IETF Logo Mail Archive

Re: [Emu] Adoption call for EAP-DPP

Behcet Sarikaya <sarikaya2012@gmail.com> Mon, 22 August 2022 15:00 UTC

Return-Path: <sarikaya2012@gmail.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 245C6C14F73B for <emu@ietfa.amsl.com>; Mon, 22 Aug 2022 08:00:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.854
X-Spam-Level:
X-Spam-Status: No, score=-1.854 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6WRce4sdYYFm for <emu@ietfa.amsl.com>; Mon, 22 Aug 2022 08:00:28 -0700 (PDT)
Received: from mail-vs1-xe2c.google.com (mail-vs1-xe2c.google.com [IPv6:2607:f8b0:4864:20::e2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79753C14CE2D for <emu@ietf.org>; Mon, 22 Aug 2022 08:00:28 -0700 (PDT)
Received: by mail-vs1-xe2c.google.com with SMTP id w188so3371735vsb.10 for <emu@ietf.org>; Mon, 22 Aug 2022 08:00:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:from:to:cc; bh=1Rnlnb00YUEDHuCPgp6gYVu0yuPDu7ILj1jrUW9K26E=; b=ZJf7G7iIzme9XZs9QWXEaBnP101psyzdu6Nfki6b86dovnga2Ps2T6UDYhWBJQaE22 DE9ybLD9WOn7+f6yWdb7pWne8egfTeSeM3wjhkPExwKgFU8NBCLiqwTnT+yp4Sj49IaS rDw/pgWAtpK+SBP4Zj+YVR0gpleUgrMbXOIIhzQtyC4kkERhANBm12NHDYtdz0gNak6f 1Z33bTV0Z6Sppym2IDLxnuTHBn+9C0schvJCgtarAusqzLHizHi9eT2eP9aFTPOWCthi 8HD2CmgmT5R8OcGV78Sf/4Nv6ylxok/u/l3X4yLTbPTs2pvGb+LtEtfyrrkwO0CpgMPa yZfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=1Rnlnb00YUEDHuCPgp6gYVu0yuPDu7ILj1jrUW9K26E=; b=zVdEm1zmsxeYMt80stbkI/E75ToqU6JnHpWT2RzXpOl+RjJ9aAENwXKUxPtwPCmCjW MkLoTyCKRvjmSGfyHJZMsdX/IQvi7f0i8lGopVYrimJWSxAXHhGqmu/tgaYLAj/j6EJ5 VZCb7b4457WUUDz6nX9I+ihSTAYg4fsdDCxnU6r2nux5k92sly1TbU2vH7OlDS32OURY YIiuIsUnzijquHzx6qPcLYIXcvQ71RJv6kxr8zbMH77xhko4huoRXinKThOe5ftqzAH3 Lsyx9N1jucOA+nHWtGTB+A7QIZdA+jvNZ96kGgK/fOHss08GBy/ePhrAFAD9JvK4fOft 1jvQ==
X-Gm-Message-State: ACgBeo16EFRuV1VkV3Nb6aiKWnNuBof69YB3eS3QnI6LXZK6wpwpa0vF fbH7EfFnMjPIb8hFwkeweQwQiQuYEJqjqdTYce8=
X-Google-Smtp-Source: AA6agR5Ll0bAdNLegEq9AXVJzDhlrY2XOOH2itLqk5hj12ohlLTlK5CNZss94LTNIJnu8/97SzvYn+7vw1nWUq5tYdY=
X-Received: by 2002:a67:d284:0:b0:390:3f27:a274 with SMTP id z4-20020a67d284000000b003903f27a274mr3758350vsi.12.1661180427409; Mon, 22 Aug 2022 08:00:27 -0700 (PDT)
MIME-Version: 1.0
References: <01bf01d8b1ac$81233890$8369a9b0$@akayla.com> <CAC8QAcfzQHQg4GQNaqG5k9QJ00-CBCPnwdseLUSYQ=me4rGXEQ@mail.gmail.com> <a9dc5a50-1dbe-614a-1453-63be90286c65@lounge.org> <CAC8QAcdZqcYEoaxVU=G6hWmgkrrgPZO1r-8r=rp38MR5mm5k=w@mail.gmail.com> <CALxLnWrukM7DaqKFXmhQuRehC2z_UZOnbRtu82aoY8DajOC0aQ@mail.gmail.com>
In-Reply-To: <CALxLnWrukM7DaqKFXmhQuRehC2z_UZOnbRtu82aoY8DajOC0aQ@mail.gmail.com>
Reply-To: sarikaya@ieee.org
From: Behcet Sarikaya <sarikaya2012@gmail.com>
Date: Mon, 22 Aug 2022 10:00:16 -0500
Message-ID: <CAC8QAcfHzUhZaFLQT_V5NiMQz=rk8phrJhi42+AcmMcLKWPMdA@mail.gmail.com>
To: M Montemurro <montemurro.michael@gmail.com>
Cc: emu@ietf.org
Content-Type: multipart/alternative; boundary="000000000000489df205e6d5b5f7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/u1X9UOz2waZzeapzpk2KE3S2vQs>
Subject: Re: [Emu] Adoption call for EAP-DPP
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2022 15:00:32 -0000

On Fri, Aug 19, 2022 at 10:50 AM M Montemurro <montemurro.michael@gmail.com>
wrote:

> Hi Behcet and Dan,
>
> There is a v2 of the DPP specification. The only difference is that Wi-Fi
> Alliance has a adopted the program name for the specification rather than
> DPP. So the reference would be Wi-Fi Easy Connect Specification v2.0.
>
>
If you look back on this thread, in my mail 5 days ago, I alluded to this
already.

Behcet

> You can find the document here:
> https://www.wi-fi.org/download.php?file=/sites/default/files/private/Wi-Fi_Easy_Connect_Specification_v2.0.pdf
>
> Cheers,
>
> Mike
>
> On Fri, Aug 19, 2022 at 11:23 AM Behcet Sarikaya <sarikaya2012@gmail.com>
> wrote:
>
>> Hi Dan,
>>
>>
>> On Thu, Aug 18, 2022 at 9:54 AM Dan Harkins <dharkins@lounge.org> wrote:
>>
>>>
>>>   Hi Behcet,
>>>
>>> On 8/17/22 2:36 PM, Behcet Sarikaya wrote:
>>>
>>> Hi Peter,
>>>
>>> I quickly read this short document and have some comments.
>>>
>>> In the informative references section, DPP is listed as Device
>>> Provisioning Profile while it should be Device Provisioning Protocol.
>>> Actually, in the acronyms section the name is correctly given. However,
>>> the DPP acronym is not properly expanded in the first use of the acronym
>>> which is in Section 1. Also the same could be said of the other acronyms
>>>
>>>
>>>   Good catch. We'll fix that.
>>>
>>> Also the date of DPP document seems to be wrong, I think the version 1.1
>>> was dated 2018.
>>>
>>>
>>>   I think the Wi-Fi Alliance has released v2. I'll check and we'll fix
>>> this if needed.
>>>
>>>
>> I think there is no v2.
>>
>>
>>> Probably more seriously though, the document says DPP does not support
>>> wired network access in Section 1 but maybe the authors are not aware that
>>> there is something called wired only DPP which is defined in another WiFi
>>> Alliance document in Section 2.3.5 of
>>>
>>> Wi-i Easy ConnectTM Specification v2.0
>>> This document is dated 2020, maybe the authors should reference this
>>> document then the date will be correct 👍🏻.
>>>
>>>
>>>   The DPP-over-TCP solution will not work. DPP-over-TCP was added to
>>> enable centralization
>>> of DPP services in devices which might not have an 802.11 interface.
>>> Think of a central network
>>> server that implements a DPP Configurator that is connected to multiple
>>> access points in an ESS.
>>> The APs will just de-capsulate the 802.11 frames they receive,
>>> re-encapsulate them in TCP/IP
>>> headers and send them to the central network server who processes them
>>> and responds with
>>> TCP packets to which the inverse operation is performed by the AP. That
>>> said, it is certainly
>>> possible for two entities to speak a complete DPP conversation over TCP
>>> without the use of
>>> 802.11. But as I said this won't work here.
>>>
>>>   The reason this won't work is the "Onboarding Catch-22" where you need
>>> a credential to get
>>> on the network but need to get on the network to get a credential.
>>> DPP-over-TCP requires an
>>> IP address. How do you get an IP address? Well, after "link up" on your
>>> wired connection you do
>>> EAP and authenticate, and then do DHCP. But how do you do EAP?
>>>
>>>
>> Yes it is a good question but it is answered in detail in Section 2.3.5
>> of WiFi Easy Connect Specification. Fig. 9 there on page 40 shows the
>> message flow.
>> The client there already has an IP address. The issue there is how will
>> the client get IP address of DPP controller.  They propose several
>> solutions including DNS.
>> Authentication is based on these three messages exchanged: DPP Auth
>> Req/DPP Aut Res/DPP Auth Conf
>> There is no EAP. EAP in DPP is used in 802.11X with EAP-OL Key  message.
>>
>> Behcet
>>
>>   regards,
>>>
>>>   Dan.
>>>
>>> Behcet
>>>
>>> On Tue, Aug 16, 2022 at 3:12 PM Peter Yee <peter@akayla.com> wrote:
>>>
>>>> This is an adoption call for EAP-DPP (draft-friel-tls-eap-dpp-05)[1].
>>>> This
>>>> document aligns with the charter item to "Define mechanisms by which EAP
>>>> methods can support creation of long-term credentials for the peer
>>>> based on
>>>> initial limited-use credentials." The latest revision incorporates
>>>> feedback
>>>> from both the TLS and EMU working groups. Please review and respond to
>>>> the
>>>> list if you think this document is or is not an appropriate working
>>>> group
>>>> item for EMU by September 1, 2022.
>>>>
>>>> Thanks,
>>>>
>>>> Peter and Joe
>>>>
>>>> [1] https://datatracker.ietf.org/doc/draft-friel-tls-eap-dpp/
>>>>
>>>>
>>>> _______________________________________________
>>>> Emu mailing list
>>>> Emu@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/emu
>>>>
>>>
>>> _______________________________________________
>>> Emu mailing listEmu@ietf.orghttps://www.ietf.org/mailman/listinfo/emu
>>>
>>>
>>> --
>>> "The object of life is not to be on the side of the majority, but to
>>> escape finding oneself in the ranks of the insane." -- Marcus Aurelius
>>>
>>> _______________________________________________
>>> Emu mailing list
>>> Emu@ietf.org
>>> https://www.ietf.org/mailman/listinfo/emu
>>>
>> _______________________________________________
>> Emu mailing list
>> Emu@ietf.org
>> https://www.ietf.org/mailman/listinfo/emu
>>
>

v2.23.0 | Report a Bug | By Email