Re: [Emu] Question for draft-ietf-emu-tls-eap-types-03

Carolin Baumgartner <latze@angry-red-pla.net> Thu, 01 July 2021 14:01 UTC

Return-Path: <latze@angry-red-pla.net>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52A923A0A1D for <emu@ietfa.amsl.com>; Thu, 1 Jul 2021 07:01:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.237
X-Spam-Level:
X-Spam-Status: No, score=-2.237 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.338, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DTC9TtOTWP8v for <emu@ietfa.amsl.com>; Thu, 1 Jul 2021 07:01:27 -0700 (PDT)
Received: from ans00.89grad.ch (ans00.89grad.ch [185.20.144.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DD823A0A19 for <emu@ietf.org>; Thu, 1 Jul 2021 07:01:26 -0700 (PDT)
Received: from [83.222.129.243] (unknown [83.222.129.243]) by ans00.89grad.ch (Postfix) with ESMTPSA id EA686DDF12 for <emu@ietf.org>; Thu, 1 Jul 2021 07:01:18 -0700 (PDT)
To: emu@ietf.org
References: <DB6D339A-710C-4EC4-9F8E-4B8602632AE1@deployingradius.com> <CABXxEz8EBUz_y1FmQTE9C8cpF+3vqy-mPCx8CnyUMZ72pNifAA@mail.gmail.com> <SJ0PR00MB1038767373E0DE9E3D7BE0DA95039@SJ0PR00MB1038.namprd00.prod.outlook.com> <C7DBE2EB-82BF-4229-B0AF-4BA48B2D45BC@deployingradius.com> <7332.1624927848@localhost> <4F79B7DB-7E55-4564-88AE-C6E2AF8FD293@deployingradius.com> <26359.1625006432@localhost> <BFA8E5C4-D368-41BF-AFA9-BAA35B666F8A@deployingradius.com> <a02d4815-dbfa-e0a0-99fb-0f53127f2fd1@lear.ch> <13DD39D5-57C4-48D2-868A-C4D530127095@deployingradius.com>
From: Carolin Baumgartner <latze@angry-red-pla.net>
Message-ID: <fbe41cb9-3adb-1f1d-a0f3-53db2a0e1379@angry-red-pla.net>
Date: Thu, 1 Jul 2021 16:01:18 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <13DD39D5-57C4-48D2-868A-C4D530127095@deployingradius.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/z5Qca89Vib8aUsawWjXwwGbAvZo>
Subject: Re: [Emu] Question for draft-ietf-emu-tls-eap-types-03
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jul 2021 14:01:32 -0000


On 7/1/21 3:23 PM, Alan DeKok wrote:
> On Jun 30, 2021, at 9:52 AM, Eliot Lear <lear@lear.ch> wrote:
>> I think we have to be a bit careful about using the term "TPM". What we care about are trust anchors, credentials, and operations on those.  Those objects might be stored in TPMs, but it seems to me that the protocol does not need to be aware of that.
>    Yes.
Well. Yes, that is one dimension. A TPM can also allow for more 
automated proofs of trust. However if the issue is how to talk to a 
device to get a certificate installed, you will face the same challenges 
with or without TPM since the operating system sits inbetween.

A TPM could also come with pre-installed device identity certificates. I 
am not sure that is happening a lot these days, so hm.

best regards
Carolin