Re: [T2TRG] Quick Doodle T2TRG security topics (Re: New topic for T2TRG?)
Carsten Bormann <cabo@tzi.org> Thu, 23 December 2021 17:38 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 345AA3A07E6 for <t2trg@ietfa.amsl.com>; Thu, 23 Dec 2021 09:38:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fbK-FiUJ01vI for <t2trg@ietfa.amsl.com>; Thu, 23 Dec 2021 09:38:52 -0800 (PST)
Received: from gabriel-smtp.zfn.uni-bremen.de (gabriel-smtp.zfn.uni-bremen.de [134.102.50.15]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 287593A08B2 for <t2trg@irtf.org>; Thu, 23 Dec 2021 09:38:37 -0800 (PST)
Received: from [192.168.217.118] (p5089a436.dip0.t-ipconnect.de [80.137.164.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4JKcqZ4XdRzDCbT; Thu, 23 Dec 2021 18:38:34 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <80a44d0d-767b-46dd-8e26-2f032dc653a5@gmail.com>
Date: Thu, 23 Dec 2021 18:38:34 +0100
Cc: "Apple Inc." <goran.selander@ericsson.com>, "t2trg@irtf.org" <t2trg@irtf.org>, "core@ietf.org" <core@ietf.org>, Mohit Sethi <mohit.m.sethi@ericsson.com>
X-Mao-Original-Outgoing-Id: 661973914.105266-11d998cfeef504c7448d55c73ef47200
Content-Transfer-Encoding: quoted-printable
Message-Id: <D72AA61B-9DAD-4849-B9F1-8529CA990860@tzi.org>
References: <YYkUABLfpU/SRaxX@hephaistos.amsuess.com> <YYqfI38dg8035RLn@hephaistos.amsuess.com> <YZPGVxFc7AvdYXNB@hephaistos.amsuess.com> <AM4PR0701MB21955D1AB35A1A335B5EFDD0F4669@AM4PR0701MB2195.eurprd07.prod.outlook.com> <97ED3090-7BBA-4ED8-B50B-26C5AC863EB5@tzi.org> <8CDC234A-7F52-4571-8CCA-0D5F59A84DB6@tzi.org> <5B94533C-55C8-4DD8-BB57-29E96880A951@tzi.org> <80a44d0d-767b-46dd-8e26-2f032dc653a5@gmail.com>
To: Rene Struik <rstruik.ext@gmail.com>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/K-LkouLerrLrS_PbeM0xQ_aWYIM>
Subject: Re: [T2TRG] Quick Doodle T2TRG security topics (Re: New topic for T2TRG?)
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IRTF Thing-to-Thing Research Group <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Dec 2021 17:38:59 -0000
Hi Rene, > During the call, you mentioned that EAP-NOOB seems un-implementable (or, one of your students thought so). If you could articulate what is good and what is bad (in terms of feature set, user experience, etc.), that would be good to know, as would be whether you think this can be remedied or whether one can improve the protocol with a minor tweak. I haven’t really looked at the protocol, only briefly at the implementability of the signing inputs after a student alerted me to issues he had. Re the protocol, I’ve heard rumors that a simpler protocol could be invented that solves the same set of problems, but I know nothing about that. Re the implementability: I sent some notes to Mohit; I’m sure the student will also write up something but it is a quiet time here in Germany right now. I think that the RG would benefit from an analysis of NOOB, both with respect to technical details such as signing inputs, and with respect to players, trust relationships, outcomes, etc., and how the protocol addresses these. Grüße, Carsten
- [T2TRG] New topic for T2TRG? Göran Selander
- [T2TRG] Quick Doodle T2TRG security topics (Re: N… Carsten Bormann
- Re: [T2TRG] [core] Quick Doodle T2TRG security to… Michael Richardson
- Re: [T2TRG] [core] Quick Doodle T2TRG security to… Göran Selander
- Re: [T2TRG] [core] Quick Doodle T2TRG security to… Michael Richardson
- Re: [T2TRG] [core] Quick Doodle T2TRG security to… Carsten Bormann
- Re: [T2TRG] [core] Quick Doodle T2TRG security to… Michael Richardson
- Re: [T2TRG] [core] Quick Doodle T2TRG security to… Carsten Bormann
- Re: [T2TRG] Quick Doodle T2TRG security topics (R… Carsten Bormann
- Re: [T2TRG] Quick Doodle T2TRG security topics (R… Carsten Bormann
- Re: [T2TRG] [core] Quick Doodle T2TRG security to… Carsten Bormann
- Re: [T2TRG] Quick Doodle T2TRG security topics (R… Rene Struik
- Re: [T2TRG] Quick Doodle T2TRG security topics (R… Carsten Bormann
- Re: [T2TRG] Quick Doodle T2TRG security topics (R… Rene Struik
- Re: [T2TRG] Quick Doodle T2TRG security topics (R… Behcet Sarikaya
- Re: [T2TRG] [core] Quick Doodle T2TRG security to… Marco Tiloca
- Re: [T2TRG] [core] Quick Doodle T2TRG security to… Carsten Bormann
- Re: [T2TRG] [core] Quick Doodle T2TRG security to… Göran Selander
- Re: [T2TRG] [core] Quick Doodle T2TRG security to… Carsten Bormann
- Re: [T2TRG] [core] Quick Doodle T2TRG security to… Carsten Bormann