On Fri, 25 Aug 2023 at 22:30, Eliot Lear <l...@lear.ch> wrote: > I agree with the sentiment, but I think it would be good for the words > to soak a bit, since the paragraphs are a little involved. There may be > a simpler way to say the same thing. >
The diff between RFC 7170 and the current draft may help with the proposed change. I just noticed that 'EAP' was used more in the RFC than in the draft: https://author-tools.ietf.org/diff?doc_1=RFC7170&doc_2=draft-ietf-emu-rfc7170bis%2F If one looks at section 5.2, 'EAP method' is simplified in the draft to just 'method'. Then later in section 5.2 and in section 5.3. there's new text that says 'If no inner EAP authentication method is run then no EMSK or MSK will be generated ...'. Since, for example, vendor specific (authentication?) methods are required to support "calculation of the Crypto-Binding TLV (section 3.6)", it seems it's incorrect to state only EAP can generate EMSK or MSK. I've also just pushed a one-line update to git to update the first paragraph of section 5.3 "Computing the Compound MAC" which currently says this: After each successful inner EAP authentication, EAP EMSK and/or MSKs are > cryptographically combined ... The update simply drops the both instances of 'EAP '. I'd say this is in-line with the text already present in the draft sections 5.2 and 5.3 which talk about how all inner methods need to updated the compound values. I've only updated sections 5.2 and 5.3 to complete the s/EAP// changes that were already partially done in the earlier draft versions. Related to this, a closer look at the draft shows that at least the following terms are used in interchangeable manner: - EAP authentication method - EAP method - authentication method - method - inner method - Phase 2 authentications - authentication - conversation (Sequence C.6. with chained EAPs) In terminology section only 'Inner method' is defined and it seems to me that in many cases 'Inner method' would suffice when some of the term is used. There are of course cases when a specific term, such as 'EAP method', is needed. Heikki > Eliot > > On 25.08.23 21:27, Alan DeKok wrote: > > On Aug 25, 2023, at 10:07 AM, Heikki Vatiainen <h...@radiatorsoftware.com> > wrote: > >> I have one small suggestion. > >> ... > >> I've created a pull request that updates the 'EAP authentication' part > to say 'inner authentication' so that in case there's an inner method > (perhaps provisioning?) that's not EAP but that can provide keying > material, the text won't be too restrictive. > >> > >> https://github.com/emu-wg/rfc7170bis/pull/26 > > I think that's reasonable. Unless there are objections, I'll pull it > in. > > > > Alan DeKok. > > > > _______________________________________________ > > Emu mailing list > > Emu@ietf.org > > https://www.ietf.org/mailman/listinfo/emu > > > -- Heikki Vatiainen h...@radiatorsoftware.com
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
