[Emu] RFC 7170 (TEAP) errata
Jouni Malinen <jkmalinen@gmail.com> Mon, 01 July 2019 20:11 UTC
Return-Path: <jkmalinen@gmail.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C90581200D6 for <emu@ietfa.amsl.com>; Mon, 1 Jul 2019 13:11:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ew6RNwKkEKvC for <emu@ietfa.amsl.com>; Mon, 1 Jul 2019 13:11:13 -0700 (PDT)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFDD81200CE for <emu@ietf.org>; Mon, 1 Jul 2019 13:11:12 -0700 (PDT)
Received: by mail-lj1-x229.google.com with SMTP id v24so14506760ljg.13 for <emu@ietf.org>; Mon, 01 Jul 2019 13:11:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=LzeoOLmQaUZe5kuTDa6Dth4Bop1g3biwOn/RsH7UHEM=; b=Q+/SUa1YwwB7K6zBP/fqsbNSKKkLlRS64umR8kQqRFLtY2Z7acA+sl4OR6QPE51Mo/ 4di8WikCdfTaBfQPpO3/aMtK6dGZqjEALWXuR+rFYYlJhaHgOJ383IcLRmGVOn9OC+p1 rFjKvEmQ++FnRcSbi8E6iLs6S820nkif084ODD/5kx+GF2otmtjkVhrv32suLzxNSksg C1z87aSvScAWNtL9sOTxNmD3h422qRhS8G8POt4Io5Pde5d9/M1/k5OSDe9x7IfAO9DF +daSJjmAqZOwV1R9LfBkpa71uyD8SFVtUpRcPSnVtSXCg/QUbWaHeUKJ32U0Lrwum8W2 285g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=LzeoOLmQaUZe5kuTDa6Dth4Bop1g3biwOn/RsH7UHEM=; b=a8PoGngIgg2ZltJvWQ2pMaM4QSAEDhXNqcyRVGNHx3brNot9qxR1y7OV6xJCYBw6ot blnw20g+GbCARMRNT/363vVDeywSypZtBGwtjXYrLtHhOVKacarVFuNLDCHnwiwOyOTy Mz+QWkzXZNWsWDuj9ebMAt4kBFuskfFA8Lj6ZaSyXP30uPdJRGOavhAggoZCusA8C13o 8OAhCW4sXsE338b94E3CbctND6CJpbuD7dSefwVamiaFA5DQwJoMPpPIWYrJtaXdQ7Z+ /LjQN5+3TRuHhD9HvYql+l5qDb3OJqzvzRVwdGWiFEFJKWgFNGqPkdUoOQvdG2SzTpnn 82sQ==
X-Gm-Message-State: APjAAAUTNaCImkqAYPPvdVnZuz8pUl5Lre0jILTqaY0ZGZ++5sYA7NkJ uQoLa6AjsauRWXkks5U575NHp33QHqwzi8XF1IZIB2TD
X-Google-Smtp-Source: APXvYqw4Y+//LCqkTBGB77gJPN79oHA3maHcSJ0mhBrO3hRsp9CUvlN7zlzsQBFVcV/K7SqF51LmjFcajPJWMcfRK7c=
X-Received: by 2002:a2e:5b94:: with SMTP id m20mr14930270lje.7.1562011870517; Mon, 01 Jul 2019 13:11:10 -0700 (PDT)
MIME-Version: 1.0
From: Jouni Malinen <jkmalinen@gmail.com>
Date: Mon, 01 Jul 2019 23:10:59 +0300
Message-ID: <CANe27jLO9eDA867X8hCHv_WRADN_txSp4xpRTxn2RpwS=yaquA@mail.gmail.com>
To: emu@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ad6052058ca43afa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/rrQfS-UE9o0nSTGB29nWk0joEnE>
Subject: [Emu] RFC 7170 (TEAP) errata
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jul 2019 20:11:15 -0000
I've filed number of errata entries against RFC 7170. The email responses from rfc-editor seem to be cc'ed to this mailing list, but I don't receive them from the list or see them in the list archive. Anyway, if there are anyone here who would be interested in getting these reports reviewed and the issues addressed, that would be most helpful. Some of these items are significant technical issues that prevent me from implemented the protocol and would also make me question how any implementation of TEAP would actually be able to comply with the RFC I can figure out the most likely answers to some of the entries, but there is no straightforward way of resolving the issues related to (1) Crypto-Binding TLV format for the cases where the negotiated TLS cipher suite uses SHA256 (or SHA384, for that matter) instead of SHA-1 (and I'd hope all deployments of TEAP would be recent enough to avoid use of SHA-1..): https://www.rfc-editor.org/errata/eid5768 (2) S-IMCK[j] derivation when inner EAP methods in the sequence derive both MSK and EMSK (or even more complicated, if there are multiple inner EAP authentication methods that have difference in whether they derive MSK or EMSK): https://www.rfc-editor.org/errata/eid5770 I'd hope to avoid having to guess or make my own specification of how this is supposed to work before being able to implement this (and then have to re-implement everything if others disagree with that interpretation/guess on the design), so any feedback on these items would be very welcome so that there would be a general agreement on how the protocol is supposed to work to provide better chances for getting interoperable implementations. - Jouni
- [Emu] RFC 7170 (TEAP) errata Jouni Malinen
- Re: [Emu] RFC 7170 (TEAP) errata Joseph Salowey
- Re: [Emu] RFC 7170 (TEAP) errata Joseph Salowey
- Re: [Emu] RFC 7170 (TEAP) errata Alan DeKok
- Re: [Emu] RFC 7170 (TEAP) errata Jouni Malinen
- Re: [Emu] RFC 7170 (TEAP) errata Jouni Malinen
- Re: [Emu] RFC 7170 (TEAP) errata Michael Richardson