[Emu] Author review of draft-ietf-emu-aka-pfs-07

John Mattsson <john.mattsson@ericsson.com> Sat, 06 August 2022 08:12 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23034C159496 for <emu@ietfa.amsl.com>; Sat, 6 Aug 2022 01:12:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.315
X-Spam-Level:
X-Spam-Status: No, score=-0.315 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.582, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MANY_SPAN_IN_TEXT=2.374, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iTKLgTmtXIyH for <emu@ietfa.amsl.com>; Sat, 6 Aug 2022 01:12:45 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80050.outbound.protection.outlook.com [40.107.8.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4715CC14F747 for <emu@ietf.org>; Sat, 6 Aug 2022 01:12:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cT6OjDK5ovEs8JAIijKyb07HCgJhyMjdBJJpp4T8Dh3JRZMxwCk8smisEWehmIKhXpGL+iTgoNBWqK7JN8Rd47NgGCPiMDdF3nDfnobJEvxdDWvXiqkXdX2IVrXiCdy0dyCNO4ayabyGoEnB3ZNqDAkemwJqUnyoOet4dMP/jUa4WBR4C6vbbA3Zzcna1CYna4hAcDFZaOeLrFZ7tnGEPczg8rVYIJGpuRyNv02RJCfWT1se0ZQ6QvwhkotbYLFA4hRJL6zmHqKPwG3ZAWcVnU9sG6jVjQewehlHZ15GpgKpMGg+1dC8Ap6M4mVG+D5XA6J1InB7FAEizEieOl66PQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EnyQ/AQtkaivu9i4EESFldF7WiAgo/zdGuNjIud3CrY=; b=JG3fDOWDik90ish42zynpWvWhaXs8k2AhPuT2iHpWS8f9X6c+b4WmD25PxtSuDY6TFQ7vlgFqp5FCwowe+khd6zymaqtWoI8iGPsJzzvFeXF8gFlz8/SpsYD5cErs+8IBzL4K3jTcmGXtLCxWs9Ts8Krt5s6SuoFurU181zBGcbPr/nDmwwWGCcDRegJw9ixPPeA/qTSfaUMiWS2OqQncnO+ayfrMGzOJpFTZn5IGdDf8BooxJs7PNTfQtVmZcdhok//ttpWm3/LTnXpScG0qpMATf+B8g1dV6ajtscWV966iU7QtQV14P3UKanLJa8OzPFhBD+wJ+PW3fD/8zvMvA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EnyQ/AQtkaivu9i4EESFldF7WiAgo/zdGuNjIud3CrY=; b=MbGyhvmzUKvj7KG9TC6CHN+uaeEWfCHG7oMCL6rgP/LPsHHeJgEz1T2eFOuAYKVzbgBn+bOItDVDuccyCLDTlmR8ytU+/PYakV8KLxv8x2IcqWu9MW5z7ELuQEv+10XSMm/TyQjNfv0zYHyQdR4LD56oejyi6ZMtot8UU4nnSp0=
Received: from DB6PR0701MB3047.eurprd07.prod.outlook.com (2603:10a6:4:74::7) by AM4PR07MB3106.eurprd07.prod.outlook.com (2603:10a6:205:d::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5525.7; Sat, 6 Aug 2022 08:12:41 +0000
Received: from DB6PR0701MB3047.eurprd07.prod.outlook.com ([fe80::401f:fbad:cadc:c50e]) by DB6PR0701MB3047.eurprd07.prod.outlook.com ([fe80::401f:fbad:cadc:c50e%3]) with mapi id 15.20.5525.007; Sat, 6 Aug 2022 08:12:40 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "emu@ietf.org" <emu@ietf.org>
Thread-Topic: Author review of draft-ietf-emu-aka-pfs-07
Thread-Index: AQHYqWaQYi5Skbe1d0KNKciVbgp8TQ==
Date: Sat, 6 Aug 2022 08:12:40 +0000
Message-ID: <HE1PR0701MB30504789D838349869FC33F289619@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1f5109c7-a676-488a-93b8-08da77836eba
x-ms-traffictypediagnostic: AM4PR07MB3106:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: hPSbpFldsetnep7YIxFFRgu+yY5QBB0X5eUbRugJ7ZC6cB85FhP3fmyF87cMvorpzTA9qx64t1jBGzuY/gjW8Fv+juENoDXVfXX7vZaLq+FK4aQXGXvYVMwaqvfuVwupDTtpdNTBUkdw7e0fSzJGEfnP6x260cFAxx00ZekMi1X74Twuus3E9vjhzzIz3K/zQPXalo+hK6R0fmdBW4TMZZB/Ww8BiL/twNCOljDtppLf909a5nhU4M/19yKlfG5kuTDa0HBcRCr94mYoZQeRMB35+bYNL22wEecP40StQ22YWuel9jubqw3y/OyHmGLgMvZrjcqpoYs0xsb10VHahwl4Rqi2HvnKGApFh6WJ/I9TMhSoHu/O5+BvGoRW05GW+kwy5IcGG1gG+SJw3t1jwRGwDsRei1sU+DwvJ53O+rFCAP0mepsuA3R3Ft09e7q7WFfLZX8B8cTotZxhEQeDemKfqA+a3/oH+eHAx4ZcW90AqMy87N1G9J+/256pZMyTd2DbVxVjDPeEzn7mnZVvRcDgU/xOjb6iqPUlwXSTa7c4OJtXyBBbM6zHUhp2QPzMetd8RnWCqet1x8Cr+oAWfdzHd1fRL89w5V+8m/JO9zBnhljFitOhZfr6nq54tb7vtAFFNwRoBU/E9RRnc/Ajj+PHR706tVmqYcdeu2qnsGbIGRVu2Wovent9sr7KeQfp6IdkJKm2kSg4pvFZ8+HWqopTAwI38AGw21brdgNegzVzqVWKkmO8ZJeR5ZvgBYxD8aFvOVGjR8CQwOrKP9sVLRTv1IlibPChPiCCWk08Ezy4osDE/NH7Zt6WlwMmhkcNmdyoBZBly0VnRCMrNNYiwl2C2lCyJezQlj2wBU16US4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB6PR0701MB3047.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(39860400002)(346002)(136003)(396003)(366004)(376002)(71200400001)(82960400001)(86362001)(478600001)(41300700001)(5660300002)(38070700005)(26005)(8936002)(52536014)(6506007)(6512007)(9686003)(44832011)(91956017)(316002)(6916009)(2906002)(76116006)(166002)(966005)(6486002)(8676002)(66476007)(66556008)(66946007)(66446008)(64756008)(38100700002)(122000001)(33656002)(83380400001)(186003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?/r8Glx3uxFzvmNJ/wRC5Ap47FvTN+o4JYItCRghL1ER74NSsA43MVBpc?= =?Windows-1252?Q?IleVoqKP6vvlbaHlnY7GQO7GUlP4xKjgJpyZDmmPBLkF0p6TeHctRDga?= =?Windows-1252?Q?56fFCVj6jAdUNAsuT9UyZL01zZGGKhcAT0FiiHLmHeDunxqpgMzjHtQj?= =?Windows-1252?Q?4l6p1hoW5fvx7Ym8DiiAe2ttxU/lWRDw/S2XJQLVpkCemIRa/27eDEMG?= =?Windows-1252?Q?5p1Dx1m+OHMYAO9smeVK6O8+qtaimv4rVFlrDKef231zuoqb4mmng9az?= =?Windows-1252?Q?kB9S/eNt1cUrWUvh3ZtWzCvLRAp6HAL/FLVlbVtTPhqEgSkHwNG9sFtg?= =?Windows-1252?Q?8tzE+XNipR0f5xTVI3HMcGvugpzJ77G+IZo9/Df0ajKArBKLYCNrupYV?= =?Windows-1252?Q?MHcPNvKTUkf4kzserxlRFVcMePIxGv76UYvP9gU993kqUOzHfBNKyo1T?= =?Windows-1252?Q?hfyjGlAK4jE8U1VJm2L558S76ElWRXEDtZudkgLyDzsf2vKfOqVP0B3K?= =?Windows-1252?Q?Jt88Fb071Rlz9/f18Rac+gnYsxDNii5fvJeWNzj0TisT5ijboY5bo6I9?= =?Windows-1252?Q?qmrlKBunrnpgp6MOGpsNz0iWbFxo7XeFgK5xsBs30MQUiHjK39cWFyOC?= =?Windows-1252?Q?QzM7BsEpXU/WN0AYHjXfj2mZoZhlqeoDkeRgM2/IBbovG57yYSNMburs?= =?Windows-1252?Q?E1AIJxnQOwheLuSIQdbzLmc+g/O4Pfv0nLZLFl6d98aU5OsTFMGo8/7Z?= =?Windows-1252?Q?eNTnLfMNM3XVuqhvgVYKDl/s/vs/DY2MSsDizPrFen3uYlO8Ksy75+Yd?= =?Windows-1252?Q?ekNGRbWNNdoJeL1pB5FqZ/Z5klwDjXdaQ7PCyuwL3ecCkakgZipMUJt3?= =?Windows-1252?Q?InUFQPUphfvTrJ1Ha3MILTwA1SXpsyomyKfJEZS9Ios/jFrkjf6Fl7lS?= =?Windows-1252?Q?vYPBuZxU42A9Z5zi4+xK08EHT/THmEaPfOpLx8+vuGHkodcdtOEPRfZe?= =?Windows-1252?Q?sysYmmITIcAobEDXlI3XJHhHXqRI0Nif3DttQ/6balaqlHXjrycro4J4?= =?Windows-1252?Q?fNgUFRhWLifDXhmCmMizXTIsGWl3BanCCm+e7d6VieEjsz5D7uJWF7N3?= =?Windows-1252?Q?YSJTyfYwNBM8tVQUCVY03SXD6I+gOj3vme1iasEQmxscy3Mr6iKy+R6z?= =?Windows-1252?Q?0svg+ZvOCjqvAV6iKW0y5jL+kfKRwtY9XN+bDserkySGiHu6VNMPc+cF?= =?Windows-1252?Q?SX385B+z21pTtGGK2GZX75GhqKqKTNdWShA+7fPPzpID32ALFz3RRm+X?= =?Windows-1252?Q?cv13CZeZbQlW5junZutCbELmHJEiFqKKLxUs3EJbCBL13SA932W66Tq7?= =?Windows-1252?Q?4PtNnN6UtlHchqHo2VzrVslOxNA3mM9SHET2MS5mKlsJemgKMUh+R6Um?= =?Windows-1252?Q?YqAopBpdR/5wdWXZ71qGcl3BmRADxNtSFitr4toIR0cG5pUaNxmOZBXu?= =?Windows-1252?Q?O55t8KsBfEjyIv4TwwTSuS7/oOgsYMzIUlGP6gK4JzF5YdZ1dSBo23tB?= =?Windows-1252?Q?IhwddUp0g0dEazWIYiJitoPzA9urzUucLUkxZb59m427v3Xt2v5cd0EC?= =?Windows-1252?Q?slo7804C/kxDkKGLgTqSQTVna/ENfU7nrrYqg+y4weoWPHXexIsuN6Lo?= =?Windows-1252?Q?CfqNif/u6+cdYG5QpJ8Tyja/1zJh+dk9dWlTky3J/LWodm3pl2Oh4Ycd?= =?Windows-1252?Q?P/JZKjGF1ETpodWCScA=3D?=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB30504789D838349869FC33F289619HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB6PR0701MB3047.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1f5109c7-a676-488a-93b8-08da77836eba
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2022 08:12:40.8020 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: cZDccBKLz7Hx3G/mmdukcY3kjt/w0V9koW6FkGbaRuhK7EyEvdVse3nMRxLfmnPbbakl/8AsiYeq9ZffiKNxtNKx7jD2FLYfG+bvnaUQYcQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR07MB3106
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/xhve_oQ8QM73iK8KSfwz773qqnM>
Subject: [Emu] Author review of draft-ietf-emu-aka-pfs-07
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Aug 2022 08:12:50 -0000

Hi,

I did a thorough very trough read of draft-ietf-emu-aka-pfs-07. I found several minor things that I think should be fixed:

- Fixed all names with non-ascii characters including my own. -07 dispays non-ascii characters in some of the references wrongly.
- I fixed all the idnits (to long rows and not mentioning update in abstract).
- Fixed the xml code for the references. They generated weird output when using the lastest version of xml2rfc.
- Added a formal reference to 3GPP TS 33.501
- Added proper figure captions and use of align center
- Reformated and aligned the figures. They used different horizontal and vertical spacing. No technical changes to the figures. They now use the full width.
- Renamed the new "Key Derivation Function" field "FS Key Derivation Function" in AT_KDF_FS to avoid confusion with the existing field.
- Split the quite long security considerations section into subsections.
- Removed mention of (R)UIM and added more explanation of USIM and SIM card. R)UIM has been superceeded by CSIM on UICC.
- Added that requirements for generation, validation, and processing depends on the curve.
- Added missing point validation for P-256
- Fixed some incorrect references to elliptic curve crypto.
- Processing “start again after validation falilure” apply to all curves.
- Added privacy-friendly to several places to align with the requirement in -07
- Added section on Unprotected Data and Privacy to align with BCP on pervasive monitoring.
- Added section on Post-Quantum Considerations. This section also describes that EAP-AKA’ FS can easily in the future be expanded with PQC KEMs.

- One issue I found is that the interactions between AT_KDF and AT_KDF_AT are not specified. The Specification is clear on how to derive keys when AT_KDF in {1} and AT_KDF_FS in {1,2} but does not give any descriptions on how other future combinations are supposed to work. For example, what happens if someone registers AT_KDF = 2?

https://github.com/emu-wg/eap-aka-pfs/issues/25

Currently suggested changes can be found on GitHub
https://github.com/emu-wg/eap-aka-pfs

A Diff can be found here:
https://www.ietf.org//rfcdiff?url1=https://www.ietf.org/archive/id/draft-ietf-emu-aka-pfs-07.txt&url2=https://raw.githubusercontent.com/emu-wg/eap-aka-pfs/master/draft-ietf-emu-aka-pfs-latest.txt<https://www.ietf.org/rfcdiff?url1=https://www.ietf.org/archive/id/draft-ietf-emu-aka-pfs-07.txt&url2=https://raw.githubusercontent.com/emu-wg/eap-aka-pfs/master/draft-ietf-emu-aka-pfs-latest.txt>

This current changes on GitHub includes a solution to #25 but I not sure that it is the correct solution.

I have not discussed with Jari yet. Comments on anything above is welcome. I expect that we will submit -08 quite soon after vacation. As discussed at IETF 114, the plan is to progress the draft during fall.

Cheers,
John