[Emu] TEAP - RFC 7170 - Errata ID 5768
Oleg Pekar <oleg.pekar.2017@gmail.com> Tue, 05 May 2020 13:27 UTC
Return-Path: <oleg.pekar.2017@gmail.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D7853A0768 for <emu@ietfa.amsl.com>; Tue, 5 May 2020 06:27:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level:
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z2VQE70X6uTa for <emu@ietfa.amsl.com>; Tue, 5 May 2020 06:27:36 -0700 (PDT)
Received: from mail-oi1-x22f.google.com (mail-oi1-x22f.google.com [IPv6:2607:f8b0:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3ECE3A073D for <emu@ietf.org>; Tue, 5 May 2020 06:27:36 -0700 (PDT)
Received: by mail-oi1-x22f.google.com with SMTP id r66so1916429oie.5 for <emu@ietf.org>; Tue, 05 May 2020 06:27:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=XY1DJU6XLHug/ecZzZCSARSoDhhBhge1bls8hBUS/NU=; b=LLB7KEtKXT9w4OfVxwUlD3pfLxSWVPwDwGWe4d+BWdMktPEBQsiEDRfJ8GW4zO7ylR Mai4IJBnu/bXvY/FI4ZNJA8wFVwNCtsld9oP/ZJ7lpP/gMzveeGiQkweCCueXwKxxS4I kZSqYc1codKtsPn/jykzfjBR3nflIsRu6OlxjcTcWoUZwfTqc+EqwFh1B2eRJYmSn2d8 s+Nmi0m+pYlyfTL4lcTPH9b6cs+H7t7TKQfy48JB5JowTKJF4bEd2mecXMm47kUvbejs npWsojWO1pTfc7zHeLlVejMtWz5OSvm8iImGuSn4ezJVABrNTmpMp/A2jGDB3pEfhRMY Mpzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=XY1DJU6XLHug/ecZzZCSARSoDhhBhge1bls8hBUS/NU=; b=JexUMxbeiduKOcznPf7ejWqaBfH6jkWIwj/mJfkQ9autm6v1EEKysQHl7f2ia7R4F+ tWwlR/ehbtH3BTZl9VrkSXQNxciFnpfgt7mkdwg7i0W0gGmnaZLmETsqbf8l1GBSHWCQ n6OzGz9p9tIhwtTF0/XvQe0qEPTeFCL8ZfO2JftisZ7b9FDooIcGasioX/YmBcweh2jd 6HDPyXYWChKr2dXdX5GfpD+6XkAMnPK+FB6eJBULOXgMDEnD5NRf36T7Wg6LjixxkIgJ Lz10MNjdliVq+A4IG69v6FTD1VGk2F13iccgmXtTYtI0TaH5N95Uw0WMnIxQH5sTX5fJ sk7g==
X-Gm-Message-State: AGi0PuYJmKhfl22JXyCQATAuylLq06Jdbq/LHpLL4Nj4DhJUxk/egvLZ 31K6Ggtz7sBTozWjFgSo02t6fDhM5tj86PNw0/kP/ALC
X-Google-Smtp-Source: APiQypLHa5MsD2G+AGCVNszMT5c8R4/npx7wMPOd5VvbBv+7Fecw5M/nJp+WgSmke0gG8Fkj75JoXr35NIU4XQm3SrI=
X-Received: by 2002:aca:c4d3:: with SMTP id u202mr2387839oif.113.1588685255980; Tue, 05 May 2020 06:27:35 -0700 (PDT)
MIME-Version: 1.0
From: Oleg Pekar <oleg.pekar.2017@gmail.com>
Date: Tue, 05 May 2020 16:27:24 +0300
Message-ID: <CABXxEz-LyyWcxvArfoU=JEcAEtun9T2wkADAB9_sw8zdGc2R2g@mail.gmail.com>
To: Jouni Malinen <j@w1.fi>, EMU WG <emu@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000057ba6e05a4e69c0a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/vKT9whCsU0bWZ-BZT2Y8faRbRsM>
Subject: [Emu] TEAP - RFC 7170 - Errata ID 5768
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 May 2020 13:27:38 -0000
Hi Jouni, I propose the following fix for the issues described in this errata id: 1) In Section "4.2.13. Crypto-Binding TLV" make "EMSK Compound MAC" and "MSK Compound MAC" fields 32 octets long (currently 20 octets). The MAC value is truncated at 32 octets if it is longer than 32 octets or padded to a length of 32 octets with zeros to the right if it is less than 32 octets. The length of the TLV should be changed to 100 bytes (currently 76). The motivation is to keep collision-resistance strength of MAC on 128 bit. Hash value truncation is described in "NIST Special Publication 800-107 Revision 1: Recommendation for Applications Using Approved Hash Algorithms" <https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-107r1.pdf> 2) In Section "5.3. Computing the Compound MAC" specify that "MAC is the MAC function negotiated in TLS of TEAP Phase 1" (currently it says TLS 1.2) The motivation is to support TLS 1.2, 1.3 and possibly later TLS versions. 3) In Section "5.3. Computing the Compound MAC" when specifying the list of field to be placed in the BUFFER" should say "...2 A single octet contains TEAP EAP method type 0x37". Alternatively it could be "...2 A single octet contains EAP Type of the inner EAP method related to the calculation or 0 if no inner EAP method was executed" (currently "...2 The EAP Type sent by the other party in the first TEAP message") Please note that there's still a discussion on sending Crypto-Binding TLV on "Authentication inner EAP method" or "Inner EAP method that exports MSK" only. Thanks Oleg
- [Emu] TEAP - RFC 7170 - Errata ID 5768 Oleg Pekar
- Re: [Emu] TEAP - RFC 7170 - Errata ID 5768 Jorge Vergara
- Re: [Emu] TEAP - RFC 7170 - Errata ID 5768 Joseph Salowey
- Re: [Emu] TEAP - RFC 7170 - Errata ID 5768 Jorge Vergara
- Re: [Emu] TEAP - RFC 7170 - Errata ID 5768 Oleg Pekar
- Re: [Emu] TEAP - RFC 7170 - Errata ID 5768 Joseph Salowey