Re: [Emu] Adoption call for eap.arpa

[Yanlei(Ray)]

I think this work is useful for bootstrapping IoT devices. I am in favour of 
adoption.

There is also a comment.
In Section 5.1 EAP-TLS, " This identifier signals the EAP server that the peer 
wishes to obtain "peer unauthenticated access" as per [RFC5216] Section 2.1.1 
and [RFC9190]. " and " The device SHOULD ignore the EAP server certificate 
entirely, as the servers identity does not matter. Any verification of servers 
can be done at the HTTPS layer when the device access the captive portal. "
My understanding here is that the EAP server and client will not authenticate 
each other in EAP-TLS, and all the authentication will be done in the " captive 
portal ". So why recommend EAP-TLS as a provisioning method? Just send the 
identifier "por...@eap.arpa" and then jump to a " captive portal ". Is that OK?

Regards,
Lei YAN

-Original Message-
From: Emu  On Behalf Of Peter Yee
Sent: Friday, March 8, 2024 6:38 AM
To: emu@ietf.org
Subject: [Emu] Adoption call for eap.arpa

This is an adoption call for the eap.arpa Internet-Draft 
(draft-dekok-emu-eap-arpa). This is an ancillary draft that Alan DeKok briefed 
during the Prague (IETF 118) meeting. Seeing as it primarily exists as a 
forward-looking extraction of certain descriptive material and IAB .arpa 
domanrequests from other EMU documents, we consider it within the scope of the 
WG charter. Alan did a recent minor update to the document and will speak 
briefly about it during IETF 119.

With that said, your WG chairs would appreciate hearing your feedback on 
whether this document is adopted or not. While it's not critical to adopt, it 
really simplifies the domain registration for things like TLS-POK and would 
have been great back when we did EAP-NOOB.

We are particularly interested in hearing from parties who are willing to 
review the specification. So, if you've got interest in seeing the work 
adopted, please formalize that by responding to the EMU mailing list with your 
position. 

The deadline for feedback is March 21st. Yes, that's during IETF
119 but after the EMU time slot, so hopefully you will have formed an opinion 
by then, if not sooner. We hope to hear from lots of you!

Joe and Peter

1) https://datatracker.ietf.org/doc/draft-dekok-emu-eap-arpa/


___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

[Emu] FW: New Version Notification for draft-yan-emu-eap-multiple-psk-00.txt

[Yanlei(Ray)]

Hi all,

I'd like to bring your attention to the following individual IETF draft.
Your comments are warmly welcome!

The high level summary is as follows:
The existing PSK-based EAP methods, such as EAP-GPSK [RFC5433] and EAP-PSK 
[RFC4764],  assumed that only one PSK had been configured on a pair of EAP peer 
and server.  
Using only one PSK will bring several security issues [RFC5433]. 
One solution is to use multiple PSKs between the EAP peer and server.
This document modifies the EAP-GPSK to support the negotiation of a PSK among 
multiple PSKs.

Regards,
Lei YAN

-Original Message-
From: internet-dra...@ietf.org  
Sent: Monday, March 4, 2024 9:20 PM
To: Yanlei(Ray) 
Subject: New Version Notification for draft-yan-emu-eap-multiple-psk-00.txt

A new version of Internet-Draft draft-yan-emu-eap-multiple-psk-00.txt has been 
successfully submitted by Lei YAN and posted to the IETF repository.

Name: draft-yan-emu-eap-multiple-psk
Revision: 00
Title:EAP Multiple Pre-Shared Keys (EAP-MPSK) Method
Date: 2024-03-04
Group:Individual Submission
Pages:4
URL:  https://www.ietf.org/archive/id/draft-yan-emu-eap-multiple-psk-00.txt
Status:   https://datatracker.ietf.org/doc/draft-yan-emu-eap-multiple-psk/
HTML: https://www.ietf.org/archive/id/draft-yan-emu-eap-multiple-psk-00.html
HTMLized: https://datatracker.ietf.org/doc/html/draft-yan-emu-eap-multiple-psk


Abstract:

   This document defines an Extensible Authentication Protocol (EAP)
   method for supporting the negotiation of a PSK among multiple PSKs.



The IETF Secretariat


___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu