I think this should be moved forward quickly.
If Alan submits the -01 version that was promised in February :) (including
changes addressing Mohit's comments) I think the chairs should do adoption and
WGLC quickly after each other.
Cheers,
John
-----Original Message-----
From: Emu <emu-boun...@ietf.org> on behalf of Alan DeKok
<al...@deployingradius.com>
Date: Thursday, 6 June 2019 at 17:59
To: Mohit Sethi M <mohit.m.se...@ericsson.com>
Cc: EMU WG <emu@ietf.org>
Subject: Re: [Emu] Can we get a WG last call for
draft-dekok-emu-eap-session-id-00 ?
On Jun 5, 2019, at 3:17 AM, Mohit Sethi M <mohit.m.se...@ericsson.com>
wrote:
>
> Chair hat on:
>
> The draft needs to be formally adopted as a working group item before
moving to last call.
It would be nice, but I don't think that's strictly necessary for the
process.
The subject is already a WG charter item, so there should be no issues.
> Chair hat off:
>
> I support the adoption of this draft as a working group item. This is a
charter item and the draft is simple enough to move forward rather quickly. The
code has been updated in the wpa_supplicant and hostapd:
>
https://protect2.fireeye.com/url?k=d57338aa-89f9f214-d5737831-869a17b5b21b-1ed8c39152cccb96&q=1&u=https%3A%2F%2Fw1.fi%2Fcgit%2Fhostap%2Fcommit%2F%3Fid%3D1c16b257a081e810caf2ca0926ff4f9e2bb9557c
>
>
https://protect2.fireeye.com/url?k=20285d34-7ca2978a-20281daf-869a17b5b21b-7a8f16a9731f4e17&q=1&u=https%3A%2F%2Fw1.fi%2Fcgit%2Fhostap%2Fcommit%2F%3Fid%3D5eefa8115b884f8ab45ac6521f66dc68f555dcd0
>
> John provided a review here:
https://mailarchive.ietf.org/arch/msg/emu/fHopSdLqMY37odPGvwn7M5ZksIw
>
> and Jouni made a comment here:
https://mailarchive.ietf.org/arch/msg/emu/MX7P367g4j2c3yuyqch3W-I3u_o
>
> I have a couple of comments:
>
> I think it would really help to document the fact that the Session-Id
length for EAP-SIM is different for full authentication and fast
re-authentication. That's because for full authentication, the Session-Id is:
Sure.
>
>> Session-Id = 0x12 || RAND || NONCE_MT
> and RFC 4186 says that EAP server should obtain n GSM triplets where n =
2 or n = 3. So the length is either:
>
> 1 (Method-Id) + 32 (RAND*2) +16 (NONCE_MT) = 49 or
>
> 1 (Method-Id) + 48 (RAND*3) + 16 (NONCE_MT) =65.
>
> However, in fast-reauthentication, the Session-Id is:
>
>
>> Session-Id = 0x12 || NONCE_S || MAC
> So the length is:
>
> 1 (Method-Id) + 16 (NONCE_S) + 16 (MAC) = 33
>
> I found it surprising while implementing that the Session-Ids were
different in lengths.
>
> My next question is about Session-Id for PEAP. The draft currently
defines Session-Id for EAP-PEAP as:
>
>
>> Session-Id = 0x19 || client.random || server.random).
Which is for TLS 1.2 and below.
> Do you plan to update this for TLS 1.3 and use TLS-Exporter in your other
draft: draft-dekok-emu-tls-eap-types? Do we need to do this twice in separate
drafts?
draft-dekok-emu-tls-eap-types already updates the Session-ID for all
TLS-based EAP types, including PEAP.
The issues are (a) update missing derivations for TLS <1.2, and (b)
define new derivations for TLS 1.3. So yes, we update PEAP twice.
Alan DeKok.
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
