Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-09.txt

2020-03-09 Thread John Mattsson
Hi, - The new version should address all the received comments from Alan and Russ regarding EAP, TLS, and Certificate identities. - New section on identities early in the document discussing identities and pointing to other sections discussing identities. - More information given on why some

Re: [Emu] draft-aura-eap-noob-07 review

2020-03-09 Thread Aura Tuomas
Hi Daniel, Thank you for the review! I really appreciate you taking the time to read the draft with such care. I have fixed most of the issues, but some require more thought and I run out of time for today’s deadline. Responses are inline. Tuomas From: Emu On Behalf Of Daniel Migault Sent:

[Emu] Fwd: New Version Notification for draft-ietf-emu-rfc5448bis-07.txt

2020-03-09 Thread Jari Arkko
FYI > From: internet-dra...@ietf.org > Subject: New Version Notification for draft-ietf-emu-rfc5448bis-07.txt > Date: 9 March 2020 at 22.34.13 GMT+2 > To: "Pasi Eronen" , "Jari Arkko" , "Vesa > Torvinen" , "Vesa Lehtovirta" > > > > A new version of I-D, draft-ietf-emu-rfc5448bis-07.txt > has

Re: [Emu] WGLC for draft-davidben-tls13-pkcs1-00

2020-03-09 Thread Russ Housley
I read the document, and I think it is read to go after one editorial fix. The term "trust anchor" is used many times in the document, which is proper. However, in Section 3, the term "root-of-trust" is used. Please change this to "trust anchor" and reference RFC 5280 for a definition. Russ

[Emu] I-D Action: draft-ietf-emu-rfc5448bis-07.txt

2020-03-09 Thread internet-drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Improved Extensible Authentication Protocol Method for 3GPP Mobile Network Authentication and Key Agreement (EAP-AKA')

Re: [Emu] EAP-NOOB: request for optional message pair to configure EAP Peer

2020-03-09 Thread Aura Tuomas
Hi Philip, It would definitely be useful to provision various types of long-term credentials after the security bootstrapping and to use them for reauthentication later. One way to achieve this with the current spec is to use the exported AMSK as a shared key for a separate credential provision

[Emu] I-D Action: draft-ietf-emu-eap-tls13-09.txt

2020-03-09 Thread internet-drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Using EAP-TLS with TLS 1.3 Authors : John Preuß Mattsson Mohit Sethi Filen

Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-08.txt

2020-03-09 Thread Russ Housley
> On Mar 9, 2020, at 10:28 AM, Alan DeKok wrote: > >> The >> subject name in client certificates typically contains an identity >> with a routable domain such as an email address. > > The email address may not be routable. Perhaps: > > The subject name in client certificates typically con

Re: [Emu] [Gen-art] Genart last call review of draft-ietf-emu-rfc5448bis-06

2020-03-09 Thread Dan Romascanu
Hi Jari, Thank you for the answer and for addressing the issues raised in my review. Looks fine to me by now, I am waiting for version -07 to check the precise edits. Regards, Dan On Mon, Mar 9, 2020 at 2:28 PM Jari Arkko wrote: > Thanks for your review, Dan. > > Some responses below. We are

Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-08.txt

2020-03-09 Thread Alan DeKok
On Mar 9, 2020, at 9:03 AM, John Mattsson wrote: > > Thanks for you many good suggestions. I tried to address all your comments > and include all your suggestions in a recent commit to github. > > - I did not include an identity section as I did not see how it would fit > with the structure of

Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-08.txt

2020-03-09 Thread John Mattsson
Hi Alan, Thanks for you many good suggestions. I tried to address all your comments and include all your suggestions in a recent commit to github. - I did not include an identity section as I did not see how it would fit with the structure of RFC 5216 that the draft reuses. Instead I expanded t

Re: [Emu] [Last-Call] Secdir last call review of draft-ietf-emu-rfc5448bis-06

2020-03-09 Thread Jari Arkko
Thanks for your review, Kyle! Inline: >> From the perspective of clarity and completeness, this document is Ready With > Nits: it is well-written and mostly quite clear, even to someone without a > great deal of knowledge of 3GPP systems. In addition to digging into RFCs 4187 > and 5448, I had to

Re: [Emu] [Gen-art] Genart last call review of draft-ietf-emu-rfc5448bis-06

2020-03-09 Thread Jari Arkko
Thanks for your review, Dan. Some responses below. We are also about to publish a new document version. > This is a very detailed and well-written document that describes a new > specification of the specification of EAP-AKA' to support 5G deployments. This > specification is ready, but I have a

Re: [Emu] AD review of draft-ietf-emu-rfc5448bis-06

2020-03-09 Thread Jari Arkko
Roman, Many thanks for your review. We have gone through all the reviews and comments and are about to post a new draft version in few hours, currently in https://arkko.com/ietf/eap/draft-ietf-emu-rfc5448bis-from--06.diff.html

Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls13

2020-03-09 Thread John Mattsson
Hi Russ, Sorry for the late reply. I actually brought up your draft [ID-ietf-tls-tls13-cert-with-extern-psk] during my EMU presentation at IETF 106 as something that should probably be in EAP-TLS. Bernard Aboba then expressed a very strong opinion that [ID-ietf-tls-tls13-cert-with-extern-psk] s

[Emu] 3GPP mandates Rel-16 EAP-TLS implementations to support TLS 1.3

2020-03-09 Thread John Mattsson
Hi, I am happy to report that 3GPP just took the decision that nodes supporting EAP-TLS shall support EAP-TLS with TLS 1.3. The changes apply to all 3GPP Rel-16 nodes. [1] The 3GPP profiling for TLS in EAP-TLS now follows the general 3GPP TLS profiling, which mandates support of TLS 1.3, forbi