On Oct 29, 2022, at 7:46 AM, John Mattsson <john.matts...@ericsson.com> wrote: > I don’t remember any such WG consensus (but maybe I am missing something). > What I can find in the mailing list archive is that several people pointed > out that moving away from SHA-1 is a good idea, that there is no need to use > SHA-1, but that the final decision is Microsoft’s:
There was no agreement to change PEAP. There have been no recommendations to change the document to address this issue. An implicit consensus to do nothing is still consensus. > Might be that we are stuck with SHA-1, but irrespectively of why that is the > case, I still think that draft-ietf-emu-tls-eap-types should clearly point > out the fact that PEAP 1.3 uses SHA-1. I think this is important (and > unexpected) information to readers of the document and users of the EAP > method. My understanding is that TEAP 1.3 is not using SHA-1. The document is pretty clear on how the fields are calculated: 2.5. PEAP When PEAP uses crypto binding, it uses a different key calculation defined in [PEAP-MPPE] which consumes inner EAP method keying material. The pseudo-random function (PRF+) used in [PEAP-MPPE] is not taken from the TLS exporter, but is instead calculated via a different method which is given in [PEAP-PRF]. That derivation remains unchanged in this specification. It may be worth adding a one-sentence comment on the order of: Note that this derivation depends on SHA-1, which may be formally deprecated in the near future. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
