Re: [Emu] Francesca Palombini's Discuss on draft-ietf-emu-eap-noob-04: (with DISCUSS and COMMENT)

Mohit Sethi M <mohit.m.sethi@ericsson.com> Fri, 16 July 2021 09:34 UTC

Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDFBD3A2FE0; Fri, 16 Jul 2021 02:34:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IKGM1UD3nZyW; Fri, 16 Jul 2021 02:33:56 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2070.outbound.protection.outlook.com [40.107.20.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 774D23A2FD8; Fri, 16 Jul 2021 02:33:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nR+6GTDXnmFRF4vv2kc97cNRYcGdGLeoBqmVMALYrcK1uekOnHwN8Ts/1jacbzJJ03mMKlCXnf2lc8wT48ZUZ6sS2mD4hIiV/7OYNjxDARMRbBmOSRb76lObFtx84ebICJh135oCemNxQQBr3kxjWdMv+uf2bTMiMPY6gI7EVE/3NeLh1khfiDhUU3BB0vXYLUcL68jo29mdB+mf8MhJbMqhdQFac5xS0euSxhc4foq0lyTOLzB9QJxyhTPSYJEc7guYDrD56cz3RHKpktFaCykTsGzQkwEmqbALKTFNhZU+0kQ6TbYPRSUTkBR/3Mtyn4tGpfUmi5Cq7+C/ytovJQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6fPJnxGWc9JE8t3+uvbY9YfKSRk/K0PV9eEmAElF2lA=; b=Phiusl1lKAby+GSbxk9qjHQaUJuLdKleukfBVpb8hsS2dBIoTTzojAb4VIGsMsCmaxfj67Qgil1aBENT/UmaUzsHyZncMExpTS/kmq8RdgoCRyNoJmI9F8xv/fQmQqqJph2tETZ7MmA5vOkHis/7KK88uxDRYQGUAG2jsgQcD1KRV+YcswGrRoZTeLGYDBClbFifXquXnyaRzSzOI8HvCiXeUiXytPUm8F8vDg3aESPYdmFpCD3fU/AJKDL0Mim4Ql2l3S7Fu/jH7AyvGTNXk2gbiLsjYhFBo8kzD/XwX3j48c2nQ+wVDX2RxelNNwQAeXuasNzXy3QijeObmcsk1g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6fPJnxGWc9JE8t3+uvbY9YfKSRk/K0PV9eEmAElF2lA=; b=Zgi9FK6bL9lkziK5TbpV5UEsEOJY/kHtDkAE0UkXyo2rFZ++B8E8vVeJvcdqP/FtF6oR3bk8Hle2C/+YQt0zLYsggBFBthgZVy4n1obWRtp32D71njejbkQ/hWjUSemqXxqQ7r04NE5HlAqnOA4x1JrlMTg+u6UP3t8XLVRLEf4=
Received: from HE1PR07MB3436.eurprd07.prod.outlook.com (2603:10a6:7:37::31) by HE1PR07MB3194.eurprd07.prod.outlook.com (2603:10a6:7:31::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.17; Fri, 16 Jul 2021 09:33:49 +0000
Received: from HE1PR07MB3436.eurprd07.prod.outlook.com ([fe80::c04b:9f4f:3494:b84c]) by HE1PR07MB3436.eurprd07.prod.outlook.com ([fe80::c04b:9f4f:3494:b84c%7]) with mapi id 15.20.4331.024; Fri, 16 Jul 2021 09:33:49 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: Francesca Palombini <francesca.palombini@ericsson.com>, The IESG <iesg@ietf.org>
CC: "emu@ietf.org" <emu@ietf.org>
Thread-Topic: [Emu] Francesca Palombini's Discuss on draft-ietf-emu-eap-noob-04: (with DISCUSS and COMMENT)
Thread-Index: AQHXNWybLTuY6wbZmE2y9t3KZ5myoatF4IOA
Date: Fri, 16 Jul 2021 09:33:49 +0000
Message-ID: <e369c0d8-573f-d79b-52ec-b5fcd5bf5505@ericsson.com>
References: <161887184969.29228.7896824473914871913@ietfa.amsl.com>
In-Reply-To: <161887184969.29228.7896824473914871913@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
authentication-results: ericsson.com; dkim=none (message not signed) header.d=none;ericsson.com; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a9e66856-8531-410d-3a5c-08d9483cd176
x-ms-traffictypediagnostic: HE1PR07MB3194:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <HE1PR07MB3194F2032F3B6BEA58828E38D0119@HE1PR07MB3194.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: hToKXVba/6rwom11TYRous0M7TOVvQ32tZzZ9+odB5YnustHPVfa5tzCoM7ojIKtC7UjVj8PVZFQiiFWoDAvv9uM/bZ0Uc8NS84mrqMec+9Xy+MODzvH1MiUw7dJEJezzI/ePqfbftXdgLnEC9e7AuXV5ZBh6wCTOtJ5skGF7oQlRYXf4AgWTI9OcCuKtAPRyDU4QvpTPn5FIBHiWg9tAZ9kUNI0FI1SMFgowWs75KIrMvGVQTbaTaa6q1EW44rTwjsGYooJdeXA7IdOk8F8C+GmOfer4kdhSi+wPzm0jbIeNF0cU20qNDOlw1jEEnyLsEBAFU/O3vwLTju2apopOUGuBYs7w2jDYiw2gDEBDpzvkNk0R0px1ERKRpoWrZsSYOAyMn2Xg9YZOnq8RmKjETOyvMCPzMQoVlpdj5uLNqVDxbtd10++GWpkaRxEhJRXePEM32g8hMcw9K1pu1A1rQldxLQGAVejA2KE4hunNNRpPhEuOUjQBebzB/88mFBD4r2q7atnaniwGxtaL7CkRcnaxovn9Uwd2rO895dFbQezfZmOxnWeaZA1vH/pGgOpR9ZWg5VXp9DYfCvxldWs/vbViloXd6iQg5EkLnqsegF89/F78Nv3kV8se741BNX7CPvTI4259SJBAHxHhp2yUJPfBa69gxS9/WK3KYGuEbhkiKhNNVx8oo8v8nZeiyC6JFG8BfRKM+2AhSEdViXoPymH/zZMHSTrHQGM9wCeWZJHdiavBYiP8Wq0bzrMJn2m1equD1cIvv5LyRfv4cPNe6i686ObLvBQCUMgZr+uapyghBQBb1o8JpZDjuJkK1Bqoz2Ik1zpY+Fg9IDqfgN+paqP5/MY6S0Rmh9bkjGqBWen73yVwEFbbX1WZc0oJLa1t4THFAMo01Wipl1GCaJdbQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB3436.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(6486002)(8936002)(5660300002)(4326008)(36756003)(83380400001)(186003)(2906002)(8676002)(53546011)(31686004)(2616005)(450100002)(6506007)(6512007)(76116006)(478600001)(71200400001)(122000001)(86362001)(66446008)(66476007)(66556008)(64756008)(966005)(66946007)(110136005)(31696002)(38100700002)(316002)(45980500001)(43740500002)(38070700004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?YW53WWpPRVdoK2RQUGNjK3ZleTA0NTBQNWtvcEhNeUh1ckFtL3g4d3FtcDRw?= =?utf-8?B?SVRhRHZMS2NvYVBMenVNS1VVWGZyMUhWdHRqcjlwTFhDaG5yenUxUUpXQlpX?= =?utf-8?B?SjNTclBTWHc5WnhWdUxtMXR1UW9NUFVxR1BIcDZuNDY1c3dvNUU4S3NDT2JF?= =?utf-8?B?dlpENE41NDFRN0wvSkxXenB4WjY4c1d5eSt1bnNsSG9xR0JLVDZoZlNYRzFy?= =?utf-8?B?L2MrRXpKa3E1ZzQ3K2NMdHp1SjdxZHZIMjZya1ZvTmtXTlJwS3dKeXJYQmxT?= =?utf-8?B?alZnQWU5aW4zQTVPYUIzdzJkcS9pYi9kUGN4WXg4eTJzR1Naa1lDK1l5dnV5?= =?utf-8?B?NnMvNjdWRkUxWE01Q1dCZ1B3ZU9tNDMyeTZHS3oyY2xzN0MvR1hSdHc3NjRn?= =?utf-8?B?cS9oTm1saHBpdEJDTkVTcGc2TzhRa0o3c3V1aDNOMnhlTFpKcHhHTVorOWJD?= =?utf-8?B?S1hqVGNCbnhkT3I5Si9SeDFmSTlWdHAyWWI1YnhaYUFnSlhtR21kc1RSUmU1?= =?utf-8?B?QzNHNm1Sa2IreTNyU2VsUno1QlFnN3lBR0o0MWtiWmYyODYyVUNYRlV1dlhO?= =?utf-8?B?SElOWU1ldUc4TXhvQU5FN2JiYXBKK0EwZVU5V1Uzc1d5Y3ZTeTVtb1QvZEF2?= =?utf-8?B?bEhiS3ZmMXBXM3pMc2RId042V1JRS2d3SldJMllWTkVJaG5vTGFUOEhZL3dX?= =?utf-8?B?RVlDK0NZRWdBb0pZZlVjNlBsRFNyVHNpNDU5NlMxWjROM2hpZ0o2dm5DRGZP?= =?utf-8?B?N3A3N0xlWWdkcGo1T09LRGY2Q0R2T3JrWitlbG5acVJrdjdsSHdQNHBuK3M2?= =?utf-8?B?cUdvK2ZYaFlReHB0MFpxNlA2blNuYlI5MnNjNUY4VkNTRTB2aFVVeUExSTdh?= =?utf-8?B?RmJZQ2N6R1VadE5hcWEzcDN4L01FUlFycHZ2U0tmdVBxZGU1eFZ1WDJuZUJ0?= =?utf-8?B?Rk9UM3JXbWRsY2EzNWk2eVI2NUVhWWhSV2FIZVNlV1laUzZ4d3lMVzFRWVBS?= =?utf-8?B?OW1NZXF2OTV4YlM3Z2VEVGQvRStuRjZuN2pUSmRjZzhDOXZrVUZrTlFmTW1Z?= =?utf-8?B?L040cTBsanp3eURvVUFLbFZ2R2NETlBWa0c4NjhnNmk2YmQwTWFFTVdPOEpC?= =?utf-8?B?RHpYbkNadHVRSk51bDcra1ovUVhSdlJseEZkcEJDcVZJanhhNEx5U1ZtbFlT?= =?utf-8?B?VUdNa0xZQVlrOGlod0wyS2hzTGxnaVZramlMRTZoeEN1dHY4RklHRmVrUE1v?= =?utf-8?B?SEpKSkhGaERZVUZKTkIzbml3emhQK1FsekdyTloxZTcwU0Q4ZGJzbXU3WFVq?= =?utf-8?B?RUtGN2FCMkhwNUl2TDVXWWJ6amRGeEpLQ0ZadDlmWnJic0hqQUVrMytnWms4?= =?utf-8?B?VmVkVXVzNFpDMys3U1JkcHYvWnFGM1A5ZksxS3gxZjB1bC9ucFA3d0t0Mmto?= =?utf-8?B?NjE5cHdEazNTcEZ5QU5IejllZFpQTFRpYldrS1pwdmFacFVaNlpBTjR6YzZG?= =?utf-8?B?Y0doQjVoemZUL3NlV1dndVpJbllIRDJZRng4Q1lTdDUwYmdwSHlvWlh3WEhQ?= =?utf-8?B?Tk1lOXUrU1E5NVJpVjRqT2E0ZGFVYy9aUzg0ZzJDZTR6TFZhWU5VTlU4VjRV?= =?utf-8?B?NUttcVcxMXpxcDNnSGI1OVJESGJVOGV5MStJWXoremRvTGFQbU5MRkhpMDhH?= =?utf-8?B?bWQzSXlzOFcvaUhXenRNTzB6KzVVeStrelVLOGJlSVozdW5iM1hRd2tBT2tP?= =?utf-8?B?dVR2ZVpmb3ZYV3JIYU1uZGZhR3E4TUVzRkc3b1RSeTZGaGE4eHdzaTZ2NmZD?= =?utf-8?B?amJkaXpWM0FKN0w5VmU4a0tRYXlVNHR6cHMvM3FLNHF0YWxaTnUzdExmQlBk?= =?utf-8?Q?RdWZLZRJlnRV1?=
Content-Type: text/plain; charset="utf-8"
Content-ID: <22A968DF65ECCA43ADDAF3DFEC83335F@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB3436.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a9e66856-8531-410d-3a5c-08d9483cd176
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jul 2021 09:33:49.7950 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Fv0GFuLIkiU641RZS3B833H995WuNmd5ra8jmw1+/GEu++9wJFnN4Q9UO0Ue2BlCMUTzVJQnHZvmXIzm94mMnXhVLs5EjzDLH677tJaGRjk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3194
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/vCrx0qTjpZzmFFOLMUwcEF0nETk>
Subject: Re: [Emu] Francesca Palombini's Discuss on draft-ietf-emu-eap-noob-04: (with DISCUSS and COMMENT)
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jul 2021 09:34:02 -0000

Hi Francesca,

We have submitted a new version ( 
https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-noob-05 ) which 
hopefully addresses your comments. Here is the diff for your 
convenience: 
https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-noob-05.txt

See our answers below.

--Mohit

On 4/20/21 1:37 AM, Francesca Palombini via Datatracker wrote:
> Francesca Palombini has entered the following ballot position for
> draft-ietf-emu-eap-noob-04: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer tohttps://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-emu-eap-noob/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> Thank you for the work on this document. I have a couple of blocking comments
> related to the IANA section, which should be easy to fix, plus some minor non
> blocking comments below.
>
> Francesca
>
> 1. -----
>
> Section 5.
>
> FP: IANA is requested to create a sub registry to the EAP registry, but there
> is no actual "Nimble out-of-band authentication for EAP Parameters" registry
> defined, nor values registered in it. Either this is a new page or (I would
> suggest) the subregistries are just created directly under the EAP page.
This question was also asked by Sabrina during the IANA review.  A 
separate URL (or page) for EAP-NOOB is what we intended. There is 
precedence for such an approach: EAP-FAST. There is a separate URL for 
EAP-FAST parameters: 
https://www.iana.org/assignments/eap-fast-parameters/eap-fast-parameters.xhtml 
but all the sub registries are still listed on the main EAP registry 
with links (such as 
https://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml#eap-numbers-5). 
So we are hoping for the same, i.e.: i) a separate URL for the EAP-NOOB 
registry titled "Nimble out-of-band authentication for EAP Parameters", 
ii) the separate URL should contain sub registries listed in section 5.1 
to 5.5 of the draft, iii) the sub registries are listed in the EAP 
Registry 
(https://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml) only as 
links pointing to the URL to the separate EAP-NOOB registry.
> 2. -----
>
> Section 5.1 and following
>
> FP: This document defines several new registry with policy Specification
> required, which will need designated experts.
> https://tools.ietf.org/html/rfc8126#section-5.3  states that:
>
>     When a designated expert is used, the documentation should give clear
>     guidance to the designated expert, laying out criteria for performing
>     an evaluation and reasons for rejecting a request.  In the case where
>
> I believe designated expert guidance should be added to this document.
We have added section "Guidance for Designated Experts": 
https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-noob-05#section-5.7. 
We hope this is sufficient.
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> 3. -----
>
>     document are to be interpreted as described in [RFC2119].
>
> FP: Please update as indicated by RFC 8174.
Done.
> 4. -----
>
>     it supports, an indicator of the OOB channel directions it supports
>     (Dirs), and a ServerInfo object.  The peer chooses one of the
>
> FP: Please add a reference to where the ServerInfo object is defined, as this
> is its first occurrence.
>
> 5. -----
>
>            |      (Type=3,PeerId,PKs,Ns,[SleepTime])          |
>
> FP: SleepTime appear in the figure without having been introduced in the
> previous paragraph, as the other parameters. I would suggest adding a sentence
> about it, including a fw reference to where it is explained in detail (3.2.5).
As authors we have tried to strike a careful balance between explaining 
new terms when they are first occur vs. avoiding repetition and 
interruptions to the readability of the text. Therefore, some terms like 
ServerInfo, PeerInfo, SleepTime etc. are not defined immediately. We 
hope this is an acceptable compromise.
> 6. -----
>
>     use this serve-assigned NAI.  When the peer moves to the Registered
>
> FP: nit - s/serve/server
Fixed.
> 7. -----
>
>     and truncated to the 16 leftmost bytes of the output.  The message
>
> FP: please mention that network byte order is used (either here or in the
> terminology).
The byte order is relevant when encoding/decoding things like integers 
etc. While cryptographic hash functions may use integers or 32- or 
64-bit words internally, their output is a byte string, and the order of 
the bytes in that output is defined by each individual hash function 
specification (e.g. RFC 6234). We don’t think we should say anything 
that could lead to a programmer mistakenly reordering the bytes in the 
hash output.
> 8. -----
>
>     reasons.  New EAP output values MSK and EMSK may be needed because of
>
> FP: MSK and EMSK appear here for the first time, please expand.
Done.
> 9. -----
>
>        Hoob = H(Dir,Vers,Verp,PeerId,Cryptosuites,Dirs,ServerInfo,Cryptos
>        uitep,Dirp,[NewNAI],PeerInfo,0,PKs,Ns,PKp,Np,Noob).
>
>        ...
>
>        MACs = HMAC(Kms; 2,Vers,Verp,PeerId,Cryptosuites,Dirs,ServerInfo,C
>        ryptosuitep,Dirp,[NewNAI],PeerInfo,0,PKs,Ns,PKp,Np,Noob).
>
> FP: I would suggest to add a sentence explicitly stating that H and HMAC are
> the hash function and HMAC specified in this paragraph:
>
>     The fingerprint Hoob and the identifier NoobId are computed with the
>     cryptographic hash function specified in the negotiated cryptosuite
>     and truncated to the 16 leftmost bytes of the output.  The message
>     authentication codes (MACs, MACp, MACs2, MACp2) are computed with the
>     HMAC function [RFC2104] based on the same cryptographic hash function
>     and truncated to the 32 leftmost bytes of the output.

We have clarified the definitions of the functions H and HMAC as follows:

>  The fingerprint Hoob and the identifier NoobId are computed with the
>    cryptographic hash function H, which is specified in the negotiated
>    cryptosuite and truncated to the 16 leftmost bytes of the output.
>    The message authentication codes (MACs, MACp, MACs2, MACp2) are
>    computed with the function HMAC, which is the HMAC message
>    authentication code [RFC2104] based on the cryptographic hash
>    function H and truncated to the 32 leftmost bytes of the output.

> 10. -----
>
>     |                  | integer. The registration of cryptosuites is   |
>     |                  | specified in Section 5.1. Example values are   |
>     |                  | "[1]" and "1", respectively.                   |
>
> FP: not only registration, but also MTI and examples.
Added that the section also list the MTI cryptosuites.
> 11. -----
>
>     for EAP Parameters" registry.  Cryptosuites are identified by an
>     integer.  EAP-NOOB request and response pairs are identified by an
>
> FP: "Cryptosuite ... integer." I don't understand the point of having this
> sentence in this section, is this copy paste? (sections 5.2, 5.3)
Yes, I suspect a copy paste leftover. Thanks for catching this. We have 
removed this stray sentence.
> 12. -----
>
>            | 1007       | Invalid ECDHE key                      |
>
> FP: Out of curiosity, any special reason why this is not 1005?
Some error types were moved to a different category. We have changed 
this to 1005 now.
> 13. -----
>
> Appendix E.
>
> FP: are the examples generated with any of the implementations mentioned? It
> would be good to state that in the first paragraph of the appendix. Also I am
> curious if the JSON examples were validated.
The messages were generated with a python script 
(https://github.com/tuomaura/eap-noob/tree/master/test-vectors) and 
verified against the C implementation. The JSON examples are validated 
for basic syntactic correctness.
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu