Re: [Reap] [saag] PSA: New list for discussing EAP related methods

Bernard Aboba <bernard.aboba@gmail.com> Fri, 27 October 2017 01:16 UTC

Return-Path: <bernard.aboba@gmail.com>
X-Original-To: reap@ietfa.amsl.com
Delivered-To: reap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5E3F13B1A9; Thu, 26 Oct 2017 18:16:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o6UInMo_u_4w; Thu, 26 Oct 2017 18:16:26 -0700 (PDT)
Received: from mail-ua0-x22c.google.com (mail-ua0-x22c.google.com [IPv6:2607:f8b0:400c:c08::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23C1A138BD2; Thu, 26 Oct 2017 18:16:26 -0700 (PDT)
Received: by mail-ua0-x22c.google.com with SMTP id w45so3805124uac.3; Thu, 26 Oct 2017 18:16:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=1uwYbky3C/SRVCqquB9ZdxcbJCEalXgawNhznVOkDig=; b=JtU7D29YdU83zRB8ghOKaA6HQfewsmhJ2SXVtSi6ffpuXON6YmZAd8/R22GzkE0clR XvXN2vnec+CACACYy/fWUNlE9PNN5pUYD8xkSWOpZvqBv4aFBGCTROhVrB6X1cy7LHvR lL9M5mCWlHEp6v5pT0QsriB0N8LY34+kq3apU24W7zjq59xAEJ/+ABufHjpUgSdnOrNa tvYXsBMoL5FaIIHDli8b+IdDAcenGBrxHujNZahTb9/p5nyug1atUOR4MhepPJ6iw3Qe mFk7+pdMv69gFFEu71Wg9MgNHSkyy7zncDKkh5fwYeMQePJRkr0qtdtGBv2kmoNPJVLy RQ6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=1uwYbky3C/SRVCqquB9ZdxcbJCEalXgawNhznVOkDig=; b=bl3TGwyaUqpQIVLJ+MI74EBCyEAzDheqp7pJ4yyuy8TL6oncjRi0H0iNFSHn+IXTes W4P30Rh3Ekc0BarmHMKCyqGC7MJDkn7Fz6Co9Lp2WDuqQFkkyw/Z3mc8ejTdfbqxuzC6 3bHtx8Ss4DNcmqmXz49TByJuNIrdxdfwIcVl9l0YEi8zEVKExehU2gyRKxkp3MAV3pGp zq2P6JQKB+WkTDgsq4yBiOqJmZmuWKoQ48nDMdfTwONeG38crMwcUPgZoY4zDu6+2MWL hIdsc1xHXUHdcJBSJiLoaozdL2YtkNNldS8xSkTk/BdWwcuqLyjWq+nyJficBsEbYVXU gY7w==
X-Gm-Message-State: AMCzsaW/87Or0rkf31OG6fmm+4IgOHHMv2TbZpoLW4gS/6L99pLoIJOZ w1qsfvtu2rQ27OJ3x9O43y0ALSRMTzNbQYnn0j9oXA==
X-Google-Smtp-Source: ABhQp+Rg/46M2g6qGsX6aK9J2eg/maF9ne8Ar+JaBpXwA2Xs7wRtye/3MXRIlrpVYgSUNHF+yrdro1H0YTzI8oRj7Qo=
X-Received: by 10.176.20.225 with SMTP id f30mr5965780uae.66.1509066985064; Thu, 26 Oct 2017 18:16:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.159.38.130 with HTTP; Thu, 26 Oct 2017 18:16:04 -0700 (PDT)
In-Reply-To: <CAHbuEH74=Ca8oEWS5YpFByP1o3GaC0NajrZ8ChJxQAoffTajUg@mail.gmail.com>
References: <3dbe94b9-4b2d-1479-8433-8b040cb1cfba@ericsson.com> <CAOW+2ds9Sez7otrs682hqzzXR8qbJYAdPwW8A8TEL+ms_a0=UA@mail.gmail.com> <6b3dcad6-f00c-1fb9-4df6-19f3dc744371@ericsson.com> <CAHbuEH74=Ca8oEWS5YpFByP1o3GaC0NajrZ8ChJxQAoffTajUg@mail.gmail.com>
From: Bernard Aboba <bernard.aboba@gmail.com>
Date: Thu, 26 Oct 2017 18:16:04 -0700
Message-ID: <CAOW+2du_08fcfZs2878LsjnLV8L0cmDMa3pLN2cxQeHbFKxOCA@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Cc: Mohit Sethi <mohit.m.sethi@ericsson.com>, reap@ietf.org, "saag@ietf.org" <saag@ietf.org>
Content-Type: multipart/alternative; boundary="001a1145ab00964e7f055c7d0901"
Archived-At: <https://mailarchive.ietf.org/arch/msg/reap/HUjHhZDsohv0OtNDBJvYaUnA7u0>
Subject: Re: [Reap] [saag] PSA: New list for discussing EAP related methods
X-BeenThere: reap@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "REAP \(RENEW\) EAP" <reap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/reap>, <mailto:reap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/reap/>
List-Post: <mailto:reap@ietf.org>
List-Help: <mailto:reap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/reap>, <mailto:reap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Oct 2017 01:16:28 -0000

Yes, the EMU WG  list has been used for discussion of EAP methods since the
WG closed.

That list is a better venue for discussion of EAP  methods than a new REAP
list, so as to ensure that proper attention is paid to backward
compatibility, IPR, security properties and other critical aspects of EAP
method design.

After all, we are talking about a protocol that is 20+ years old that is
implemented on billions of devices, many of which utilize open-source.








On Thu, Oct 26, 2017 at 11:53 AM, Kathleen Moriarty <
kathleen.moriarty.ietf@gmail.com> wrote:

> On Thu, Oct 26, 2017 at 1:16 PM, Mohit Sethi <mohit.m.sethi@ericsson.com>
> wrote:
> > Hi Bernard,
> >
> > The EAP-TLS 1.3 document is a very rough drafty version that was
> submitted
> > before the cut-off for the last IETF. As you rightly point out, it has
> the
> > skeleton and a lot of material from RFC5216, and still many important
> > details are missing.
> >
> > The purpose of this list is to exactly receive these kind of comments.
> > Should RFC5216 be updated or obsoleted by this draft. And it would be
> great
> > if we can have your contributions to the document. We will definitely
> add an
> > acknowledgement section and contact the authors of RFC5216 to see if they
> > can contribute and comment. We plan to have more EAP related
> contributions
> > in the near future. We discussed this with the Security ADs and thought
> that
> > a separate list would be appropriate to get feedback/criticism and
> > contributions from the folks interested.
>
> I'm sorry, I didn't realize that a revision of 5216 was involved and
> that the authors were not notified at the onset as is normal practice
> in case they want to continue as authors.  Thank you for spotting this
> issue Bernard.
>
> Is there an existing list that should be used?  Is there adequate
> overlap in objectives and personnel?
>
> Thank you,
> Kathleen
>
> >
> > --Mohit
> >
> >
> > On 10/26/2017 06:51 PM, Bernard Aboba wrote:
> >
> > There are existing functioning IETF mailing lists relating to EAP.
> >
> > Why are you starting yet another one?
> >
> > From what I can tell, the EAP-TLS 1.3 draft is merely a copy of RFC 5216
> > (with no acknowledgement to the original authors) stating that EAP-TLS
> > implementations must support TLS 1.3.
> >
> > This is ridiculous because there are 1+ Billion existing implementations
> out
> > there that
> >
> >
> > On Thu, Oct 26, 2017 at 6:02 AM, Mohit Sethi <mohit.m.sethi@ericsson.com
> >
> > wrote:
> >>
> >> Dear all,
> >>
> >> We have started a mailing list for discussing new EAP related work that
> >> currently has no obvious home. The mailing list is called REAP (Renew
> EAP)
> >> reap@ietf.org and you can subscribe here:
> >> https://www.ietf.org/mailman/listinfo/reap
> >>
> >> Recently several new EAP methods have been proposed. These include for
> >> example:
> >>
> >> EAP-TLS 1.3: https://tools.ietf.org/html/draft-mattsson-eap-tls13-00
> >>
> >> EAP-NOOB: https://tools.ietf.org/html/draft-aura-eap-noob-02
> >>
> >> EAP-SASL: https://tools.ietf.org/html/draft-vanrein-eap-sasl-00
> >>
> >> The list serves as a venue for discussion of these and other EAP related
> >> drafts that will be submitted in the near future. As courtesy, we will
> post
> >> any new draft to SAAG, but we plan to continue the discussion only on
> the
> >> REAP mailing list. We have also asked for a short presentation slot
> during
> >> SECDISPATCH at IETF 100 in Singapore.
> >>
> >> Comments, early feedback, and discussion on existing or new work is more
> >> than welcome.
> >>
> >> --Mohit
> >>
> >> _______________________________________________
> >> saag mailing list
> >> saag@ietf.org
> >> https://www.ietf.org/mailman/listinfo/saag
> >
> >
> >
> >
> > _______________________________________________
> > saag mailing list
> > saag@ietf.org
> > https://www.ietf.org/mailman/listinfo/saag
> >
> >
> >
> > _______________________________________________
> > saag mailing list
> > saag@ietf.org
> > https://www.ietf.org/mailman/listinfo/saag
> >
>
>
>
> --
>
> Best regards,
> Kathleen
>