Re: [Gen-art] IETF LC review: draft-funk-eap-ttls-v0-04.txt
Lakshminath Dondeti <ldondeti@qualcomm.com> Wed, 26 March 2008 05:01 UTC
Return-Path: <gen-art-bounces@ietf.org>
X-Original-To: ietfarch-gen-art-archive@core3.amsl.com
Delivered-To: ietfarch-gen-art-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1C07928C15F; Tue, 25 Mar 2008 22:01:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.593
X-Spam-Level:
X-Spam-Status: No, score=-100.593 tagged_above=-999 required=5 tests=[AWL=-0.156, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gubpSG-lg9AQ; Tue, 25 Mar 2008 22:01:15 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EBD523A67DA; Tue, 25 Mar 2008 22:01:15 -0700 (PDT)
X-Original-To: gen-art@core3.amsl.com
Delivered-To: gen-art@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 58F133A68DB for <gen-art@core3.amsl.com>; Tue, 25 Mar 2008 22:01:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IrlmnjZ6ClM7 for <gen-art@core3.amsl.com>; Tue, 25 Mar 2008 22:01:09 -0700 (PDT)
Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) by core3.amsl.com (Postfix) with ESMTP id D2D123A67DA for <gen-art@ietf.org>; Tue, 25 Mar 2008 22:01:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=ldondeti@qualcomm.com; q=dns/txt; s=qcdkim; t=1206507527; x=1238043527; h=message-id:date:from:user-agent:mime-version:to:cc: subject:references:in-reply-to:content-type: content-transfer-encoding:x-ironport-av; z=Message-ID:=20<47E9D805.6060907@qualcomm.com>|Date:=20Tu e,=2025=20Mar=202008=2021:58:45=20-0700|From:=20Lakshmina th=20Dondeti=20<ldondeti@qualcomm.com>|User-Agent:=20Thun derbird=202.0.0.12=20(Windows/20080213)|MIME-Version:=201 .0|To:=20"Joel=20M.=20Halpern"=20<jmh@joelhalpern.com> |CC:=20Mary=20Barnes=20<mary.barnes@nortel.com>,=20gen-ar t@ietf.org,=0D=0A=20=20=20=20=20=20=20=20Jari=20Arkko=20< jari.arkko@piuha.net>,=20PaulFunk@alum.mit.edu|Subject: =20Re:=20[Gen-art]=20=20IETF=20LC=20review:=20draft-funk- eap-ttls-v0-04.txt|References:=20<F66D7286825402429571678 A16C2F5EE02834C94@zrc2hxm1.corp.nortel.com>=20<47E4443B.5 010904@joelhalpern.com>|In-Reply-To:=20<47E4443B.5010904@ joelhalpern.com>|Content-Type:=20text/plain=3B=20charset =3DISO-8859-15=3B=20format=3Dflowed |Content-Transfer-Encoding:=207bit|X-IronPort-AV:=20E=3DM cAfee=3Bi=3D"5200,2160,5259"=3B=20a=3D"1304014"; bh=B1fKlsHt3ZQ82xlRXbQxJiQvPjGCpJ0huz63fy+KsyI=; b=GTRkUtAr4MEaJucieaZzY2OCiDS9M1BXIhhwzLTNkd1jAoWBpETgeIpc C2ZiR9p+H9Ikr8pfkXYJ0eK8asmdsHH/NNlIdKWdBbQ44lvztvGXPm0MJ 0DoiqNydBdT9Z3kgI4eEL32467CLby/9d00lIy9M9anudqIYpe7WtghNr A=;
X-IronPort-AV: E=McAfee;i="5200,2160,5259"; a="1304014"
Received: from pdmz-ns-mip.qualcomm.com (HELO ithilien.qualcomm.com) ([199.106.114.10]) by wolverine02.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 25 Mar 2008 21:58:47 -0700
Received: from msgtransport02.qualcomm.com (msgtransport02.qualcomm.com [129.46.61.151]) by ithilien.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id m2Q4wksR020101 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 25 Mar 2008 21:58:47 -0700
Received: from [10.50.64.188] (qconnect-10-50-64-188.qualcomm.com [10.50.64.188]) by msgtransport02.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id m2Q4wjH0008727 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 25 Mar 2008 21:58:45 -0700
Message-ID: <47E9D805.6060907@qualcomm.com>
Date: Tue, 25 Mar 2008 21:58:45 -0700
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
To: "Joel M. Halpern" <jmh@joelhalpern.com>
References: <F66D7286825402429571678A16C2F5EE02834C94@zrc2hxm1.corp.nortel.com> <47E4443B.5010904@joelhalpern.com>
In-Reply-To: <47E4443B.5010904@joelhalpern.com>
Cc: gen-art@ietf.org, Jari Arkko <jari.arkko@piuha.net>, PaulFunk@alum.mit.edu
Subject: Re: [Gen-art] IETF LC review: draft-funk-eap-ttls-v0-04.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: gen-art-bounces@ietf.org
Errors-To: gen-art-bounces@ietf.org
Hi Joel, Thank you for your timely and considered review. Paul's responses below. regards, Lakshminath > > -----Original Message----- > > From: Lakshminath Dondeti [mailto:ldondeti@qualcomm.com] > > Sent: Tuesday, March 25, 2008 7:06 PM > > To: PaulFunk@alum.mit.edu > > Subject: [Fwd: Re: [Gen-art] IETF LC review: draft-funk-eap-ttls-v0-04.txt] > > > > > > > > -------- Original Message -------- > > Subject: Re: [Gen-art] IETF LC review: draft-funk-eap-ttls-v0-04.txt > > Date: Fri, 21 Mar 2008 19:26:51 -0400 > > From: Joel M. Halpern <jmh@joelhalpern.com> > > To: Mary Barnes <mary.barnes@nortel.com> > > CC: gen-art@ietf.org, Lakshminath Dondeti <ldondeti@qualcomm.com>, > > Jari Arkko <jari.arkko@piuha.net> > > References: > > <F66D7286825402429571678A16C2F5EE02834C94@zrc2hxm1.corp.nortel.com> > > > > I have been selected as the General Area Review Team (Gen-ART) > > reviewer for this draft (for background on Gen-ART, please see > > http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). > > > > Please resolve these comments along with any other Last Call comments > > you may receive. > > > > > > Document: EAP Tunneled TLS Authentication Protocol Version 0 > > Reviewer: Joel M. Halpern > > Review Date: 21-March-2008 > > IETF LC End Date: 2-April-2008 > > IESG Telechat date: N/A > > > > Summary: This document is ready for publication as an Informational RFC. > > If a revision is to be done, it would make sense to consider the first > > two comments below, and see if the minor comments can be usefully addressed. > > > > Comments: > > There are two sets of AVPs defined by this document. One set goes in > > the EAP-TTLS Start packet from the server to the client. The other set > > are used in the inner TLS protected exchange. The first set are > > referenced in section 9.2. But as far as I can tell, there is no > > description of what valid AVPs may appear here. Even if they are the > > same AVPs as go inside, some text explaining this in section 9.2 would > > be helpful. [pf] Section 9.2 indicates that AVPs may be sent in the clear in the initial Start packet from the server. I don't know if any implementation uses this feature. Possible uses are indicated in the text. While there is no currently defined use case, the purpose of including this text was: 1 To ensure that receivers understand that there might be data following the Start indication, so they won't reject the packet on that basis. 2 To define the format of any such data to prevent overloading and consequent misinterpretation. Future specs can define uses for Start packet AVPs, within the confines that are currently specified. > > Section 7.2 talks about the application utilizing EAP-TTLS specifying > > the information to be exchanged. It is not clear to me what is meant by > > "application" here. Does this mean the different authentication > > mechanisms that the client can select? Or something else? (If > > something else, how is it known.) A bit of explanatory text would > > probably help. [pf] "Application" here simply means whatever pre-conceived use TTLS is being put to, that is, a context understood by client and server; e.g. 802.11, WiMA, IKEv2. Such "applications" are free to specify particular AVP exchanges required to enable features of the application. > > > > Minor: > > The text in section 7.8 talks about the different versions of TLS > > that can be used. It would be useful (assuming I have correctly > > understood the protocol) if the text noted that these versions are > > negotiated by TLS, as part of carrying TLS over TTLS. [pf] It already does, in the immediately preceding section 7.7. > > Section 11.3 on multiple authentication methods could use a couple > > of extra words at the front. Something like "When the client has > > selected EAP for authentication, the AAA/H server may request multiple > > forms of Authentication." Otherwise, the reader tries to tie this to > > the entirety of 11.2 (client specified authentication) and may get very > > confused before finding at the end of the section the note that this > > only applies to EAP. (Leave the note. Just add text at the beginning.) [pf] The first sentence of the second paragraph does say "using EAP", indicating that this is an EAP-related mechanism. The final note reinforces this. > > > > > > I presume I will find out how the communicating parties agree on what > > "application" is utilizing EAP-TTLS some time after section 7.2? [pf] No, "application" is assumed to be implicit. For example, the client knows what type of network it is authenticating to, and the server either because it is deployed to handle a particular application or because the carrier protocol tells it (e.g. Service-Type in RADIUS). > > > > > > On 3/21/2008 4:26 PM, Joel M. Halpern wrote: > I have been selected as the General Area Review Team (Gen-ART) > reviewer for this draft (for background on Gen-ART, please see > http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). > > Please resolve these comments along with any other Last Call comments > you may receive. > > > Document: EAP Tunneled TLS Authentication Protocol Version 0 > Reviewer: Joel M. Halpern > Review Date: 21-March-2008 > IETF LC End Date: 2-April-2008 > IESG Telechat date: N/A > > Summary: This document is ready for publication as an Informational RFC. > If a revision is to be done, it would make sense to consider the first > two comments below, and see if the minor comments can be usefully > addressed. > > Comments: > There are two sets of AVPs defined by this document. One set goes > in the EAP-TTLS Start packet from the server to the client. The other > set are used in the inner TLS protected exchange. The first set are > referenced in section 9.2. But as far as I can tell, there is no > description of what valid AVPs may appear here. Even if they are the > same AVPs as go inside, some text explaining this in section 9.2 would > be helpful. > Section 7.2 talks about the application utilizing EAP-TTLS > specifying the information to be exchanged. It is not clear to me what > is meant by "application" here. Does this mean the different > authentication mechanisms that the client can select? Or something > else? (If something else, how is it known.) A bit of explanatory text > would probably help. > > Minor: > The text in section 7.8 talks about the different versions of TLS > that can be used. It would be useful (assuming I have correctly > understood the protocol) if the text noted that these versions are > negotiated by TLS, as part of carrying TLS over TTLS. > Section 11.3 on multiple authentication methods could use a couple > of extra words at the front. Something like "When the client has > selected EAP for authentication, the AAA/H server may request multiple > forms of Authentication." Otherwise, the reader tries to tie this to > the entirety of 11.2 (client specified authentication) and may get very > confused before finding at the end of the section the note that this > only applies to EAP. (Leave the note. Just add text at the beginning.) > > > I presume I will find out how the communicating parties agree on what > "application" is utilizing EAP-TTLS some time after section 7.2? > > > > > _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www.ietf.org/mailman/listinfo/gen-art
- [Gen-art] A *new* batch of IETF LC reviews - 20 M… Mary Barnes
- Re: [Gen-art] IETF LC review: draft-funk-eap-ttls… Joel M. Halpern
- Re: [Gen-art] IETF LC review: draft-funk-eap-ttls… Lakshminath Dondeti
- Re: [Gen-art] IETF LC review: draft-funk-eap-ttls… Joel M. Halpern