Re: [Emu] EAP TLS 1.3 backward compatibility with RFC 5216
Joseph Salowey <joe@salowey.net> Sun, 13 June 2021 23:53 UTC
Return-Path: <joe@salowey.net>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3620D3A158A for <emu@ietfa.amsl.com>; Sun, 13 Jun 2021 16:53:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XEyFyFC6Vf-P for <emu@ietfa.amsl.com>; Sun, 13 Jun 2021 16:53:49 -0700 (PDT)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8117D3A1588 for <emu@ietf.org>; Sun, 13 Jun 2021 16:53:49 -0700 (PDT)
Received: by mail-lf1-x129.google.com with SMTP id m21so17963581lfg.13 for <emu@ietf.org>; Sun, 13 Jun 2021 16:53:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5KFosU1y7gZKxYTdwjAWsU4CGIXU3vaPtBwFxxrfsjs=; b=hhcUkGX9U8dVWki5vyd/0qc6+IdvM4B6gvDPkHMBz8D2NplmcaHnHA8v/nUqgjy1UU bTZpQvdFu07PQ6Lwma3SX8ahsoYfBzAl22zhiTvUFpDLJD7MBKb9lew1fSjr8m4MARXr KSwAQoLCAhglt0hwMeL21nUhAAMhiAgGPem9YBFcCGJu6hZVxQXYl0NzgGpmm3VBbFor trBRiFemYmg0Yzo+U5435E1TEQKHIz551tfiS5p9o7SuaJiqUJuzDcHX0ny9tDhBRVhf 2TLDpY6JK1EOouI63c9vqDoScJlTCG0kwSgrEhFdYiZbBVtf2Atysjk36JHTTqfFJrPl Y4vg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5KFosU1y7gZKxYTdwjAWsU4CGIXU3vaPtBwFxxrfsjs=; b=kdb3WWI8ARysoa8/Ml2n2ZJcGsAzwriXmw/ohGwrG6fHektplPnMiI803s5pOyQLPu wGo3eTfkZknErZBZKs0mKhCfVM9JGo+t7N3sRhrdaezFodQuFtdv9bzqm1roz2vfFqnM vUk+lFM0JH94syTEjLz3dVI5g6TQKOoX6HNpsVFfzzagZV1Hs0a0Dod8oBDIm7uSjq5i up9xMMPxPwow9GekSR0uXfz3UpN138k9PgaXgMoSKqbse2/Mf5cCWqu3x5ApuAG/cx46 Mx+5ojjv2tQ0Vwl7UMEGlLTS94IKGBpFMNPA9/5P/yqBIj3kkmYXxqNUd8lNJlCjnBgb 4aFA==
X-Gm-Message-State: AOAM531UyKKuVyi8RpHiz1n1SFyItd2nKrP39slzpsSBK9loeB/4pTQ/ Bf+otEL5aIqxQba2hjlVV3w0tV65npV5FllYhT6/WA==
X-Google-Smtp-Source: ABdhPJxkwMABsMZphad/2xS95jEOH0FMSnjhYiB9Kay1lQXECNIfW1qyyaf8q64fCaN8q0YoRWDgSqj3RxfCsNHdSus=
X-Received: by 2002:ac2:53ac:: with SMTP id j12mr10029381lfh.198.1623628422473; Sun, 13 Jun 2021 16:53:42 -0700 (PDT)
MIME-Version: 1.0
References: <CAOW+2dv6MMwQHbZCDvEXG1o411KpP6LZ110bWF+s=Wiuw+MTNg@mail.gmail.com>
In-Reply-To: <CAOW+2dv6MMwQHbZCDvEXG1o411KpP6LZ110bWF+s=Wiuw+MTNg@mail.gmail.com>
From: Joseph Salowey <joe@salowey.net>
Date: Sun, 13 Jun 2021 15:53:31 -0800
Message-ID: <CAOgPGoA5-rksrT41AN11Snw-SOaxjcStzGJ0TrANwK-VTaG-XA@mail.gmail.com>
To: Bernard Aboba <bernard.aboba@gmail.com>
Cc: EMU WG <emu@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005e7e7205c4ae735d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/q2hgqsdDwjR9m-4SRLMh4ygWvyo>
Subject: Re: [Emu] EAP TLS 1.3 backward compatibility with RFC 5216
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jun 2021 23:53:54 -0000
On Sun, Jun 13, 2021 at 2:44 PM Bernard Aboba <bernard.aboba@gmail.com> wrote: > draft-ietf-emu-eap-tls13-16 Section 2.1 contains the following text: > > EAP-TLS 1.3 remains backwards compatible with EAP-TLS 1.2 [RFC5216] . TLS version > negotiation is handled by the TLS layer, and thus outside of the > scope of EAP-TLS. Therefore so long as the underlying TLS > implementation correctly implements TLS version negotiation, EAP-TLS > will automatically leverage that capability. > > > I am concerned that this statement is potentially misleading. An > implementation of RFC 5216 that negotiates TLS 1.2 and utilizes the key > hierarchy defined in RFC 5216 Section 2.3 will not interoperate with an > implementation of draft-ietf-emu-tls13-16 that also negotiates TLS 1.2 and > utilizes the key hierarchy defined in Section 2.3 of that document. > > So in what sense is EAP-TLS 1.3 "backwards compatible" with EAP-TLS 1.2? > > The only way this makes sense to me is if it is stated that > draft-ietf-emu-eap-tls13 applies only when TLS 1.3 is negotiated, and that > if TLS 1.2, 1.1 or 1.0 is negotiated, then RFC 5216 applies. > > [Joe] Good point. I think this is missing from the draft. The EAP-TLS implementation does need to know which version of TLS is negotiated. I agree that this draft applies to when TLS 1.3 is negotiated and not previous versions of TLS. > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu >
- [Emu] EAP TLS 1.3 backward compatibility with RFC… Bernard Aboba
- Re: [Emu] EAP TLS 1.3 backward compatibility with… Joseph Salowey
- Re: [Emu] EAP TLS 1.3 backward compatibility with… John Mattsson
- Re: [Emu] EAP TLS 1.3 backward compatibility with… Bernard Aboba
- Re: [Emu] EAP TLS 1.3 backward compatibility with… John Mattsson