Re: [Emu] WGLC for RFC5448bis

[Jari Arkko]

Thanks for your review, John. I agree with all the points and will address them 
in a new version during the IETF week.

Jari


___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Re: [Emu] WGLC for RFC5448bis

[Mohit Sethi M]

Hi Jari and co-authors,

The WGLC for this document is now complete. Can you please address the minor 
comments provided by John and upload a new version.

The following 2 papers on the AKA protocol were also brought to our attention:
1. https://eprint.iacr.org/2018/1175.pdf
2. 
http://homepage.divms.uiowa.edu/~comarhaider/publications/LTE-torpedo-NDSS19.pdf

It might make sense to mention them in the security considerations section with 
text explaining how they affect AKA, and whether any updates to address them 
would also require changes to EAP-AKA'?

Joe and Mohit

On 2/14/19 3:58 AM, Joseph Salowey wrote:
This is the working group last call for 
draft-ietf-emu-rfc5448bis-04.
  Please send your comments to the list by 3/1/2019.

Thanks,

Joe and Mohit



___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Re: [Emu] WGLC for RFC5448bis

[John Mattsson]

Hi,

I have reviewed this draft multiple times, I think this draft is very 
well-written and ready to be published. A few minor comments:


- "3rd Generation Authentication and Key Agreement"

I see that this exact term was used in RFC 5448, but I find it quite strange. I 
think the terminology is wrong as UMTS AKA was the second generation AKA made 
for the third generation cellular networks I find "3G Authentication and 
Key Agreement (AKA)", or the terminology used in RFC 4186 ("The Authentication 
and Key Agreement (AKA) mechanism used in 3rd generation mobile networks") to 
be much better. 3GPP calls the different AKA mechanisms: GSM AKA, UMTS AKA, EPS 
AKA, 5G AKA.


- "EAP-AKA' is commonly implemented in smart phones and network equipment."

"smart phones" is often uses for a certain class of phones, I assume EAP-AKA' 
is also commonly implemented in feature phones. Suggestion:

OLD: "smart phones"
NEW: "mobile phones"

(it is also commonly implemented in IoT devices that are not phones at all...)



- I previously sent this in a different thread:

https://mailarchive.ietf.org/arch/msg/emu/fHopSdLqMY37odPGvwn7M5ZksIw

Reading draft-dekok-emu-eap-session-id-00, I noticed that 
draft-ietf-emu-rfc5448bis uses
a different notation (decimal vs. hexadecimal) than other related drafts.

   https://tools.ietf.org/html/draft-ietf-emu-rfc5448bis

  Session-Id = 50 || RAND || AUTN
  Session-Id = 50 || NONCE_S || MAC

   https://tools.ietf.org/html/rfc5247

  Session-Id = 0x17 || RAND || AUTN
  Session-Id = 0x12 || RAND || NONCE_MT

   https://tools.ietf.org/html/draft-dekok-emu-eap-session-id

  Session-Id = 0x17 || RAND || AUTN
  Session-Id = 0x17 || NONCE_S || MAC
  Session-Id = 0x12 || RAND || NONCE_MT

   As all other EAP RFCs I can find (RFC 5247, RFC 5216) also use hexadecimal 
notation, I suggest that draft-ietf-emu-rfc5448bis is updated to avoid any 
confusion for implementors:

 OLD: "Session-Id = 50 || RAND || AUTN"
 NEW: "Session-Id = 0x32 || RAND || AUTN"

 OLD: "Session-Id = 50 || NONCE_S || MAC"
 NEW: "Session-Id = 0x32 || NONCE_S || MAC"



- "[TS-3GPP.35.208]  (Release 14)"

A release 15 version of TS 35.208 has now been published. Most of the other 
3GPP references are out-of-date. Maybe add an editor's note that all 3GPP 
references should be updated to the latest Release 15 version before publishing.



- "Appendix G.  Acknowledgments"

Should not be numbered according to RFC 7322

OLD: 
NEW: 


Cheers,
John

___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

[Emu] WGLC for RFC5448bis

[Joseph Salowey]

This is the working group last call for draft-ietf-emu-rfc5448bis-04
.  Please send
your comments to the list by 3/1/2019.

Thanks,

Joe and Mohit
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu