Re: [Emu] Consensus Call on OCSP usage in draft-ietf-emu-eap-tls13-11

2020-10-30 Thread Michael Richardson
Joseph Salowey wrote: > On Fri, Oct 30, 2020 at 4:44 AM Michael Richardson > wrote: >> >> Joseph Salowey wrote: >> >> I suggest: >> >> >> >> “EAP-TLS servers supporting TLS 1.3 that use OCSP to do certificate >> >> recovation checks, MUST implement Certificate

Re: [Emu] Consensus Call on OCSP usage in draft-ietf-emu-eap-tls13-11

2020-10-30 Thread Joseph Salowey
On Fri, Oct 30, 2020 at 4:44 AM Michael Richardson wrote: > > Joseph Salowey wrote: > >> I suggest: > >> > >> “EAP-TLS servers supporting TLS 1.3 that use OCSP to do certificate > >> recovation checks, MUST implement Certificate Status Requests > using OCSP > >> stapling as

[Emu] I-D Action: draft-ietf-emu-rfc5448bis-08.txt

2020-10-30 Thread internet-drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Improved Extensible Authentication Protocol Method for 3GPP Mobile Network Authentication and Key Agreement (EAP-AKA')

Re: [Emu] Secdir last call review of draft-ietf-emu-eaptlscert-06

2020-10-30 Thread Stefan Santesson
Hi, I think the text is great. However I'm not entirely convinced that AIA requires network connectivity at all times. The AIA CA cert url is static and works fine as identifier for a locally cached cert The fact that it is the correct cert is assured by the path validation process. As such, th

[Emu] I-D Action: draft-ietf-emu-aka-pfs-05.txt

2020-10-30 Thread internet-drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Perfect-Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA'

Re: [Emu] Barry Leiba's No Objection on draft-ietf-emu-eaptlscert-06: (with COMMENT)

2020-10-30 Thread Barry Leiba
Thanks, Mohit, for addressing my comments... and I'm glad you also added text about the effect of quantum-safe algorithms on key and signature sizes. On the document status issue, I'd like to hear what other working group participants think, and also what Roman's thoughts are. Barry On Fri, Oct

Re: [Emu] Secdir last call review of draft-ietf-emu-eaptlscert-06

2020-10-30 Thread Mohit Sethi M
Hi Stefan, Thank you for the review. I have updated the draft in github (https://github.com/emu-wg/eaptls-longcert). Here is the diff for your convenience: https://tools.ietf.org/rfcdiff?url1=https://tools.ietf.org/id/draft-ietf-emu-eaptlscert.txt&url2=https://emu-wg.github.io/eaptls-longcert/d

Re: [Emu] Consensus Call on OCSP usage in draft-ietf-emu-eap-tls13-11

2020-10-30 Thread Michael Richardson
Joseph Salowey wrote: >> I suggest: >> >> “EAP-TLS servers supporting TLS 1.3 that use OCSP to do certificate >> recovation checks, MUST implement Certificate Status Requests using OCSP >> stapling as specified in Section 4.4.2.1 of [RFC8446]. > [Joe] Thanks Michael, I

Re: [Emu] Barry Leiba's No Objection on draft-ietf-emu-eaptlscert-06: (with COMMENT)

2020-10-30 Thread Mohit Sethi M
Hi Barry, Thank you for the careful review. I have updated the draft in github (https://github.com/emu-wg/eaptls-longcert). Here is the diff for your convenience: https://tools.ietf.org/rfcdiff?url1=https://tools.ietf.org/id/draft-ietf-emu-eaptlscert.txt&url2=https://emu-wg.github.io/eaptls-lon