Re: [Emu] Identities and draft-ietf-emu-tls-eap-types-03

Tim Cappalli <Tim.Cappalli@microsoft.com> Tue, 03 August 2021 15:36 UTC

Return-Path: <Tim.Cappalli@microsoft.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE3543A2793 for <emu@ietfa.amsl.com>; Tue, 3 Aug 2021 08:36:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.552
X-Spam-Level:
X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X8ncWI4kC6BU for <emu@ietfa.amsl.com>; Tue, 3 Aug 2021 08:36:19 -0700 (PDT)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-eopbgr650137.outbound.protection.outlook.com [40.107.65.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B1393A278A for <emu@ietf.org>; Tue, 3 Aug 2021 08:36:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ibkUQtlKg7zID+QKLUd91bxpJ69H9Mg/x1zHT504LT7oGbBPItT4a2QNhx90vYbR+oqxLzEyVPo1JAZkgXjEc+oztr3DrAsHVEWZgOXkwuU7gncR/A8OOTtwYys6KcbowQfe2lNpuszfS2iCR/sCD8QVql7esiItqhw3ZMQJGKG4gDgoGe33WEVZSjWoVgvXKKev/RQXaoO6O3Tq47GIxaithpbuHT5a2tTxFj/p3RFcubKf0DU3/K9SZbducx4mcTcTzXuLoZVrgoJ9Ho4hpmjs1AX+0DnDYsm21RcF3hUqJndVcncFBEX6O7vXtBGOyWbg4qN04kmkFqAymsOZ0A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OPODCoL39WJuCQZPxbNIhfotqlfsMA/PX0p3a9uKB1c=; b=SEnPJ5etbCLEOHMAXRsWJPSFoNeMQ3ETkxqCk0CyP1sM3hQlLMtHXvyYHwAne/4CoPpyHQsDiurmyrmcYdmQ7oJJy0jos47GOJkyTIoj+mYoEIXwmdqNVlAljBK41/JDNLlajVMKt86dRkBX41NTBpmMx3Mn8pzU/QvOdY2TJTNTj4mCWFDqw3Bt0e1gtffXpS4Q27TTLAIAEWGK38gaEggCNCzLqLTMrAsOPUxuyrCnnTRQ3+/QNbybn/l+bb+ArTCHH3u77rd0dQGX78cBBLDw2sbqY6b7sLVK9SANRDZpLsLdUrk3gI/PEwfPx/Q5Gm3TdhTXWVv1LnTJwA5Ijw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OPODCoL39WJuCQZPxbNIhfotqlfsMA/PX0p3a9uKB1c=; b=bk8khe/CINZf97PAR77QAF4lzClsEvzwLePIwmrlRwNdl+0fIEYRwQxCPrk1hxj/gpi60NVjkfG4h9RBHudp+nivsuuu3L5Nc4anP+u7C1MpVRs7bw8eO7CkrQ5XePxzWTXmOpvxpcXWQW0KQxP1hbyVdqms7GrBZ4xQWfDFIOg=
Received: from SA2PR00MB1002.namprd00.prod.outlook.com (2603:10b6:806:11a::8) by SN6PR00MB0350.namprd00.prod.outlook.com (2603:10b6:805:c::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4430.0; Tue, 3 Aug 2021 15:36:16 +0000
Received: from SA2PR00MB1002.namprd00.prod.outlook.com ([fe80::7861:b7ec:b9c2:21db]) by SA2PR00MB1002.namprd00.prod.outlook.com ([fe80::7861:b7ec:b9c2:21db%7]) with mapi id 15.20.4431.000; Tue, 3 Aug 2021 15:36:16 +0000
From: Tim Cappalli <Tim.Cappalli@microsoft.com>
To: "aland@deployingradius.com" <aland@deployingradius.com>
CC: "emu@ietf.org" <emu@ietf.org>
Thread-Topic: [Emu] Identities and draft-ietf-emu-tls-eap-types-03
Thread-Index: AQHXghPUZx++8U9H3kG6COe1gsBotqtbweqAgATzoAaAAQoQAIAAHAWjgAAN9wCAAAbmCIAABbCAgAAAI2Y=
Date: Tue, 3 Aug 2021 15:36:15 +0000
Message-ID: <SA2PR00MB100296B159714BA29D86C92495F09@SA2PR00MB1002.namprd00.prod.outlook.com>
References: <502A7B31-1177-477D-B177-D415BAF67E61@deployingradius.com> <F810992C-CD75-493B-ABFB-F56AB838C90F@deployingradius.com> <CO1PR00MB0996467D20415461A83119EA95EF9@CO1PR00MB0996.namprd00.prod.outlook.com> <010AEE0C-2B4B-456B-8022-5FCEF2D6A5CB@deployingradius.com> <SA2PR00MB10024E64C25E84C753A1C78D95F09@SA2PR00MB1002.namprd00.prod.outlook.com> <401598CD-BB36-413A-A866-8ADD9EDAC4ED@deployingradius.com> <SJ0PR00MB100665A734958F27868A9F6695F09@SJ0PR00MB1006.namprd00.prod.outlook.com> <EC62B1BA-E8C9-480E-BC7B-C922AC4A473A@deployingradius.com>
In-Reply-To: <EC62B1BA-E8C9-480E-BC7B-C922AC4A473A@deployingradius.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-08-03T15:35:47.8649904Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard
authentication-results: deployingradius.com; dkim=none (message not signed) header.d=none;deployingradius.com; dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d722e703-9ade-4dc0-cc20-08d956946e9d
x-ms-traffictypediagnostic: SN6PR00MB0350:
x-microsoft-antispam-prvs: <SN6PR00MB03506249790DE972BC7F9A5195F09@SN6PR00MB0350.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:4941;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: svwCrweMVvgU9neovxkzWaEsF3hPgYWFUKtU5IR63G9WJm7tA0UZTYSIGq4XhRuB36ikEVW8I/0gSL7YHGcXPet9GMB4QdVuAWgAmXeK24nT9wi3LKCva/NiuqxnQHq7Ng41hAkZ5xJehH7LEfCfO0b47T6cgQmKdJpFqZ7DOFOJ4buUDE3dB1BGeq8qQx0NUML3QfhxfrL0a5C5Q3JA7EEvYT/LCUPndcDZm+mr7rO0SGNnCVCpluijxCAZ2taTFOzRzv94o/0nlnhW7/sbKeHLylGJ/C6fdCwpjvEsMrsBZ2ErE0nN4ec1Mnjddn5S+BAEX8hjwTrq/THVAYb8fyRgMlBKuyptyC2Wf9l05qrw+FPenlNEc/HDptp5UiBT7r9zMn9oqEDNMpx4ddl6gGUljiDvpCUEWpENX78+TGE6y2nxdGZ5SeDJDqB2839kUzNStRrTqaB6opln5YhZ0S4UqDOAztsP+bbmyY5ap4JM73sQ0CZV0Yc2nl+SZMyF9D0l1Bs9ThxZe0S9iwcMnwya5MmQR15lF0MEmBTugQG6IbKJzCzS2ku7RxZEOaIuUQb+KN2wcJ69GmwEVkxg6I7nkGDVXVMraLPKATJyoEDNdUm2f1CYOvQwTrdGKyk3M0BI+vjjx1dpCqyxneSSEjmtIuoQ7Y+3QYCw0YflFFO5PM4z1WagzMELMGDT5Gl8e3jDVRZD9EAyHesZdDX2Aw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA2PR00MB1002.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(6506007)(8676002)(2906002)(53546011)(86362001)(10290500003)(122000001)(7696005)(186003)(9686003)(55016002)(38100700002)(316002)(38070700005)(8936002)(66446008)(66556008)(5660300002)(52536014)(8990500004)(33656002)(82960400001)(82950400001)(6916009)(4744005)(91956017)(76116006)(71200400001)(4326008)(66476007)(66946007)(64756008)(508600001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?4KCi/qbXN0MIF/qAeUKVI6ONIoBOaGTe7CI8PJIAU6OpSSIazy46hSRSoI24?= =?us-ascii?Q?hTMsXOOKyeuo10YQ5V+9rE7mNZlpIDD9aIw81uFjGKQ94EfukPz1ykR2ZgD9?= =?us-ascii?Q?OwYsz42wqT6HFBOJpBZQQ4tbRM8UG52Qli03phSR3Z07XNCRlDCpp4bDj7cd?= =?us-ascii?Q?rSwbqjIpMlEd5UsVPqXd/5U3QshJ1cN7ypI0QkcScUs5UFM8NXVJ6OyUcL0a?= =?us-ascii?Q?bnZO553VehVOarDA5OxKql71fFM/A3arprh1cPsk4G6G4R9mcD4Ti9auSGp/?= =?us-ascii?Q?AP10ooXen6bM8DuWKA2Ii3XZ032+i13QcmMD7afvJbUMj59rtuLnAkWSdKdo?= =?us-ascii?Q?3DUug0FGcU3VaZzw29DIKhuv8smbIY81r6/yUsKfqmL1oP8E42OJJZuTC0ce?= =?us-ascii?Q?uMjA3K9ytK+6YQHgnHmkFx5q2OZa3V0YetujIAQmexrIGFpnApIVLNEg7WR4?= =?us-ascii?Q?KsvONJioJeW3gVbRTxbkR8LIPQ61FKHjLuaIW0qwBOpJFdzqTZ1OTc6j6UeV?= =?us-ascii?Q?U/ckFbW7WvSNnHPdj7FZN0jrmc3bD0qi1wwijOR0GNQoIPPP/Xk/teyPl1vO?= =?us-ascii?Q?QFo/xZu/T3Mk79uA05U0Wbj90WbuGpa3qi8FVkefPTTSrRmlZ+nXkqeUZwVT?= =?us-ascii?Q?0xA6+ynT9j3ElnkmCu098ikNsqY7051KZOsGMyt8aSx/k44jU/QhZdJmd7HW?= =?us-ascii?Q?Qkv5fJuXnaTTmnxKOWYVIOJjOKlcjmdq0AVZzr1F15+PHZ4oCsBeHquoeM0E?= =?us-ascii?Q?igVB3t7ug9rqtIvg7VP1KaGyYz57wB0z3IYfU4CNB9Y+RieR9ANT3ls2hpSm?= =?us-ascii?Q?wgBrWtg02OJfSPicvq1coukcaY/kpSNXyHmKjCX2zjq/c9Hg39fwKw7U5YSl?= =?us-ascii?Q?MLRmY1U6T0eCglrcicSrlBYp/VcMBdkk4IxZRwUkXfzEQbCLoRU3eanaB0gJ?= =?us-ascii?Q?JEwhDiKZNtph7qqJ136wbVYoR/cfEpkmmhkkzY4/CXq/hlJvMy5Eufm7N4st?= =?us-ascii?Q?kxWO23a5KKpt1fJWdF9I3+SUV6SWGYGlEM8DExszBHm3gkraGoIlGAvu6BxP?= =?us-ascii?Q?CiGV1fRbYvjnukMRQcPMPASMkn9T4/yisvh7qFvkfdY5qtqVBur028Ef/sXe?= =?us-ascii?Q?ocUE72gaTk8r35kjtK90JFhVhWZRZ8dI50Aozse+ljh5IScTE68QSKegg0/m?= =?us-ascii?Q?d8V76wG/GIIEgqqXFW+jN7WIp83VOuPRbtMQsxgIf1vsVufntZx90dt3trwr?= =?us-ascii?Q?uUYrL+lL2SElpPqfAW04w+GtLi0e3I9miLyByt2silYNFbx7jOpnvBIhfeWL?= =?us-ascii?Q?XF/DvEwFx4zigiZMnRckBIEBO+4fju8aZ5TYV1QGlTip9Q=3D=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_SA2PR00MB100296B159714BA29D86C92495F09SA2PR00MB1002namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA2PR00MB1002.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d722e703-9ade-4dc0-cc20-08d956946e9d
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Aug 2021 15:36:15.9972 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: hVOwiJhwoiDED3cxn/H1y5x/K+883E5kgQ6NyLq9hv+BgEOru2G4hc5a7onl5ssjrx6aphvAhnpWnOv5TqR8UQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR00MB0350
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/qT3O3TQXa9s-aqz0WupUiNG1dko>
Subject: Re: [Emu] Identities and draft-ietf-emu-tls-eap-types-03
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Aug 2021 15:36:25 -0000

Yes, they do, which is why I brought it up.

It is becoming even more common with Passpoint becoming the preferred deployment model.

From: Alan DeKok <aland@deployingradius.com>
Date: Tuesday, August 3, 2021 at 11:35
To: Tim Cappalli <Tim.Cappalli@microsoft.com>
Cc: emu@ietf.org <emu@ietf.org>
Subject: Re: [Emu] Identities and draft-ietf-emu-tls-eap-types-03


> On Aug 3, 2021, at 11:15 AM, Tim Cappalli <Tim.Cappalli@microsoft.com> wrote:
>
> An EAP identities only apply to 802.1X, so yes.

  What I meant is to ask if sites really do use multiple different realms with EAP, and do so with cloud providers.

  As I said, I haven't seen this use-case, and I haven't anyone discuss it before this conversation.  If it's widely used, then the draft should allow it.  If it's rare to non-existent, then IMHO the draft should suggest it's not a good idea.

  Alan DeKok.