On Jan 4, 2023, at 11:45 AM, Oleg Pekar <oleg.pekar.2...@gmail.com> wrote: > > Hi all, > Few more comments: > 1) Section "3.3.4. Protected Termination and Acknowledged Result Indication" > > Except as noted below, the Crypto-Binding TLV MUST be > exchanged and verified before the final Result TLV exchange, > regardless of whether or not there is an inner EAP method > authentication. The Crypto-Binding TLV and Intermediate-Result TLV > MUST be included to perform cryptographic binding after each > successful authentication in a sequence of one or more inner > authentications. > > --this is confusing by introducing another term "inner authentication" in > addition to two existing in the document "inner method" and "inner EAP > method". Please note that there could be no real authentication but just > unsuccessful inner EAP method negotiation or even just exchange of Identity > Request/Response. Maybe we should do a very formal approach: > • Define inner method as something that is conducted in Phase 2 > • Define two types of inner method - inner EAP method (that starts with > Identity Request, no matter whether it performs authentication or not) and > basic password authentication and treat them in the same way > • We should also consider the option when there's no inner method in Phase 2
I think the document should use "inner authentication method" every time it could be either EAP or password. I'll see if we can clarify the wording as to what happens when there's no inner authentication method. > The same regarding the section "3.6. Error Handling, item #3" and "4.2.11. > Intermediate-Result TLV" and few other places. > > 2) Nit: Section "5.2. Intermediate Compound Key Derivations" - looks that > the concatenation operator is escaped, while in the other places it is not: > > IMCK[j] = TLS-PRF(S-IMCK[j-1], > "Inner Methods Compound Keys" \|\| OK. I'll fix that. > 3) Are we planning to address all errata items in this review cycle? Some of > them are not yet in. The hope is to have them all fixed by the end of January. Please check the GitHub repo. I've put in a bunch of fixes which weren't filed as explicit errata. There's a lot of commits there, but each one is relatively small. They're also cross-link to either the official errata, or to the changes from the "teap-errata" GitHub repo, or the commits have explanations as to why they've been made. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
