IETF Logo Mail Archive

Re: [Gen-art] IETF LC review: draft-funk-eap-ttls-v0-04.txt

"Joel M. Halpern" <jmh@joelhalpern.com> Fri, 21 March 2008 23:29 UTC

Return-Path: <gen-art-bounces@ietf.org>
X-Original-To: ietfarch-gen-art-archive@core3.amsl.com
Delivered-To: ietfarch-gen-art-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DB80E3A6BC7; Fri, 21 Mar 2008 16:29:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.907
X-Spam-Level:
X-Spam-Status: No, score=-99.907 tagged_above=-999 required=5 tests=[AWL=0.530, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R1988oLtTSFr; Fri, 21 Mar 2008 16:29:22 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2173A28C4AF; Fri, 21 Mar 2008 16:29:21 -0700 (PDT)
X-Original-To: gen-art@core3.amsl.com
Delivered-To: gen-art@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 604D328C4A0 for <gen-art@core3.amsl.com>; Fri, 21 Mar 2008 16:29:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oEs4XzqfSw1e for <gen-art@core3.amsl.com>; Fri, 21 Mar 2008 16:29:19 -0700 (PDT)
Received: from bender-mail.tigertech.net (bender-mail.tigertech.net [64.62.209.30]) by core3.amsl.com (Postfix) with ESMTP id 340B928C598 for <gen-art@ietf.org>; Fri, 21 Mar 2008 16:29:15 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by bender.tigertech.net (Postfix) with ESMTP id 98E057DD6; Fri, 21 Mar 2008 16:26:57 -0700 (PDT)
Received: from [10.10.10.101] (pool-71-161-50-201.clppva.east.verizon.net [71.161.50.201]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by bender.tigertech.net (Postfix) with ESMTP id 7E0767DA4; Fri, 21 Mar 2008 16:26:55 -0700 (PDT)
Message-ID: <47E4443B.5010904@joelhalpern.com>
Date: Fri, 21 Mar 2008 19:26:51 -0400
From: "Joel M. Halpern" <jmh@joelhalpern.com>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
To: Mary Barnes <mary.barnes@nortel.com>
References: <F66D7286825402429571678A16C2F5EE02834C94@zrc2hxm1.corp.nortel.com>
In-Reply-To: <F66D7286825402429571678A16C2F5EE02834C94@zrc2hxm1.corp.nortel.com>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at tigertech.net
Cc: Jari Arkko <jari.arkko@piuha.net>, gen-art@ietf.org
Subject: Re: [Gen-art] IETF LC review: draft-funk-eap-ttls-v0-04.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: gen-art-bounces@ietf.org
Errors-To: gen-art-bounces@ietf.org

I have been selected as the General Area Review Team (Gen-ART)
reviewer for this draft (for background on Gen-ART, please see
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).

Please resolve these comments along with any other Last Call comments
you may receive.


Document: EAP Tunneled TLS Authentication Protocol Version 0
Reviewer: Joel M. Halpern
Review Date:  21-March-2008
IETF LC End Date: 2-April-2008
IESG Telechat date: N/A

Summary: This document is ready for publication as an Informational RFC. 
  If a revision is to be done, it would make sense to consider the first 
two comments below, and see if the minor comments can be usefully addressed.

Comments:
	There are two sets of AVPs defined by this document.  One set goes in 
the EAP-TTLS Start packet from the server to the client.  The other set 
are used in the inner TLS protected exchange.  The first set are 
referenced in section 9.2.  But as far as I can tell, there is no 
description of what valid AVPs may appear here.  Even if they are the 
same AVPs as go inside, some text explaining this in section 9.2 would 
be helpful.
	Section 7.2 talks about the application utilizing EAP-TTLS specifying 
the information to be exchanged.  It is not clear to me what is meant by 
"application" here.  Does this mean the different authentication 
mechanisms that the client can select?  Or something else?  (If 
something else, how is it known.)  A bit of explanatory text would 
probably help.

Minor:
     The text in section 7.8 talks about the different versions of TLS 
that can be used.  It would be useful (assuming I have correctly 
understood the protocol) if the text noted that these versions are 
negotiated by TLS, as part of carrying TLS over TTLS.
     Section 11.3 on multiple authentication methods could use a couple 
of extra words at the front.  Something like "When the client has 
selected EAP for authentication, the AAA/H server may request multiple 
forms of Authentication."  Otherwise, the reader tries to tie this to 
the entirety of 11.2 (client specified authentication) and may get very 
confused before finding at the end of the section the note that this 
only applies to EAP.  (Leave the note.  Just add text at the beginning.)


I presume I will find out how the communicating parties agree on what 
"application" is utilizing EAP-TTLS some time after section 7.2?




_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www.ietf.org/mailman/listinfo/gen-art

v2.23.0 | Report a Bug | By Email