Thanks Heikki, - Looking at the Android page below (I did not want to register at WBA) it seems like EAP-AKA' FS will be treated the same as EAP-AKA'. They use the same EAP-Method prefix. https://source.android.com/docs/core/connect/carrier-wifi
- draft-ietf-emu-aka-pfs-08 only mentions SUCI once: “The two initially registered elliptic curves and their wire format is chosen to align with the elliptic curves and formats specified for Subscription Concealed Identifier (SUCI) encryption in Appendix C.3.4 of 3GPP TS 33.501 [TS.33.501].” This is still true and I don’t see any need for changes based on ‘IMSI Privacy Protection for Wi-Fi’. Even if I don’t see any changes needed. I will open an Issue on GitHub. It is always great with more privacy, but the IMSI Privacy Protection for Wi-Fi seems a bit weird to me. Do anybody know the background and reason behind the standard? 3GPP standardized a mechanism to encrypt IMSIs already in 2018. I have a hard time seeing what the WBA standard adds that is not available in the 3GPP mechanism. - In 5G, the permanent identities can be any NAI (i.e., not only NAIs derived from IMSIs) these devices cannot use the WBA standard - RSA-2048 is according to NIST only allowed to use until 2031 – the lifetime of the data you are protecting. If you want to protect your data more than 8 years (2031 - 2023) the WBA standard is already forbidden to use by NIST. Cheers, John From: Emu <emu-boun...@ietf.org> on behalf of Heikki Vatiainen <h...@radiatorsoftware.com> Date: Friday, 18 November 2022 at 15:44 To: EMU WG <emu@ietf.org> Subject: [Emu] draft-ietf-emu-aka-pfs and IMSI privacy for Wi-Fi In the last week's EMU meeting I had a question about draft-ietf-emu-aka-pfs with relation to IMSI privacy protection defined for Wi-Fi networks. As promised, here's more information about the Wi-Fi privacy specification. The Wi-Fi privacy specification is by the Wireless Broadband Alliance (WBA) and it's called 'IMSI Privacy Protection for Wi-Fi'. It's available from here: https://wballiance.com/imsi-privacy-protection-for-wi-fi/<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-473097d06eeafcdd&q=1&e=c3c29606-e7db-42f1-85b7-a6e8b480c4d7&u=https%3A%2F%2Fwballiance.com%2Fimsi-privacy-protection-for-wi-fi%2F> I'm not familiar with draft-ietf-emu-aka-pfs, the first time I thought about these two documents was during the meeting, but I've looked into the WBA specification. What it does is that it tells how to encrypt the permanent identity hiding the IMSI from eavesdropper. Thanks, Heikki -- Heikki Vatiainen h...@radiatorsoftware.com<mailto:h...@radiatorsoftware.com>
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
