Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls13
John Mattsson <john.mattsson@ericsson.com> Mon, 09 March 2020 09:59 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C18223A09DE for <emu@ietfa.amsl.com>; Mon, 9 Mar 2020 02:59:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.09
X-Spam-Level:
X-Spam-Status: No, score=-2.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W4VhSPHtwNxO for <emu@ietfa.amsl.com>; Mon, 9 Mar 2020 02:59:45 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130088.outbound.protection.outlook.com [40.107.13.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F2553A09E1 for <emu@ietf.org>; Mon, 9 Mar 2020 02:59:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iYz6InaAC83KXaEjLIW03zkzF4URLSmse2R2FFBVa1kmbgKOVocg3Kh8FIGbEMga4yDU4PiFnNBkgk+mykfNI0g/S3RldsMyBpvLIBNHHlaq83mEY13Qa8hEPtRmLrf/yoFb6+80EIIxM0pvJj58pMDneFoN37R9fMvpV3X8n2FF4kxW9JZqQXvrKWBeXOaHZ7KBznBCr8wlACPVB1At6bes/VafndelTgGJZE1kOTZ2GJWw1PfTqOFK76yChfz9TNJTix7mwcsXViQjS7crlOBSoiFtujtL27J6OSg6oXFzkRHhgnUNoGBhsdyqm5rB2nm+HzTtDifgiwhcSskVAw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=xY8Rwe4xhfzATZZ9NTl71C7Q/dGkywPrv9lf6YDzlR4=; b=S35pVclu/HJBZPMq0Uul4NXlJAzU6iejUECqjPVDlJhMJ7NNsKbDpPc3FlCVXwBwLt8+yOCfeu7Gu3zIQJePDVoTBbDC3GO0TOhe9i4YN0xNgTU+gf0M/Cq7oW6J4f06yV/ZxRHsFvB4ml0ckvmEkR9lSKqGEE65QmfXszsat2mcRkQiRzN7QQpofSAR58dLpCV5TB6NovEvhyNwZgx/HMwcHPscg/J0wT+Jhn6dHn0vPE6ehQfFU8g+593tX9/ck2hHXvp13A5At25Qhq8++/MevonMfWIkSOjPAOuXA49RlUugddWh5s76RInFE1QcYPeZ5tz231mmVL1E3r57Bw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=xY8Rwe4xhfzATZZ9NTl71C7Q/dGkywPrv9lf6YDzlR4=; b=qaleh+8sIAfdg9qJh5JFO7QiYXdFb28WiE6hEnqXx3WP4vLMod9Z17yiFB9xwuelPZir2g+VjDFac/AhMljyD//XhlDmVyYMfKst5PxoFN7cfheDraU7ERx4qGs/q3b/Ui5NEZDl3tVxFLm5JR7yQcEcczU+SHAXFKHN+wk8oPA=
Received: from AM6PR07MB4134.eurprd07.prod.outlook.com (52.134.114.155) by AM6PR07MB5381.eurprd07.prod.outlook.com (20.178.89.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.11; Mon, 9 Mar 2020 09:59:40 +0000
Received: from AM6PR07MB4134.eurprd07.prod.outlook.com ([fe80::501f:822f:f9b5:eb71]) by AM6PR07MB4134.eurprd07.prod.outlook.com ([fe80::501f:822f:f9b5:eb71%7]) with mapi id 15.20.2814.007; Mon, 9 Mar 2020 09:59:40 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Russ Housley <housley@vigilsec.com>
CC: EMU WG <emu@ietf.org>
Thread-Topic: Late WGLC Comment on draft-ietf-emu-eap-tls13
Thread-Index: AQHVyjcAcGNFmr3DXk2wF06j2he/eahAbzsA
Date: Mon, 09 Mar 2020 09:59:40 +0000
Message-ID: <89644402-9B35-401A-92E1-062962B69BC0@ericsson.com>
References: <MN2PR11MB39011F2754371931D1CFF0CCDB780@MN2PR11MB3901.namprd11.prod.outlook.com> <FC4CD2F5-B5E2-4FFB-B81F-A67DC55CD24E@deployingradius.com> <3113156B-EB01-4BBA-B51A-38883656E457@vigilsec.com>
In-Reply-To: <3113156B-EB01-4BBA-B51A-38883656E457@vigilsec.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.22.0.200209
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [192.176.1.85]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4d98d62b-e941-4023-ea45-08d7c41095b1
x-ms-traffictypediagnostic: AM6PR07MB5381:
x-microsoft-antispam-prvs: <AM6PR07MB538185ACB5CFEC8E71B23D1889FE0@AM6PR07MB5381.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0337AFFE9A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(396003)(346002)(39860400002)(366004)(136003)(189003)(199004)(4326008)(186003)(33656002)(36756003)(6512007)(6916009)(478600001)(86362001)(26005)(81166006)(81156014)(2616005)(5660300002)(64756008)(316002)(6506007)(66476007)(53546011)(66556008)(2906002)(66446008)(8676002)(8936002)(66946007)(76116006)(6486002)(91956017)(71200400001)(44832011); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR07MB5381; H:AM6PR07MB4134.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2A3vN5bj9XoirVv/EZIFhnH+iXJP+Duq680tvJQQw/Uz91sjktwZRNTp6lHPEOH9YyZNsKZFgoWlmZd6DBf0PibsQpn+A6//rsqVQ5VF8LeHgWtXQeBPuRLGmGnDmX3Zx4JjU0WfJag3c4l695CwKPDfeZ8Be0TaE1Ezl6tTxm1HYYGFuvE5o4IXsXlhQVPP6sx6p1YI2fs1D0HTWGvT9mlRJWzYRvVgfLWK7REyMPOPJkqOmVe52XkIGHSihTm0G73IPF4PKAs673LhLH2lIFfmBDeXHvEi6xUoCSGGrC9yriE2up3FX1QwXFUPxf/GApQdiDVYa45AVH0BKZqFwkmwi6ok40u/+2OjIWPTTCMXDVgiF/K+QzYJRar0mdHCsnTFCWlznD7cTQD8lUfWJU087xYUxoly79LUee+cwHEi53tzKucGSXw6+1Sgx6HE
x-ms-exchange-antispam-messagedata: oFvc3BqCvHI+4CPj94Fi/GY7crOOCJFXjfOKYVeFJH2TR373wPFGUH4EYz7Upr9084ktb1VQjOZzpYczm6yw7eovhU8CUTYdYnItDkkP4pw9nO+vWzra0eGQbZDXiiQvnYNQzXcgd3BEt61b6y1c0Q==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <02AA3511E71F6F4DB4F271C1C5950E67@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4d98d62b-e941-4023-ea45-08d7c41095b1
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2020 09:59:40.4751 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: a+q2ujkeB2JhG4p5qktzdcUnRNdOdnocw86tOk0Kimg65+jEgZl0pp3dHhLkSsAFnwk+BSUFdN0jGi1Hg4TCAfQ4CK6Fz1MF0ZAnJ4h+ehA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB5381
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/wHVu9_YZ0RrJu3rirtbWOjoYiaM>
Subject: Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls13
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2020 09:59:51 -0000
Hi Russ, Sorry for the late reply. I actually brought up your draft [ID-ietf-tls-tls13-cert-with-extern-psk] during my EMU presentation at IETF 106 as something that should probably be in EAP-TLS. Bernard Aboba then expressed a very strong opinion that [ID-ietf-tls-tls13-cert-with-extern-psk] should absolutely not be included in the EAP-TLS Type-Code 0x0D. After this the WG decided as a way forward to specify EAP-TLS with PSK authentication in a new draft. Given these strong opinions from Bernard Aboba, and the wish to publish draft-ietf-emu-eap-tls13 soon. I think the best way forward would be specify the use of [ID-ietf-tls-tls13-cert-with-extern-psk] in the same new draft as EAP-TLS with PSK authentication. Does that sound like an acceptable way forward? Cheers, John -----Original Message----- From: Russ Housley <housley@vigilsec.com> Date: Monday, 13 January 2020 at 18:29 To: John Mattsson <john.mattsson@ericsson.com> Cc: EMU WG <emu@ietf.org> Subject: Late WGLC Comment on draft-ietf-emu-eap-tls13 John: Section 2.1.1 says: Pre-Shared Key (PSK) authentication SHALL NOT be used except for resumption. I would rather this say: Pre-Shared Key (PSK) authentication SHALL NOT be used except for resumption or in conjunction with the "tls_cert_with_extern_psk" extension [ID-ietf-tls-tls13-cert-with-extern-psk]. Russ
- [Emu] EAP questions (RE: POST WGLC Comments draft… Owen Friel (ofriel)
- Re: [Emu] EAP questions (RE: POST WGLC Comments d… Alan DeKok
- [Emu] BRSKI-TEAP vs regular connection (was Re: E… Michael Richardson
- Re: [Emu] EAP questions (RE: POST WGLC Comments d… Owen Friel (ofriel)
- Re: [Emu] EAP questions (RE: POST WGLC Comments d… Alan DeKok
- [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls… Russ Housley
- Re: [Emu] BRSKI-TEAP vs regular connection (was R… Eliot Lear (elear)
- Re: [Emu] BRSKI-TEAP vs regular connection (was R… Michael Richardson
- Re: [Emu] BRSKI-TEAP vs regular connection (was R… Eliot Lear (elear)
- Re: [Emu] BRSKI-TEAP vs regular connection (was R… Michael Richardson
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… John Mattsson
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… Russ Housley
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… Mohit Sethi M
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… Russ Housley
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… John Mattsson
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… Mohit Sethi M
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… Alan DeKok
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… Owen Friel (ofriel)
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… Alan DeKok
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… John Mattsson
- Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap… Alan DeKok