IETF Logo Mail Archive

Re: [Emu] [secdir] Secdir last call review of draft-ietf-emu-rfc7170bis-15

Alan DeKok <aland@deployingradius.com> Sun, 03 March 2024 16:01 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E95DC151087; Sun, 3 Mar 2024 08:01:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8hEc3GKg3rKZ; Sun, 3 Mar 2024 08:01:43 -0800 (PST)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E7C7C15109F; Sun, 3 Mar 2024 08:01:43 -0800 (PST)
Received: from smtpclient.apple (135-23-95-173.cpe.pppoe.ca [135.23.95.173]) by mail.networkradius.com (Postfix) with ESMTPSA id 4C4675E6; Sun, 3 Mar 2024 15:53:13 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <f3384fef-8e72-4401-86f7-c15aa3dc92b0@mandelberg.org>
Date: Sun, 03 Mar 2024 10:53:12 -0500
Cc: Alexander Clouter <alex+ietf@coremem.com>, secdir@ietf.org, draft-ietf-emu-rfc7170bis.all@ietf.org, EMU WG <emu@ietf.org>, last-call@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <7D04A7A9-A743-4A9D-ABD0-C945D3D6B3B7@deployingradius.com>
References: <170934966282.22720.15728977796194077360@ietfa.amsl.com> <b6b6b90d-ff6b-486a-ab0e-d38c7b00c79f@app.fastmail.com> <f3384fef-8e72-4401-86f7-c15aa3dc92b0@mandelberg.org>
To: David Mandelberg <david=40mandelberg.org@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/stw4M1h-mhodqbSDxuO-VlFHphg>
Subject: Re: [Emu] [secdir] Secdir last call review of draft-ietf-emu-rfc7170bis-15
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Mar 2024 16:01:44 -0000

On Mar 2, 2024, at 1:20 PM, David Mandelberg <david=40mandelberg.org@dmarc.ietf.org> wrote:
> If it's not feasible to require server authentication before sending Identity-Hint, then maybe at least document what information can be leaked by it and in what circumstances? Or maybe recommend that implementations don't send it by default to unauthenticated servers, but offer a way for the user to override that default?

  I believe that Identity-Hint is not useful for server unauthenticated provisioning, and therefore should not not be used in that situation.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email