IETF Logo Mail Archive

Re: [Emu] WGLC completed for for draft-ietf-emu-eap-tls13-05

John Mattsson <john.mattsson@ericsson.com> Wed, 24 July 2019 18:50 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F316C120346 for <emu@ietfa.amsl.com>; Wed, 24 Jul 2019 11:50:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eqikn_KbN4vX for <emu@ietfa.amsl.com>; Wed, 24 Jul 2019 11:50:02 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40066.outbound.protection.outlook.com [40.107.4.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F051120338 for <emu@ietf.org>; Wed, 24 Jul 2019 11:50:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oRj2+s4xPR4AmzXKwdNLkfL1nbx4L555bTedmUd4GsVS0SiFotF7LO9GhCHP8xdPSRvCflpr2rcsnNyvk7XFLKnvBwGMnoh95B21GtEfilwGFMNz91bgekWSoJOxH8LNH1qhk+VTr9jJgLkkicjEXtdmu9LYwq8CP94GcwUk3unwZLQQZ7jiAR5btQmV7R/yKwidJTOTFhb/wam4byvWYBCPsdBQpd6pL5EyC8TelG8tOpGFWR/o4ANHjBizkseGJGOhbtCOdkY6PUc/SEf4c3LSTI4KLaqGN3bV0JvWN1lZgh9KtQyVf39iL0P2yEs/BCWFvwLzo2+rOECrZQnOFQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NHeF2/t32X6glipnYwOQVz4GprdtGaJnqoV2sQFHM9g=; b=TWEVnGTcOJrkl0kPVVAIA1X/gVDXpu6PH7Pg7/JkT4GHTsybDkW3Ssc+SqqAJppaUQqV0gpl7SPnXSuO3zn9DBkeY1Vl3v32vmE17R6dzlYuRM0DNKrtuvpTE6hftbMgv5A3VDqjn8siTon5wvgh9YV2Q1ePaZ0e5jPtqNmXsrUsdKaHDY6IFUJc/qGiOntAGLqFwE6BIf6bdYrFsOoSJRIsna7x3kIcWZXc6KwczTi0yBKjcFqQgSdqi5qO/tqwyaj6tj6PFnTTZnjM2RpdtY9bHbShd4F1/BgQP0B6UsP3kxY3OrQqWoBMPbd9kyUr0be6jL6QwMSYT9BN34NJEw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=ericsson.com;dmarc=pass action=none header.from=ericsson.com;dkim=pass header.d=ericsson.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NHeF2/t32X6glipnYwOQVz4GprdtGaJnqoV2sQFHM9g=; b=lDMkZr3p0vpiFlG2wTo2snAMIvNBAzh0zNR65RDgSLZx5UgNUZd2EdQclrlzGVAdS3w2YgNtC2DyxSSc1e21U47qqj7OnvRNiNTc210zfildszcEuSYWwKbRoykmMHqf5pWvuZUrR+2hBEYVE2WS8i3mDVKovb8HBgrmxNlh7lM=
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.166.22) by HE1PR07MB3338.eurprd07.prod.outlook.com (10.170.247.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.10; Wed, 24 Jul 2019 18:49:59 +0000
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::1511:109f:e33:47b3]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::1511:109f:e33:47b3%7]) with mapi id 15.20.2115.005; Wed, 24 Jul 2019 18:49:59 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Alan DeKok <aland@deployingradius.com>, Jouni Malinen <j@w1.fi>, Jim Schaad <ietf@augustcellars.com>
CC: EMU WG <emu@ietf.org>
Thread-Topic: [Emu] WGLC completed for for draft-ietf-emu-eap-tls13-05
Thread-Index: AQHVLJ8iH9DwhitseU+41GdcwevzkabHkp2AgAClDgCAAHuagIAACE0AgBGt5QA=
Date: Wed, 24 Jul 2019 18:49:59 +0000
Message-ID: <56CF04D0-D093-43EF-A467-0163DA5F9160@ericsson.com>
References: <CAOgPGoCB7VOzjo+ckDhNiApa6ozCDr3zfj6pMVG3ZRfV4RP6mQ@mail.gmail.com> <20190712210819.GA26853@w1.fi> <05B92C31-6CFB-4DFD-BCBD-EE5F3472D7B2@deployingradius.com> <20190713142127.GA32230@w1.fi> <DA0799BE-3F63-4214-9FF6-68CEF4D743C1@deployingradius.com>
In-Reply-To: <DA0799BE-3F63-4214-9FF6-68CEF4D743C1@deployingradius.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1b.0.190715
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [82.214.46.143]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fd40b40c-68a4-4766-bfc7-08d71067bac9
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:HE1PR07MB3338;
x-ms-traffictypediagnostic: HE1PR07MB3338:
x-microsoft-antispam-prvs: <HE1PR07MB3338DF96BB1D5B657840CEE289C60@HE1PR07MB3338.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:5516;
x-forefront-prvs: 0108A997B2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(376002)(396003)(39860400002)(346002)(366004)(199004)(189003)(76176011)(33656002)(86362001)(229853002)(5660300002)(256004)(71190400001)(14444005)(71200400001)(25786009)(6116002)(3846002)(305945005)(6486002)(7736002)(6436002)(8936002)(26005)(14454004)(186003)(81156014)(81166006)(486006)(8676002)(476003)(11346002)(446003)(2616005)(6506007)(102836004)(478600001)(44832011)(68736007)(6246003)(36756003)(4326008)(66066001)(99286004)(53936002)(6512007)(2906002)(110136005)(58126008)(316002)(66446008)(64756008)(91956017)(76116006)(66476007)(66946007)(66556008)(781001); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3338; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: p+ev+iiiZx5ghU9LuGtvorjvEMAgCMXOR6hte+pccGNplfHYL7LIxK/JCJ7PSGBKvLW8tml7t44glHPk281k++4H9wqLX+wf0HLy4/J2Rn0j9digeeDp9b37GYuiX0yQxabwloXuPJkwaU2AZPsp7/Bf3GC4G2d0K7Uq2ydVXLOxv8wliYkG8eBPwwlexjAzT6/oIiO0ANBBgNjxB5ZvWabZ0Jyhz23RPXt3/TfwPumXwvpWywhYRwzv/n76do0LmPHyrxzbXc/JT7pR37VSidwoCkvkKkH7WK17/3ccjHV6svq1eouRjOWRWiZ2H3VZVKpKYXW2CbZeDSE3aE+xQyE3v0/p9kOaloDSC4RImr/ml/7oxMYF/0nGF811lhckJ1+nrjqoiJyXuztC/w+Ty3xyfaSgtk2HlnGprfoIb5w=
Content-Type: text/plain; charset="utf-8"
Content-ID: <1EDFB702FE1269498E65D20975EB9A36@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fd40b40c-68a4-4766-bfc7-08d71067bac9
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jul 2019 18:49:59.6015 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: john.mattsson@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3338
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/pkAhYdYSjNI52Q3AmcYxusn6nU0>
Subject: Re: [Emu] WGLC completed for for draft-ietf-emu-eap-tls13-05
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 18:50:05 -0000

Hi,

Based on the discussion on the list and at the meeting today I suggest the following changes to Section 2.1, 2.5, and figures. When we agree I will make a commit to GitHub and submit a new version of the draft.

With the solution suggested by Jim, there should be no need to force NewSessionTicket. Do we need a figure to illustrate the "or in a separate EAP-Request" part of " The TLS record with application data may be sent in the same EAP-Request as the last handshake record or in a separate EAP-Request."

Cheers,
John

Section 2.1:
---------------------------

OLD
   The EAP server commits to not send any more handshake messages by
   sending an empty TLS record, see Section 2.5.


NEW
   The EAP server commits to not send any more handshake messages by
   sending a TLS record with the application data 0x00, see Section 2.5.


Section 2.5 EAP State Machines
---------------------------

OLD
   When an EAP server has sent its last handshake message (Finished or a
   Post-Handshake), it commits to not sending any more handshake
   messages by appending an empty application data record (i.e. a TLS
   record with TLSPlaintext.type = application_data and
   TLSPlaintext.length = 0) to the last handshake record.  After sending
   an empty application data record, the EAP server may only send an
   EAP-Success, an EAP-Failure, or an EAP-Request with a TLS Alert
   Message.

NEW
   When an EAP server has sent its last handshake message (Finished or a
   Post-Handshake), it commits to not sending any more handshake
   messages by sending a TLS record with application data 0x00 (i.e. a
   TLS record with TLSPlaintext.type = application_data,
   TLSPlaintext.length = 1, and TLSPlaintext.fragment = 0x00).  EAP
   server implementations MUST set TLSPlaintext.fragment to 0x00, but
   EAP peer implementations MUST accept any application data as a commit
   from the EAP server to not send any more handshake messages.  The TLS
   record with application data may be sent in the same EAP-Request as
   the last handshake record or in a separate EAP-Request.  After
   sending the application data record, the EAP server may only send an
   EAP-Success, an EAP-Failure, or an EAP-Request with a TLS Alert
   Message.

Figures:
---------------------------

OLD
                                 <--------          TLS empty record)

NEW
                                 <--------      TLS Application Data)

v2.23.0 | Report a Bug | By Email