[Emu] RFC 8940 on Extensible Authentication Protocol (EAP) Session-Id Derivation for EAP Subscriber Identity Module (EAP-SIM), EAP Authentication and Key Agreement (EAP-AKA), and Protected EAP (PEAP)

A new Request for Comments is now available in online RFC libraries. RFC 8940 Title: Extensible Authentication Protocol (EAP) Session-Id Derivation for EAP Subscriber Identity Module (EAP-SIM), EAP Authentication and Key

[Emu] emu - Requested session has been scheduled for IETF 109

Dear Mohit Sethi, The session(s) that you have requested have been scheduled. Below is the scheduled session information followed by the original request. emu Session 1 (2:00 requested) Friday, 20 November 2020, Session I 1200-1400 Room Name: Room 7 size: 507

Re: [Emu] Proposed resolution for TEAP errata for 5128

I think we have agreement on what the derivation would be now it's a matter of clearly describing it. Here is a proposal: IMCK[j] = the first 60 bytes of TLS-PRF(S-IMCK[j-1], "Inner Methods Compound Keys", IMSK[j]) where "|" denotes concatenation and the TLS-PRF is defined in

Re: [Emu] Proposed resolution for TEAP errata 5127

On Fri, Oct 23, 2020 at 9:11 AM Jouni Malinen wrote: > On Wed, Oct 21, 2020 at 02:14:45PM -0700, Joseph Salowey wrote: > > On Wed, Oct 21, 2020 at 12:11 PM Jouni Malinen wrote: > > > > > On Wed, Oct 21, 2020 at 09:30:33AM -0700, Joseph Salowey wrote: > > > > Errata 5127:

Re: [Emu] Proposed resolution for TEAP errata for 5128

There were so many messages in this thread that I'm not going try to address each point separately, but I think in general I do agree with the comments and it looks like all the identified implementation are doing the same thing here.. I don't see any strong need to encode the output length of

Re: [Emu] Proposed resolution for TEAP errata 5765

On Thu, Oct 22, 2020 at 05:44:33PM +0300, Oleg Pekar wrote: > The Authority-ID TLV is used by the client to identify the TEAP server it > is talking to. If the same client talks to more than one TEAP server - it > can keep PACs or cached data from all of them identified by > the Authority-ID. If

Re: [Emu] Proposed resolution for TEAP errata 5127

On Wed, Oct 21, 2020 at 02:14:45PM -0700, Joseph Salowey wrote: > On Wed, Oct 21, 2020 at 12:11 PM Jouni Malinen wrote: > > > On Wed, Oct 21, 2020 at 09:30:33AM -0700, Joseph Salowey wrote: > > > Errata 5127: https://www.rfc-editor.org/errata/eid5127 > > > Proposed State: Verified > > >

Re: [Emu] draft-ietf-emu-eap-tls13-11: OCSP Stapling

On Oct 23, 2020, at 3:37 AM, Hannes Tschofenig wrote: > I do not understand certificate revocation checking is a topic specific to > the use of TLS 1.3 in EAP-TLS. It's not. However, in the absence of another specification, we need to say *something* for EAP-TLS. > If this topic is

Re: [Emu] draft-ietf-emu-eap-tls13-11: OCSP Stapling

Hi Joe, I do not understand certificate revocation checking is a topic specific to the use of TLS 1.3 in EAP-TLS. If this topic is important to the group then why isn’t this a generic recommendations for all EAP methods that use public key based authentication? Wouldn’t this be a topic to

Re: [Emu] draft-ietf-emu-eap-tls13-11: OCSP Stapling

So I’m a client and include a certificate status request. The EAP server isn’t talking to the CA at the moment. Does a nonce have to be used? If so… #fail. If not, what prevents a replay? And if the answer is nothing, what is the threat model we are addressing?