Re: [TLS] [Emu] Underspecification of EAP-TLS 1.3 State Machine
Alan DeKok <aland@deployingradius.com> Fri, 05 February 2021 13:59 UTC
Return-Path: <aland@deployingradius.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6EEA3A1148; Fri, 5 Feb 2021 05:59:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L-cMYI4VGTmK; Fri, 5 Feb 2021 05:59:30 -0800 (PST)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA6C53A1142; Fri, 5 Feb 2021 05:59:29 -0800 (PST)
Received: from [192.168.46.129] (24-52-251-6.cable.teksavvy.com [24.52.251.6]) by mail.networkradius.com (Postfix) with ESMTPSA id 5FCF391; Fri, 5 Feb 2021 13:59:27 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <C3B0FD18-9305-450F-B8C7-FEF2AFFCB818@ericsson.com>
Date: Fri, 05 Feb 2021 08:59:25 -0500
Cc: Bernard Aboba <bernard.aboba@gmail.com>, "emu@ietf.org" <emu@ietf.org>, "TLS@ietf.org" <TLS@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8D0F49DB-4779-46FE-82F2-D043E2E4E405@deployingradius.com>
References: <CAOW+2dvGQGc4-awvmaj=k4esv=vDp+Eb7RRvv88xEqPhOGJSFQ@mail.gmail.com> <4991F280-1644-43CB-A5DE-CE364641966F@ericsson.com> <C3B0FD18-9305-450F-B8C7-FEF2AFFCB818@ericsson.com>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/NqmISS6bRbsCUozoqmE3U47xkJQ>
Subject: Re: [TLS] [Emu] Underspecification of EAP-TLS 1.3 State Machine
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Feb 2021 13:59:32 -0000
On Feb 4, 2021, at 9:22 AM, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org> wrote: > I think the major decision for the EMU WG to make going forward is to agree if EAP-TLS 1.3 MUST have an alternative success indication. RFC 5216 does not discuss the EAP state machine at all, but in TLS 1.2 the server finished can be used as an alternative success indication. Yes. Unfortunately 5216 didn't pay enough attention to 4137. That happens. > close_notify might be possible to turn into an alternative success indication if the TLS implementation can be profiled to not send any close_notify by itself. I don't know if there are any cases where an implementation would send close_notify without the application telling it to. I think the TLS libraries rely on the application to initiate close_notify. > If the wg agrees that an authenticated alternative success indication is needed (this is to my understanding needed in e.g. 802.11) then the process would be that the EAP-TLS server first process the second flight from the client, if that verifies correctly, the server send application data commit message / close_notify. Yes. > Introducing an authenticated alternative success indication would not require any changes to the -14 message flows. In -13 the commitment message would have to be sent in a later flight than server finished. Yes. However, I don't think that the close_notify can be sent before verifying the client cert, because IIRC, that closes the TLS connection (server side), and prevents it from sending TLS alerts. > If a mandatory authenticated alternative success indication is introduced in EAP-TLS 1.3, I do not think any future additions to TLS 1.3 would be needed for EAP-TLS 1.3. Yes. Alan DeKok.
- Re: [TLS] [Emu] Underspecification of EAP-TLS 1.3… John Mattsson
- Re: [TLS] [Emu] Underspecification of EAP-TLS 1.3… John Mattsson
- Re: [TLS] [Emu] Underspecification of EAP-TLS 1.3… John Mattsson
- Re: [TLS] [Emu] Underspecification of EAP-TLS 1.3… Bernard Aboba
- Re: [TLS] [Emu] Underspecification of EAP-TLS 1.3… Alan DeKok
- Re: [TLS] [Emu] Underspecification of EAP-TLS 1.3… Mohit Sethi M
- Re: [TLS] [Emu] Underspecification of EAP-TLS 1.3… John Mattsson
- Re: [TLS] [Emu] Underspecification of EAP-TLS 1.3… Bernard Aboba
- Re: [TLS] [Emu] Underspecification of EAP-TLS 1.3… Bernard Aboba