Hi Heikki
Ok, so *I* let it soak for a few days ;-) and I'm comfortable with the
wording.
Eliot
On 27.08.23 16:42, Heikki Vatiainen wrote:
On Fri, 25 Aug 2023 at 22:30, Eliot Lear <l...@lear.ch> wrote:
I agree with the sentiment, but I think it would be good for the
words
to soak a bit, since the paragraphs are a little involved. There
may be
a simpler way to say the same thing.
The diff between RFC 7170 and the current draft may help with the
proposed change. I just noticed that 'EAP' was used more in the RFC
than in the draft:
https://author-tools.ietf.org/diff?doc_1=RFC7170&doc_2=draft-ietf-emu-rfc7170bis%2F
<https://author-tools.ietf.org/diff?doc_1=RFC7170&doc_2=draft-ietf-emu-rfc7170bis%2F>
If one looks at section 5.2, 'EAP method' is simplified in the draft
to just 'method'. Then later in section 5.2 and in section 5.3.
there's new text that says 'If no inner EAP authentication method is
run then no EMSK or MSK will be generated ...'. Since, for example,
vendor specific (authentication?) methods are required to support
"calculation of the Crypto-Binding TLV (section 3.6)", it seems it's
incorrect to state only EAP can generate EMSK or MSK.
I've also just pushed a one-line update to git to update the first
paragraph of section 5.3 "Computing the Compound MAC" which currently
says this:
After each successful inner EAP authentication, EAP EMSK and/or
MSKs are cryptographically combined ...
The update simply drops the both instances of 'EAP '. I'd say this is
in-line with the text already present in the draft sections 5.2 and
5.3 which talk about how all inner methods need to updated the
compound values.
I've only updated sections 5.2 and 5.3 to complete the s/EAP// changes
that were already partially done in the earlier draft versions.
Related to this, a closer look at the draft shows that at least the
following terms are used in interchangeable manner:
- EAP authentication method
- EAP method
- authentication method
- method
- inner method
- Phase 2 authentications
- authentication
- conversation (Sequence C.6. with chained EAPs)
In terminology section only 'Inner method' is defined and it seems to
me that in many cases 'Inner method' would suffice when some of the
term is used. There are of course cases when a specific term, such as
'EAP method', is needed.
Heikki
Eliot
On 25.08.23 21:27, Alan DeKok wrote:
> On Aug 25, 2023, at 10:07 AM, Heikki Vatiainen
<h...@radiatorsoftware.com> wrote:
>> I have one small suggestion.
>> ...
>> I've created a pull request that updates the 'EAP
authentication' part to say 'inner authentication' so that in case
there's an inner method (perhaps provisioning?) that's not EAP but
that can provide keying material, the text won't be too restrictive.
>>
>> https://github.com/emu-wg/rfc7170bis/pull/26
> I think that's reasonable. Unless there are objections, I'll
pull it in.
>
> Alan DeKok.
>
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu
>
--
Heikki Vatiainen
h...@radiatorsoftware.com
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
