Re: [Reap] [saag] PSA: New list for discussing EAP related methods

Mohit Sethi <mohit.m.sethi@ericsson.com> Sun, 29 October 2017 17:46 UTC

Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: reap@ietfa.amsl.com
Delivered-To: reap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 242CE1388A9; Sun, 29 Oct 2017 10:46:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qvHtfVXJpBVz; Sun, 29 Oct 2017 10:46:35 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53E4F1389AC; Sun, 29 Oct 2017 10:46:30 -0700 (PDT)
X-AuditID: c1b4fb3a-de7ff70000006897-a6-59f613f47be4
Received: from ESESSHC017.ericsson.se (Unknown_Domain [153.88.183.69]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 1A.5D.26775.4F316F95; Sun, 29 Oct 2017 18:46:28 +0100 (CET)
Received: from nomadiclab.fi.eu.ericsson.se (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.71) with Microsoft SMTP Server id 14.3.352.0; Sun, 29 Oct 2017 18:46:27 +0100
Received: from nomadiclab.fi.eu.ericsson.se (localhost [127.0.0.1]) by nomadiclab.fi.eu.ericsson.se (Postfix) with ESMTP id 81E9D4EE5E; Sun, 29 Oct 2017 19:48:33 +0200 (EET)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by nomadiclab.fi.eu.ericsson.se (Postfix) with ESMTP id DC5514E689; Sun, 29 Oct 2017 19:48:32 +0200 (EET)
To: Bernard Aboba <bernard.aboba@gmail.com>, Zhen Cao <zhencao.ietf@gmail.com>
CC: reap@ietf.org, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Mohit Sethi <mohit.m.sethi@ericsson.com>, "saag@ietf.org" <saag@ietf.org>
References: <3dbe94b9-4b2d-1479-8433-8b040cb1cfba@ericsson.com> <CAOW+2ds9Sez7otrs682hqzzXR8qbJYAdPwW8A8TEL+ms_a0=UA@mail.gmail.com> <6b3dcad6-f00c-1fb9-4df6-19f3dc744371@ericsson.com> <CAHbuEH74=Ca8oEWS5YpFByP1o3GaC0NajrZ8ChJxQAoffTajUg@mail.gmail.com> <CAOW+2du_08fcfZs2878LsjnLV8L0cmDMa3pLN2cxQeHbFKxOCA@mail.gmail.com> <CAFxP68yw5sicGEDx-RcQmNX7Jdvhv74Kr6DA9dQKniA-F4LFoA@mail.gmail.com> <E1C9FD3F-42E3-420A-AB64-11193CC9C01F@gmail.com>
From: Mohit Sethi <mohit.m.sethi@ericsson.com>
Message-ID: <0f175e1a-6bed-7fd1-b44f-04ef2acc694e@ericsson.com>
Date: Sun, 29 Oct 2017 19:46:26 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <E1C9FD3F-42E3-420A-AB64-11193CC9C01F@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-Virus-Scanned: ClamAV using ClamSMTP
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpkkeLIzCtJLcpLzFFi42KZGbHdVfeL8LdIg0+b1C027PvPbNGwM9/i 3MrjLBZT+juZLKbv/cPowOqxc9Zddo8lS34yBTBFcdmkpOZklqUW6dslcGWc7uMv2G1aceD3 f5YGxivaXYycHBICJhLvjjezdTFycQgJHGaUeDj/KiuEs4NRou/VWyhnI6PEx64TLBDOAkaJ H0dvs4H0Cwt4Sxz/P4cFxBYR8JNYfHUuK4jNLDCNUaJtaxpEwxFmiZ1X5rCDJNgE9CQ6zx1n BrF5BewlXn27AWazCKhKvLqyAswWFYiQeN78nhWiRlDi5MwnYAs4BWwlbl7/yAaxwEJi5vzz jBC2vMT2t3OYIWxxiVtP5jNBPKcmcfXcJrC4kIC6xNaOA4wTGEVmIRk7C8moWUhGzUIyagEj yypG0eLU4uLcdCMjvdSizOTi4vw8vbzUkk2MwIg5uOW31Q7Gg88dDzEKcDAq8fAu5v4WKcSa WFZcmXuIUYKDWUmEt/rZ10gh3pTEyqrUovz4otKc1OJDjNIcLErivA77LkQICaQnlqRmp6YW pBbBZJk4OKUaGB0uqUR1l/EnqMiu3OpnuE790fwP/3JOKqtc6Qrve878RXK33ax0taOWf8J9 ToWutrFIFdUVqvyiuXbCW+c7oZ93LN1md/3pvFz2W4rcs6YzvLAsb0ut3nvwiMSJxKui3mvv pe13cLt597Hw1NvuuUl1Hi+2L3z3N/iq9RNWd5Z5qWHHNr4XmqbEUpyRaKjFXFScCAAe8Pfk lAIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/reap/ZiFwSx_LEsvICYzKhUIyDGtI-Lo>
Subject: Re: [Reap] [saag] PSA: New list for discussing EAP related methods
X-BeenThere: reap@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "REAP \(RENEW\) EAP" <reap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/reap>, <mailto:reap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/reap/>
List-Post: <mailto:reap@ietf.org>
List-Help: <mailto:reap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/reap>, <mailto:reap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Oct 2017 17:46:37 -0000

Hi Bernard,

Thanks for pointing this out. Somehow this did not come up earlier when 
Zhen and I discussed with the Security ADs.

I am happy to keep the discussion on EMU. I think our goals are 
ultimately the same: we want the interested people to get engaged in the 
new work and make sure that there is enough review from experts.

We let the security ADs decide on what to do with REAP list. It might be 
better to shut it down now when there hasn't been much discussion. We 
would also encourage others who are not on EMU to join the list to stay 
updated.

--Mohit


On 10/28/2017 10:16 PM, Bernard Aboba wrote:
> The IANA EAP page lists the policies for EAP code point allocations and points to RFC 3748 as the document relevant to method type allocations.
>
> RFC 3748 Section 6 describes the EAP method type registration and review process, requiring method reviews to be posted to a designated list. Originally the EAP mailing list was designated, and then EMU was subsequently designated as the successor list.
>
>> On Oct 28, 2017, at 2:00 AM, Zhen Cao <zhencao.ietf@gmail.com> wrote:
>>
>> Thanks Bernard for pointing out this, at least new to me. I check the
>> emu wg conclusion email, not formally stating that emu will be the
>> only place for eap-related discussion.
>>
>> The emu list has been quite silent since the wg conclusion, less than
>> 20 messages for three years.  There were occasionally some drafts
>> posted for comments, but not any follow-up responses.  This leaves an
>> impression that either the list members are not interested in new
>> topics or the emu list is not actually adequately subscribed (who has
>> the ground truth?).    I believe this is not only a motive for Mohit
>> and I to request a new mailing list, but may also confuse upcoming
>> people who seek for a place to have discussion.
>>
>> Regards,
>> -Zhen
>>> On Fri, Oct 27, 2017 at 9:16 AM, Bernard Aboba <bernard.aboba@gmail.com> wrote:
>>> Yes, the EMU WG  list has been used for discussion of EAP methods since the
>>> WG closed.
>>>
>>> That list is a better venue for discussion of EAP  methods than a new REAP
>>> list, so as to ensure that proper attention is paid to backward
>>> compatibility, IPR, security properties and other critical aspects of EAP
>>> method design.
>>>
>>> After all, we are talking about a protocol that is 20+ years old that is
>>> implemented on billions of devices, many of which utilize open-source.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Thu, Oct 26, 2017 at 11:53 AM, Kathleen Moriarty
>>> <kathleen.moriarty.ietf@gmail.com> wrote:
>>>> On Thu, Oct 26, 2017 at 1:16 PM, Mohit Sethi <mohit.m.sethi@ericsson.com>
>>>> wrote:
>>>>> Hi Bernard,
>>>>>
>>>>> The EAP-TLS 1.3 document is a very rough drafty version that was
>>>>> submitted
>>>>> before the cut-off for the last IETF. As you rightly point out, it has
>>>>> the
>>>>> skeleton and a lot of material from RFC5216, and still many important
>>>>> details are missing.
>>>>>
>>>>> The purpose of this list is to exactly receive these kind of comments.
>>>>> Should RFC5216 be updated or obsoleted by this draft. And it would be
>>>>> great
>>>>> if we can have your contributions to the document. We will definitely
>>>>> add an
>>>>> acknowledgement section and contact the authors of RFC5216 to see if
>>>>> they
>>>>> can contribute and comment. We plan to have more EAP related
>>>>> contributions
>>>>> in the near future. We discussed this with the Security ADs and thought
>>>>> that
>>>>> a separate list would be appropriate to get feedback/criticism and
>>>>> contributions from the folks interested.
>>>> I'm sorry, I didn't realize that a revision of 5216 was involved and
>>>> that the authors were not notified at the onset as is normal practice
>>>> in case they want to continue as authors.  Thank you for spotting this
>>>> issue Bernard.
>>>>
>>>> Is there an existing list that should be used?  Is there adequate
>>>> overlap in objectives and personnel?
>>>>
>>>> Thank you,
>>>> Kathleen
>>>>
>>>>> --Mohit
>>>>>
>>>>>
>>>>> On 10/26/2017 06:51 PM, Bernard Aboba wrote:
>>>>>
>>>>> There are existing functioning IETF mailing lists relating to EAP.
>>>>>
>>>>> Why are you starting yet another one?
>>>>>
>>>>>  From what I can tell, the EAP-TLS 1.3 draft is merely a copy of RFC 5216
>>>>> (with no acknowledgement to the original authors) stating that EAP-TLS
>>>>> implementations must support TLS 1.3.
>>>>>
>>>>> This is ridiculous because there are 1+ Billion existing implementations
>>>>> out
>>>>> there that
>>>>>
>>>>>
>>>>> On Thu, Oct 26, 2017 at 6:02 AM, Mohit Sethi
>>>>> <mohit.m.sethi@ericsson.com>
>>>>> wrote:
>>>>>> Dear all,
>>>>>>
>>>>>> We have started a mailing list for discussing new EAP related work that
>>>>>> currently has no obvious home. The mailing list is called REAP (Renew
>>>>>> EAP)
>>>>>> reap@ietf.org and you can subscribe here:
>>>>>> https://www.ietf.org/mailman/listinfo/reap
>>>>>>
>>>>>> Recently several new EAP methods have been proposed. These include for
>>>>>> example:
>>>>>>
>>>>>> EAP-TLS 1.3: https://tools.ietf.org/html/draft-mattsson-eap-tls13-00
>>>>>>
>>>>>> EAP-NOOB: https://tools.ietf.org/html/draft-aura-eap-noob-02
>>>>>>
>>>>>> EAP-SASL: https://tools.ietf.org/html/draft-vanrein-eap-sasl-00
>>>>>>
>>>>>> The list serves as a venue for discussion of these and other EAP
>>>>>> related
>>>>>> drafts that will be submitted in the near future. As courtesy, we will
>>>>>> post
>>>>>> any new draft to SAAG, but we plan to continue the discussion only on
>>>>>> the
>>>>>> REAP mailing list. We have also asked for a short presentation slot
>>>>>> during
>>>>>> SECDISPATCH at IETF 100 in Singapore.
>>>>>>
>>>>>> Comments, early feedback, and discussion on existing or new work is
>>>>>> more
>>>>>> than welcome.
>>>>>>
>>>>>> --Mohit
>>>>>>
>>>>>> _______________________________________________
>>>>>> saag mailing list
>>>>>> saag@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/saag
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> saag mailing list
>>>>> saag@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/saag
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> saag mailing list
>>>>> saag@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/saag
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Best regards,
>>>> Kathleen
>>>
>>>
>>> _______________________________________________
>>> saag mailing list
>>> saag@ietf.org
>>> https://www.ietf.org/mailman/listinfo/saag
>>>
> _______________________________________________
> REAP mailing list
> REAP@ietf.org
> https://www.ietf.org/mailman/listinfo/reap