IETF Logo Mail Archive

Re: [Emu] Adoption call for EAP-DPP

Dan Harkins <dharkins@lounge.org> Thu, 18 August 2022 14:54 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23EA8C1527B7 for <emu@ietfa.amsl.com>; Thu, 18 Aug 2022 07:54:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zjK2-PFyFtxK for <emu@ietfa.amsl.com>; Thu, 18 Aug 2022 07:54:23 -0700 (PDT)
Received: from www.goatley.com (www.goatley.com [198.137.202.94]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E920C1522C1 for <emu@ietf.org>; Thu, 18 Aug 2022 07:54:23 -0700 (PDT)
Received: from kitty.bergandi.net (cpe-76-176-14-122.san.res.rr.com [76.176.14.122]) by wwwlocal.goatley.com (PMDF V6.8 #2433) with ESMTP id <0RGT0RI5QG2NYC@wwwlocal.goatley.com> for emu@ietf.org; Thu, 18 Aug 2022 09:54:23 -0500 (CDT)
Received: from [192.168.1.153] (kitty.dhcp.bergandi.net [10.0.42.19]) by kitty.bergandi.net (PMDF V6.8 #2433) with ESMTPSA id <0RGT00G3DG2LIN@kitty.bergandi.net> for emu@ietf.org; Thu, 18 Aug 2022 07:54:22 -0700 (PDT)
Received: from customer.lsancax1.pop.starlinkisp.net ([98.97.56.109] EXTERNAL) (EHLO [192.168.1.153]) with TLS/SSL by kitty.bergandi.net ([10.0.42.19]) (PreciseMail V3.3); Thu, 18 Aug 2022 07:54:22 -0700
Date: Thu, 18 Aug 2022 07:54:21 -0700
From: Dan Harkins <dharkins@lounge.org>
In-reply-to: <CAC8QAcfzQHQg4GQNaqG5k9QJ00-CBCPnwdseLUSYQ=me4rGXEQ@mail.gmail.com>
To: emu@ietf.org
Message-id: <a9dc5a50-1dbe-614a-1453-63be90286c65@lounge.org>
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_8aAU87SwJJJB6MkY0KJtbQ)"
Content-language: en-US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
X-PMAS-SPF: SPF check skipped for authenticated session (recv=kitty.bergandi.net, send-ip=98.97.56.109)
X-PMAS-External-Auth: customer.lsancax1.pop.starlinkisp.net [98.97.56.109] (EHLO [192.168.1.153])
References: <01bf01d8b1ac$81233890$8369a9b0$@akayla.com> <CAC8QAcfzQHQg4GQNaqG5k9QJ00-CBCPnwdseLUSYQ=me4rGXEQ@mail.gmail.com>
X-PMAS-Software: PreciseMail V3.3 [220801a] (kitty.bergandi.net)
X-PMAS-Allowed: system rule (rule allow header:X-PMAS-External noexists)
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/mQwwpkLHUPH-vvelUaYZ9SGvFEY>
Subject: Re: [Emu] Adoption call for EAP-DPP
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2022 14:54:27 -0000

   Hi Behcet,

On 8/17/22 2:36 PM, Behcet Sarikaya wrote:
> Hi Peter,
>
> I quickly read this short document and have some comments.
>
> In the informative references section, DPP is listed as Device 
> Provisioning Profile while it should be Device Provisioning Protocol.
> Actually, in the acronyms section the name is correctly given. 
> However, the DPP acronym is not properly expanded in the first use of 
> the acronym which is in Section 1. Also the same could be said of the 
> other acronyms

   Good catch. We'll fix that.

> Also the date of DPP document seems to be wrong, I think the version 
> 1.1 was dated 2018.

   I think the Wi-Fi Alliance has released v2. I'll check and we'll fix 
this if needed.

> Probably more seriously though, the document says DPP does not support 
> wired network access in Section 1 but maybe the authors are not aware 
> that there is something called wired only DPP which is defined in 
> another WiFi Alliance document in Section 2.3.5 of
>
> Wi-i Easy ConnectTM Specification v2.0
>
> This document is dated 2020, maybe the authors should reference this 
> document then the date will be correct 👍🏻.

   The DPP-over-TCP solution will not work. DPP-over-TCP was added to 
enable centralization
of DPP services in devices which might not have an 802.11 interface. 
Think of a central network
server that implements a DPP Configurator that is connected to multiple 
access points in an ESS.
The APs will just de-capsulate the 802.11 frames they receive, 
re-encapsulate them in TCP/IP
headers and send them to the central network server who processes them 
and responds with
TCP packets to which the inverse operation is performed by the AP. That 
said, it is certainly
possible for two entities to speak a complete DPP conversation over TCP 
without the use of
802.11. But as I said this won't work here.

   The reason this won't work is the "Onboarding Catch-22" where you 
need a credential to get
on the network but need to get on the network to get a credential. 
DPP-over-TCP requires an
IP address. How do you get an IP address? Well, after "link up" on your 
wired connection you do
EAP and authenticate, and then do DHCP. But how do you do EAP?

   regards,

   Dan.

> Behcet
>
> On Tue, Aug 16, 2022 at 3:12 PM Peter Yee <peter@akayla.com> wrote:
>
>     This is an adoption call for EAP-DPP
>     (draft-friel-tls-eap-dpp-05)[1]. This
>     document aligns with the charter item to "Define mechanisms by
>     which EAP
>     methods can support creation of long-term credentials for the peer
>     based on
>     initial limited-use credentials." The latest revision incorporates
>     feedback
>     from both the TLS and EMU working groups. Please review and
>     respond to the
>     list if you think this document is or is not an appropriate
>     working group
>     item for EMU by September 1, 2022.
>
>     Thanks,
>
>     Peter and Joe
>
>     [1] https://datatracker.ietf.org/doc/draft-friel-tls-eap-dpp/
>
>
>     _______________________________________________
>     Emu mailing list
>     Emu@ietf.org
>     https://www.ietf.org/mailman/listinfo/emu
>
>
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu

-- 
"The object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." -- Marcus Aurelius

v2.23.0 | Report a Bug | By Email