Re: [Emu] TLS 1.3 and other EAP methods

Mon, 28 Jan 2019 08:09:19 -0800 

On Jan 28, 2019, at 10:29 AM, John Mattsson <john.matts...@ericsson.com> wrote:
> 
> I think you accidently took the key derivation from 
> draft-mattsson-eap-tls13-00.

  Ah, yes.  Every time I look for the draft, Google etc. seem to prefer the -02 
for some reason.  I'll remember to avoid that.

> According to Section 6.2 of RFC 3748 the EAP Method Type values are between 
> 1-4294967295 (2^32 - 1) so while the Method Types of current TLS-based EAP 
> methods are a single byte, future TLS-based EAP methods could use 2 or more 
> bytes.

  Sure.  The question then becomes one of encoding.  For types < 256, 1 octet 
is enough.  For others, it should be a 32-bit number in network byte order.

  That allows for other EAP types to use similar derivations.

> https://tools.ietf.org/html/rfc3748#page-41
> https://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml#eap-numbers-4
> 
> I think your suggestion of adding the EAP Method Type as context_value seems 
> like a good idea. draft-mattsson-eap-tls13 should then be changed to:
> 
>   Method_Type  = 0x0D
>   Key_Material = TLS-Exporter("EXPORTER_EAP_TLS_Key_Material", Method_Type, 
> 128)
>   IV           = TLS-Exporter("EXPORTER_EAP_TLS_IV", Method_Type, 64)
>   Method-Id    = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id", Method_Type, 64)
>   Session-Id   = Method_Type || Method-Id

  Thanks.  My only remaining nit here is that there should really be a sentence 
alluding to other TLS-based EAP methods.  So we don't have to rev all of those 
documents, too.  I'm not sure that this document is the best place to do it, 
but it's only 1-2 sentences.  And I think we're not going to rev TTLS / PEAP / 
FAST in any reasonable time frame.

  Maybe:

---
The inclusion of Method_Type in the above derivations is intended to enable the 
use of TLS 1.3 in other TLS-based EAP methods.  While we do not explicitly 
update those methods here, TLS-based EAP methods SHOULD use the above key 
derivation for TLS 1.3, changing only Method_Type.  Method_Types that are 
larger than 255 SHOULD use Method_Type as a 32-bit number in network byte order.
---

  Without such text, there will be problems.  People will want to use TLS 1.3 
with other EAP methods.  And if there is no standards guidance, the 
implementors *will* choose something, so that meet real-world demand.

  Alan DeKok.

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Reply via email to