Re: [Emu] EAP-AKA' and Re: WG adoption call for draft-arkko-eap-aka-pfs
John Mattsson <john.mattsson@ericsson.com> Sat, 06 April 2019 09:10 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA1B012030E for <emu@ietfa.amsl.com>; Sat, 6 Apr 2019 02:10:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0FLlx4KtXfsr for <emu@ietfa.amsl.com>; Sat, 6 Apr 2019 02:10:11 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140087.outbound.protection.outlook.com [40.107.14.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE255120004 for <emu@ietf.org>; Sat, 6 Apr 2019 02:10:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Bw//iyr1P2c4PGenkMrVarQDocn4oz30sTJDpVOzVm8=; b=dyNVtgMBG+Zw6SAx+yAbOcHVER5H2Dcs3pJfi1F83YwKgK0p2bKf8nbOEn/LBmVxlGOnhRkvHkQ9eqU3J6T8jyz7rqdFqzwAPCduBjl3DQMRZC6GvJbc8uMFX4YWqjdfzn0PuC4lRe9Rj+ok2hgp8LzuHgciDPRlR27SHa4QJWM=
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.166.22) by HE1PR07MB4364.eurprd07.prod.outlook.com (20.176.167.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.8; Sat, 6 Apr 2019 09:10:07 +0000
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::d49e:f22a:1e0b:f888]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::d49e:f22a:1e0b:f888%5]) with mapi id 15.20.1792.007; Sat, 6 Apr 2019 09:10:07 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: 'EMU WG' <emu@ietf.org>
Thread-Topic: [Emu] EAP-AKA' and Re: WG adoption call for draft-arkko-eap-aka-pfs
Thread-Index: AQHU7FiHcL9PDuOrKEez1ygtOt6UZg==
Date: Sat, 06 Apr 2019 09:10:07 +0000
Message-ID: <7478CD5B-219B-4929-BD3E-0798E41F1B90@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.17.1.190326
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [82.214.46.143]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3501fbf3-809d-43b2-35e6-08d6ba6faa1e
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(7193020); SRVR:HE1PR07MB4364;
x-ms-traffictypediagnostic: HE1PR07MB4364:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <HE1PR07MB4364B46353E5B2677237E41789520@HE1PR07MB4364.eurprd07.prod.outlook.com>
x-forefront-prvs: 0999136621
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(366004)(346002)(376002)(396003)(39860400002)(189003)(199004)(53546011)(6506007)(476003)(6116002)(6486002)(44832011)(6246003)(3846002)(2616005)(105586002)(2906002)(6306002)(6916009)(6512007)(316002)(229853002)(86362001)(58126008)(66574012)(5660300002)(14454004)(36756003)(486006)(966005)(53936002)(478600001)(82746002)(561944003)(256004)(71190400001)(25786009)(305945005)(33656002)(99286004)(102836004)(83716004)(14444005)(6436002)(71200400001)(8676002)(97736004)(8936002)(66066001)(26005)(68736007)(81156014)(106356001)(81166006)(186003)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4364; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: TvTpMVcoxC7NBinBmMuvOsYI7jk19QRqVqUHgPAUeeWM9ZpiKH6zQ1K9Vx+5YpUuNcwVXLhACyHXNWQ79QQBshzuTHmvsF/YjBY8Cu00lXhnhe2EnqXvJcFEhGTnpZGaPp5n+u6e3+3xgC15ydqFM/S7LiRP1yRPgLESngrpzIqMCkeyBX7y6T13T5kM5SrbWKkwRmf+VJxWlEG6rUB/ZBaNIvDikKKJ0V+kNqBczHeE1YQEah9JpY3VeMK5LDVVZzSdH9TFoEusQt78yvkItyElPyIGC/YjgluI5ObLGKCUp2f/E6cXfI1+I0OsZR4idYJR7D9Vsn08bcuOUMZ2Rk7kleCftxR37rUtgkyqfZJWNrRvu0NMOQs2+OBuC1Y6OoVfaKsgkOYu7cwbzhs9mDn9QZqvwfvrzG9lKCojhJ8=
Content-Type: text/plain; charset="utf-8"
Content-ID: <57445E327CD33348A4B69FE103A2A0B0@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3501fbf3-809d-43b2-35e6-08d6ba6faa1e
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2019 09:10:07.6255 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4364
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/mc3iCXqsjbPgu2NK1usxdO_vtC8>
Subject: Re: [Emu] EAP-AKA' and Re: WG adoption call for draft-arkko-eap-aka-pfs
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Apr 2019 09:10:14 -0000
I think it is of utter importance that PFS for AKA gets published and deployed. The great SIM heist was a disaster for cellular security. The extension of the heist is not known, and the report from Gemalto was a joke trying to sweep thing under the rug. Potentially billions of secret keys where compromised, enabling pervasive monitoring on a global scale. The heist did not only enable tracking of users, but also passive eavesdropping of communication from these devices as well as installation of malware. https://www.kaspersky.com/blog/gemalto-sim-hack/7774/ https://theintercept.com/2015/02/19/great-sim-heist/ https://motherboard.vice.com/en_us/article/4x354b/worlds-largest-sim-card-maker-has-no-clue-whether-it-was-hacked-by-the-nsa Even if AKA is primarily a 3GPP technology, IETF has a very important role to play as a driving force and guardian of security and privacy for all Internet users. IETF took an early stance in fighting pervasive monitoring everywhere and BCP 188 requires IETF work to mitigate pervasive monitoring when possible. Providing perfect forward secrecy for session keys has been identified as one of the easiest and most efficient ways to fight pervasive monitoring. John On Apr 3, 2019, at 1:37 AM, Joseph Salowey <joe@salowey.net>; wrote: > > Thanks for reviving this thread. I agree this is important work, but we need to have consensus to bring the item into the working group. I think the IPR issue is the main sticking point. > > I'll note that RFC 5448 has a similar IPR declaration and both documents are targeted as informational. Some possible ways forward: > > 1. Come up with an alternative proposal. Since no one has already stepped forward I don't think this is realistic. > 2. Accept the document into the working group. > 3. Reject the document, which will force the work to go through the independent submission process, which will probably result in less broad and thorough review. > 4. Amendment to the license terms of the IPR - I have received no indication that this will happen > > The document will likely get published in either case 2 or 3 above. I'd like to work through this discussion over the next few weeks so please voice your views on this thread. > >Thanks, >Joe
- [Emu] EAP-AKA' and Re: WG adoption call for draft… John Mattsson
- Re: [Emu] EAP-AKA' and Re: WG adoption call for d… Michael Richardson
- Re: [Emu] EAP-AKA' and Re: WG adoption call for d… John Mattsson