IETF working group for EAP Methods Update (EMU)

Joe Salowey | 13 Jun 2011 22:22

Picon

Re: Results of consensus call on tunnel method document

It looks like we have rough consensus for a new EAP type.   I Agree, that with a new EAP type it makes sense to
start the version at 1.  I was originally thinking of the SSL 3.0 to TLS 1.0 transition where the protocol
version went from 3.0 to 3.1, but in that case TLS did not have an equivalent code point assigned.    I'll add
these to the list of changes for the next revision.  

Cheers,

Joe

On May 30, 2011, at 11:25 PM, Glen Zorn wrote:

> On 5/31/2011 11:08 AM, Joe Salowey wrote:
> 
>> 
>> On May 23, 2011, at 5:50 PM, Glen Zorn wrote:
>> 
>>> On 5/24/2011 12:53 AM, Joe Salowey wrote:
>>> 
>>>> One benefit I see in keeping the same EAP method type code is it allows secure version negotiation from
v1 to v2 with version rollback protection.  
>>>> 
>>>> However, moving to a new EAP type code would seem to make EAP method negotiation somewhat better since
all implementation may not implement v1.   
>>>> 
>>>> I'm OK with assigning a new EAP method type code,  but I'd like to try to maintain some backward
compatibility with the v1 versioning in the case that v1 
>>>> 
>>>> implementations find it advantageous to negotiate the v2 feature set under the v1 type code. 
>>> 
>>> None of this seems to me to be relevant to the IETF, the emu WG or the

(Continue reading)

Michael Thomsen | 7 Jun 2011 17:41

Re: draft-urien-eap-smartcard-20.txt

Hi Pascal,

sorry, I don't quite understand what you mean by "former EAP-AKA version", but I've stumpled upon a few
things I don't quite understand:

1:
--
In test #2 (Wrong SQN) you're calculating MAC-S with a non-zero AMF giving 7CD924E739F12369. According to
3GPP TS 33.102 AMF is set to zeros when calculating AUTS. When doing that I get 0010C1DA38A75A31 instead.

According to RFC4187 AT_AUTS should include "the AKA AUTS parameter, 112 bits" I don't see anything about
the AMF field not being zeroed, as it is per usual.

2:
--
In test #6 (Reauth, Good Counter) the counter value is 0000, whereas RFC4187 specifies that the minimum
counter value of the first packet should be 0001. Also, you use the 64-byte MSK value generated in test #1
instead of MK, whereas RFC4187 specifies XKEY'=SHA1(Identity|counter|NONCE_S|MK). This obviously
gives a quite different result than what you get.

3:
--
In the "Get MSK" commands in test #1 and test #6 the first 32 bytes of MSK are switched with the last 32 bytes of
MSK. I don't see anything in your document stating that this should be the behaviour.

4:
--
In test #6 and test #7 the MAC is not calculated over (EAP-packet | Nounce-S), as specified in RFC4187.

Kind regards,

(Continue reading)

Sam Hartman | 28 Jun 2011 21:33

Picon

Proposed changes for Channel Binding draft


Over the past couple of days I've been organizing proposed edits for the
channel binding document.

First, I could really use some help producing some ascii art diagrams. I
think I have non-ascii-art diagrams for the packets involved; is anyone
willing to step forward and help with this?

Secondly, I'd like to ask the chairs' permission to revisit the encoding
decision.  I was uncomfortable with how rough that consensus was and
despite being not in the rough, I've been trying to work through whether
we're doing the right thing.

A couple of things have caused me to believe that Alan is right and that
encoding #2 (re-using RADIUS encoding for RADIUS AVPs) is the right
approach.

1) With encoding 1 (the current text) we cannot encode an attribute
value greater than 254 octets. This isn't an issue for RADIUS, but if we
ever had some other attribute format it could be an issue. We all agree
that 255 octets is as long (or longer) than any attribute we'd want to
see in channel binding.  However  with overhead for things like vendor
numbers, diameter attribute numbers or the like, I'm concerned that in
the future we might be off by one or two octets in what  we can encode
vs what we need to encode.

2) I recently re-read draft-ietf-radext-radius-extensions again.  RADIUS
attribue naming is getting more complicated.  I think there's more
RADIUS-specific code to re-use.

(Continue reading)

Joe Salowey | 28 Jun 2011 23:10

Picon

Re: Proposed changes for Channel Binding draft

Hi Sam,

I think you list some good reasons for going with encoding 2.  I'm comfortable with including this in the
draft given that the document is still going through working group review.  I'll see if I can get some help on
reviewing the 802.11 text, but I think it would be OK to move this into a separate document if it is going to
hold up the main document.  

Cheers,

Joe

On Jun 28, 2011, at 12:33 PM, Sam Hartman wrote:

> 
> 
> Over the past couple of days I've been organizing proposed edits for the
> channel binding document.
> 
> First, I could really use some help producing some ascii art diagrams. I
> think I have non-ascii-art diagrams for the packets involved; is anyone
> willing to step forward and help with this?
> 
> Secondly, I'd like to ask the chairs' permission to revisit the encoding
> decision.  I was uncomfortable with how rough that consensus was and
> despite being not in the rough, I've been trying to work through whether
> we're doing the right thing.
> 
> A couple of things have caused me to believe that Alan is right and that
> encoding #2 (re-using RADIUS encoding for RADIUS AVPs) is the right
> approach.

(Continue reading)

Hoeper Katrin-QWKN37 | 29 Jun 2011 00:29

Re: Proposed changes for Channel Binding draft

Hi Sam,

I volunteer to create the ascii-art diagrams. Please send me your files,
including existing images.

Katrin

PS: My new contact info

Katrin Hoeper
Motorola Solutions, Inc
1301 E Algonquin Rd
Schaumburg, IL 60196
USA
khoeper <at> motorolasolutions.com

-----Original Message-----
From: emu-bounces <at> ietf.org [mailto:emu-bounces <at> ietf.org] On Behalf Of
Sam Hartman
Sent: Tuesday, June 28, 2011 2:34 PM
To: emu <at> ietf.org
Subject: [Emu] Proposed changes for Channel Binding draft

Over the past couple of days I've been organizing proposed edits for the
channel binding document.

First, I could really use some help producing some ascii art diagrams. I
think I have non-ascii-art diagrams for the packets involved; is anyone
willing to step forward and help with this?

(Continue reading)

Group

gmane.ietf.emu.

Project Web Page

IETF working group for EAP Methods Update (EMU)

Search Archive

Page

1

Articles in period: 5

June 2011

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

Improving EAP usability and deployment security: call for participants (29 Apr 2013)
Biggest Fake Conference in Computer Science (27 Apr 2013)
draft-ietf-emu-eap-tunnel-method-06 (2 Apr 2013)
I-D Action: draft-ietf-emu-eap-tunnel-method-06.txt (22 Mar 2013)
Working Group Last Call for draft-ietf-emu-crypto-bind-03 (18 Mar 2013)
I-D Action: draft-ietf-emu-crypto-bind-03.txt (14 Mar 2013)
Slides (10 Mar 2013)
Last call comments on emu-eap-tunnel-method-05 (5 Mar 2013)
Comments on draft-ietf-emu-eap-tunnel-method-05 - Set #2 (5 Mar 2013)
FW: Comments on draft-ietf-emu-crypto-bind-02 (28 Feb 2013)
I think draft-ietf-emu-crypto-bind is ready for last call (25 Feb 2013)
I-D Action: draft-ietf-emu-crypto-bind-02.txt (25 Feb 2013)
Comments on draft-ietf-emu-eap-tunnel-method (24 Feb 2013)
crypto binding: why did I want a survey of methods (23 Feb 2013)
Agenda Items for IETF 86 (22 Feb 2013)
FW: Last call comments on emu-eap-tunnel-method-05 (22 Feb 2013)
Last call on draft-ietf-emu-eap-tunnel-method (12 Feb 2013)
TEAP Comments (29 Jan 2013)
TEAP Comments (8 Nov 2012)
Help the NomCom (1 Nov 2012)
Proposed EMU Agenda for IETF-85 (23 Oct 2012)

Archives

3	April 2013
16	March 2013
14	February 2013
2	January 2013
4	November 2012
31	October 2012
11	September 2012
16	July 2012
13	June 2012
20	May 2012
12	April 2012
39	March 2012
18	February 2012
26	January 2012
3	December 2011
6	November 2011
50	October 2011
5	September 2011
30	August 2011
7	July 2011
5	June 2011
44	May 2011
30	April 2011
13	March 2011
10	February 2011
6	January 2011
9	December 2010
4	November 2010
8	October 2010
18	September 2010
5	August 2010
9	July 2010
57	June 2010
9	May 2010
5	April 2010
100	March 2010
2	February 2010
3	January 2010
34	December 2009
4	November 2009
9	October 2009
31	September 2009
106	August 2009
17	July 2009
11	June 2009
12	May 2009
3	April 2009
15	March 2009
74	February 2009
22	January 2009
18	December 2008
16	November 2008
28	October 2008
31	September 2008
35	August 2008
23	July 2008
35	June 2008
9	May 2008
35	April 2008
16	March 2008
30	February 2008
30	January 2008
13	December 2007
8	November 2007
30	October 2007
17	September 2007
53	August 2007
12	July 2007
53	June 2007
12	May 2007
80	April 2007
53	March 2007
56	February 2007
23	January 2007
16	December 2006
80	November 2006
60	October 2006
38	August 2006
23	July 2006
46	June 2006
1	May 2006
4	April 2006
7	March 2006
2	February 2006

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template