #2433) with ESMTPSA id <> for; Wed, 28 Jul 2021 09:14:47 -0700 (PDT)
Received: from ([] EXTERNAL) (EHLO blockhead.local) with TLS/SSL by ([]) (PreciseMail V3.3); Wed, 28 Jul 2021 09:14:47 -0700
Date: Wed, 28 Jul 2021 09:16:03 -0700
From: Dan Harkins <>
In-reply-to: <>
Message-id: <>
MIME-version: 1.0
Content-type: text/plain; charset=utf-8; format=flowed
Content-language: en-US
Content-transfer-encoding: 8BIT
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
X-PMAS-SPF: SPF check skipped for authenticated session (, send-ip=
X-PMAS-External-Auth: [] (EHLO blockhead.local)
References: <> <> <>
X-PMAS-Software: PreciseMail V3.3 [210725] (
X-PMAS-Allowed: system rule (rule allow header:X-PMAS-External noexists)
Archived-At: <>
Subject: Re: [Emu] Short review of draft-friel-tls-eap-dpp-01
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 28 Jul 2021 16:16:12 -0000

   Hi Alan,

On 7/27/21 10:50 AM, Alan DeKok wrote:
> On Jul 27, 2021, at 1:23 PM, Owen Friel (ofriel) <> wrote:
>> [ofriel] the goal here is to push the provisioning info (e.g. CA roots, peer identity certs) inside TEAP using existing TEAP mechanisms e.g. Trusted Server Root, PKCS#7 TLVs.
>    That presumes everyone uses TEAP, all of the time.  This is likely to not be the case for a while, if ever.

   Well that's what we're trying to address. Making something more useful
is a goal and the fact that currently that thing isn't quite as useful as
it could/should be shouldn't be a reason not to make it more useful.

>    TEAP also has the issue of bootstrapping.  RFC 7170 Section 3.8.3 described an unauthenticated provisioning mode, but suggests that Phase 2 still has mutual authentication.  It's not clear how the parties can identify each other in that case.  The document appears to be silent on the topic.

   I think you're reading a bit too much into "provisioning mode" here. 
was never an intention in TEAP to allow for the PKCS10/PKCS7 exchange to be
done after an anonymous Phase 1. The anonymous Phase 1 was used to get a
tunnel up in order to facilitate an exchange would would make the TEAP 
be mutually authenticated. The text in 3.8.3 implies that Phase 2 always 
an unauthenticated Phase 1 and Phase 2 MUST be mutually authenticated.

   An RA (which is what the server is acting as on behalf of a CA) needs to
authenticate the user before it passes the CSR off, that's (part of) the
service it's providing. Otherwise we'd end up with Kevin Mitnick getting
a certificate in the name of "".com". That would not
be a trustworthy CA and it's certificates would be useless garbage.

   So the "this topic" you're alluding to is not really what 3.8.3 was 

>    This draft solves that issue, among others.
>    For example, what about the use-case of Eduroam?  10,000 students show up to a university which uses a private CA.  Assuming that all of the devices support TEAP, they are still unable to perform "mutual authentication, and TEAP becomes ToFU.   Similarly, DPP may work, but that requires creation and distribution of new keys
>    In contrast, the user work flow here is "connect to Eduroam, log in with your username and password".  It really can't get simpler than that.

   *That* use case can't get any simpler. The 10,000 students can enter 
username/password on their 10,000 laptops. That's not what DPP or TLS-pok is
dealing with. It's 10,000 sensors with no practical user interface. Eduroam
doesn't work for 10,000 sensors with no practical user interface.

>    The first stage of this proposal requires no changes to existing supplicants.  A simple client-side utility can perform the requisite actions, and configure the supplicant.  Running code is available:
>    The core of the work is a ~300 line Python script.  OS vendors could ship this today.  Network administrators could add a few records to DNS/WWW.  Getting EAP connectivity then becomes trivial.  It requires minimal coordination, and minimal new software.

   So when I go to that URL it has some requirements for simple deployment.
"All that's required is that the client system have... 3. a username...
4. a password".

   Again, trying to put a username/password on 10,000 sensors that have no
user interface and assuring that the RADIUS server to which these 10,000
sensors will be authenticating using Eduroam have all the right info is the
pain-in-the-ass we're trying to address.

   I don't think you're trying to solve the same problem we are.

>> We are trying to avoid wheel reinvention. The novel bit here is the mutual authentication in the TLS stack based on the already defined Wi-Fi Alliance DPP bootstrap key.
>    The spec doesn't require (or use) DPP bootstrapping.

   It uses the key extracted from a DPP bootstrapping process so I think
you're doing a semantic exercise here-- a distinction with no difference.

>    This draft is different from a number of related issues in that it solves a different problem, and in a different way:
> * it leverages web PKI to bootstrap TLS-based EAP methods
> * it does provisioning over standard internet protocols, instead of extending the supplicant.
>    I think both of the above are useful.  Using EAP as a generic transport layer for provisioning seems like a poor choice.

   Nowhere do we propose to use EAP as a generic transport layer for 


"The object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." -- Marcus Aurelius