IETF Logo Mail Archive

Re: [Emu] Adoption call for EAP-DPP

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 14 September 2022 15:02 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8855C14CE33 for <emu@ietfa.amsl.com>; Wed, 14 Sep 2022 08:02:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.57
X-Spam-Level:
X-Spam-Status: No, score=-0.57 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_24_48=1.34, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PbgmD3UPqkPN for <emu@ietfa.amsl.com>; Wed, 14 Sep 2022 08:02:52 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E6CFC14F748 for <emu@ietf.org>; Wed, 14 Sep 2022 08:02:23 -0700 (PDT)
Received: from dooku.sandelman.ca (dynamic-046-114-142-078.46.114.pool.telefonica.de [46.114.142.78]) by relay.sandelman.ca (Postfix) with ESMTPS id 0DD781F4AE; Wed, 14 Sep 2022 14:52:26 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id C0A321A02BF; Tue, 13 Sep 2022 13:13:27 +0200 (CEST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Peter Yee <peter@akayla.com>, emu@ietf.org
In-reply-to: <006a01d8c33f$89efa6d0$9dcef470$@akayla.com>
References: <006a01d8c33f$89efa6d0$9dcef470$@akayla.com>
Comments: In-reply-to "Peter Yee" <peter@akayla.com> message dated "Wed, 07 Sep 2022 21:57:46 -0700."
X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 27.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Tue, 13 Sep 2022 13:13:27 +0200
Message-ID: <112784.1663067607@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/wn5myEVZLW2KON5mWTDrzOcNCNM>
Subject: Re: [Emu] Adoption call for EAP-DPP
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Sep 2022 15:02:57 -0000

I have read draft-friel-tls-eap-dpp-05.
I have no objection to the WG working on such a thing, but I think that there
is actually quite a lot of work left to do.

I think that the section 3, which explains the EAP connection (and the
motivation for the work) should probably come before the extension and the
cryptographic explanation!

I find the document quite weak even in section 3.
I think that the EAP server (Authentication Server) is meant to use the OOB
public key to authenticate the new device.

I'm rather vague as to how the Authentication Server knows what identity to
use to look the public key up, and how the privacy of this identity is
preserved.

Does the device get any indication that it has been plugged into the correct
network?  Is there any authenticatin of the Authentication Server?
While I acknowledge you are not trying to implement BRSKI (RFC8995) or SZTP
(RFC8572), it would be good if your Security Considerations addressed some of
the same issues that those documents deal with.



-- 
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email