Re: [Reap] [saag] PSA: New list for discussing EAP related methods

Bernard Aboba <bernard.aboba@gmail.com> Sat, 28 October 2017 19:16 UTC

Return-Path: <bernard.aboba@gmail.com>
X-Original-To: reap@ietfa.amsl.com
Delivered-To: reap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D151B13FD3A; Sat, 28 Oct 2017 12:16:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rZjB1skyPNpu; Sat, 28 Oct 2017 12:16:47 -0700 (PDT)
Received: from mail-pf0-x22e.google.com (mail-pf0-x22e.google.com [IPv6:2607:f8b0:400e:c00::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EF091380DB; Sat, 28 Oct 2017 12:16:47 -0700 (PDT)
Received: by mail-pf0-x22e.google.com with SMTP id x7so7457761pfa.1; Sat, 28 Oct 2017 12:16:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=FKa29m46l6F9SHCIM33T1NIKaZE60XVhkZzlk8SXVa8=; b=tdxm49HAy2ZiyITjarl9N5lSDp32ybY9lMvuY2RcRtRhdcmx03QMWKLRNPpJGe61Tt X0aA3yQ2/zaKEBay7/t6r90zoG0SVe4R+LIRHOOcKc8necT/PpRmJ+DhRzy7WHhko/+2 0VSZBkMWSvAyVmyOFkF8NnbZIt646GP9VGffhcjOJhn2OtGKO3/TpMKLEaTXwOyaLJzc YWph9KgyRkipPYqSdHIQhB3IhRilODY3BNuVvUPoyL24TE/1YS42GCJvSBGrXOqBwfYT jz1JFlgbPDrteZ5eVrWghGUmcM+wtSg3+iwf5POXFzeKZRnTJtPIDohY5JpouC96buh/ D8DQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=FKa29m46l6F9SHCIM33T1NIKaZE60XVhkZzlk8SXVa8=; b=QcrI//KlQ53op0VplsK2PnGZ8Fgonq3CR1UjzDFLqJxgPgpxHIN6As3KKPlPeek5tY CmI1Q/CyX/cHl5c2R8RV4Y37X+Q5J58F3vdWmzT8XLK7JXmiAB/eB0HoEWJc1Lg3yhi2 Wqt/d9tyJ9KNP6agk5pMhHO1Hy8kDsgKckClbGbBfWXX5r5mWL4anpxJDi85YQdvyzWN DNYHFc+JeReOJmjvdOt3n8Uru5iZ/Gw+XbRl+zzVQoLJrO6IYOO9jsCdpA4hywcxC1kX FutBBZapp8bMwk3PpVPL8DLjL3zenTG/4hAVH5kgYCpsJ5ge3i7PhId0F8jrFn8bE7M1 OwHw==
X-Gm-Message-State: AMCzsaW1sOPGjOSngI4btCyxK+aqCg26JUo4kxwriiMNqsHWMtP1kaCs rCaPMkKmg21gXBkw4hUISk1gBWNY
X-Google-Smtp-Source: ABhQp+T9romOCHyDIbdixrMSPJWl81KC+KynK8rZr4wkPKXrR6uuSVT+f5W3qTf5Lu4c7McMYYTglg==
X-Received: by 10.98.161.24 with SMTP id b24mr4211025pff.297.1509218206518; Sat, 28 Oct 2017 12:16:46 -0700 (PDT)
Received: from [192.168.1.104] (c-24-17-217-136.hsd1.wa.comcast.net. [24.17.217.136]) by smtp.gmail.com with ESMTPSA id 76sm21088014pfq.4.2017.10.28.12.16.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 28 Oct 2017 12:16:45 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (1.0)
From: Bernard Aboba <bernard.aboba@gmail.com>
X-Mailer: iPhone Mail (15A432)
In-Reply-To: <CAFxP68yw5sicGEDx-RcQmNX7Jdvhv74Kr6DA9dQKniA-F4LFoA@mail.gmail.com>
Date: Sat, 28 Oct 2017 12:16:44 -0700
Cc: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, reap@ietf.org, Mohit Sethi <mohit.m.sethi@ericsson.com>, "saag@ietf.org" <saag@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <E1C9FD3F-42E3-420A-AB64-11193CC9C01F@gmail.com>
References: <3dbe94b9-4b2d-1479-8433-8b040cb1cfba@ericsson.com> <CAOW+2ds9Sez7otrs682hqzzXR8qbJYAdPwW8A8TEL+ms_a0=UA@mail.gmail.com> <6b3dcad6-f00c-1fb9-4df6-19f3dc744371@ericsson.com> <CAHbuEH74=Ca8oEWS5YpFByP1o3GaC0NajrZ8ChJxQAoffTajUg@mail.gmail.com> <CAOW+2du_08fcfZs2878LsjnLV8L0cmDMa3pLN2cxQeHbFKxOCA@mail.gmail.com> <CAFxP68yw5sicGEDx-RcQmNX7Jdvhv74Kr6DA9dQKniA-F4LFoA@mail.gmail.com>
To: Zhen Cao <zhencao.ietf@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/reap/i1X7RaXOe81Fq5-DGooBNahoNPw>
Subject: Re: [Reap] [saag] PSA: New list for discussing EAP related methods
X-BeenThere: reap@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "REAP \(RENEW\) EAP" <reap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/reap>, <mailto:reap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/reap/>
List-Post: <mailto:reap@ietf.org>
List-Help: <mailto:reap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/reap>, <mailto:reap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Oct 2017 19:16:50 -0000

The IANA EAP page lists the policies for EAP code point allocations and points to RFC 3748 as the document relevant to method type allocations.

RFC 3748 Section 6 describes the EAP method type registration and review process, requiring method reviews to be posted to a designated list. Originally the EAP mailing list was designated, and then EMU was subsequently designated as the successor list. 

> On Oct 28, 2017, at 2:00 AM, Zhen Cao <zhencao.ietf@gmail.com>; wrote:
> 
> Thanks Bernard for pointing out this, at least new to me. I check the
> emu wg conclusion email, not formally stating that emu will be the
> only place for eap-related discussion.
> 
> The emu list has been quite silent since the wg conclusion, less than
> 20 messages for three years.  There were occasionally some drafts
> posted for comments, but not any follow-up responses.  This leaves an
> impression that either the list members are not interested in new
> topics or the emu list is not actually adequately subscribed (who has
> the ground truth?).    I believe this is not only a motive for Mohit
> and I to request a new mailing list, but may also confuse upcoming
> people who seek for a place to have discussion.
> 
> Regards,
> -Zhen
>> On Fri, Oct 27, 2017 at 9:16 AM, Bernard Aboba <bernard.aboba@gmail.com>; wrote:
>> Yes, the EMU WG  list has been used for discussion of EAP methods since the
>> WG closed.
>> 
>> That list is a better venue for discussion of EAP  methods than a new REAP
>> list, so as to ensure that proper attention is paid to backward
>> compatibility, IPR, security properties and other critical aspects of EAP
>> method design.
>> 
>> After all, we are talking about a protocol that is 20+ years old that is
>> implemented on billions of devices, many of which utilize open-source.
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> On Thu, Oct 26, 2017 at 11:53 AM, Kathleen Moriarty
>> <kathleen.moriarty.ietf@gmail.com>; wrote:
>>> 
>>> On Thu, Oct 26, 2017 at 1:16 PM, Mohit Sethi <mohit.m.sethi@ericsson.com>;
>>> wrote:
>>>> Hi Bernard,
>>>> 
>>>> The EAP-TLS 1.3 document is a very rough drafty version that was
>>>> submitted
>>>> before the cut-off for the last IETF. As you rightly point out, it has
>>>> the
>>>> skeleton and a lot of material from RFC5216, and still many important
>>>> details are missing.
>>>> 
>>>> The purpose of this list is to exactly receive these kind of comments.
>>>> Should RFC5216 be updated or obsoleted by this draft. And it would be
>>>> great
>>>> if we can have your contributions to the document. We will definitely
>>>> add an
>>>> acknowledgement section and contact the authors of RFC5216 to see if
>>>> they
>>>> can contribute and comment. We plan to have more EAP related
>>>> contributions
>>>> in the near future. We discussed this with the Security ADs and thought
>>>> that
>>>> a separate list would be appropriate to get feedback/criticism and
>>>> contributions from the folks interested.
>>> 
>>> I'm sorry, I didn't realize that a revision of 5216 was involved and
>>> that the authors were not notified at the onset as is normal practice
>>> in case they want to continue as authors.  Thank you for spotting this
>>> issue Bernard.
>>> 
>>> Is there an existing list that should be used?  Is there adequate
>>> overlap in objectives and personnel?
>>> 
>>> Thank you,
>>> Kathleen
>>> 
>>>> 
>>>> --Mohit
>>>> 
>>>> 
>>>> On 10/26/2017 06:51 PM, Bernard Aboba wrote:
>>>> 
>>>> There are existing functioning IETF mailing lists relating to EAP.
>>>> 
>>>> Why are you starting yet another one?
>>>> 
>>>> From what I can tell, the EAP-TLS 1.3 draft is merely a copy of RFC 5216
>>>> (with no acknowledgement to the original authors) stating that EAP-TLS
>>>> implementations must support TLS 1.3.
>>>> 
>>>> This is ridiculous because there are 1+ Billion existing implementations
>>>> out
>>>> there that
>>>> 
>>>> 
>>>> On Thu, Oct 26, 2017 at 6:02 AM, Mohit Sethi
>>>> <mohit.m.sethi@ericsson.com>;
>>>> wrote:
>>>>> 
>>>>> Dear all,
>>>>> 
>>>>> We have started a mailing list for discussing new EAP related work that
>>>>> currently has no obvious home. The mailing list is called REAP (Renew
>>>>> EAP)
>>>>> reap@ietf.org and you can subscribe here:
>>>>> https://www.ietf.org/mailman/listinfo/reap
>>>>> 
>>>>> Recently several new EAP methods have been proposed. These include for
>>>>> example:
>>>>> 
>>>>> EAP-TLS 1.3: https://tools.ietf.org/html/draft-mattsson-eap-tls13-00
>>>>> 
>>>>> EAP-NOOB: https://tools.ietf.org/html/draft-aura-eap-noob-02
>>>>> 
>>>>> EAP-SASL: https://tools.ietf.org/html/draft-vanrein-eap-sasl-00
>>>>> 
>>>>> The list serves as a venue for discussion of these and other EAP
>>>>> related
>>>>> drafts that will be submitted in the near future. As courtesy, we will
>>>>> post
>>>>> any new draft to SAAG, but we plan to continue the discussion only on
>>>>> the
>>>>> REAP mailing list. We have also asked for a short presentation slot
>>>>> during
>>>>> SECDISPATCH at IETF 100 in Singapore.
>>>>> 
>>>>> Comments, early feedback, and discussion on existing or new work is
>>>>> more
>>>>> than welcome.
>>>>> 
>>>>> --Mohit
>>>>> 
>>>>> _______________________________________________
>>>>> saag mailing list
>>>>> saag@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/saag
>>>> 
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> saag mailing list
>>>> saag@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/saag
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> saag mailing list
>>>> saag@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/saag
>>>> 
>>> 
>>> 
>>> 
>>> --
>>> 
>>> Best regards,
>>> Kathleen
>> 
>> 
>> 
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
>>