As you can tell, we submitted a new version to address the comments raised during the IESG review.
The diffs are here: https://author-tools.ietf.org/iddiff?url1=draft-ietf-emu-aka-pfs-11&url2=draft-ietf-emu-aka-pfs-12&difftype=--html And for your convenience the list of changes from Appendix A is: Update the draft track to Standards Track. Clarified the calculation of the Length field in the AT_ECDHE attribute, along with padding requirements. Avoided the use of keywords in operational recommendations, e.g., about deployment. Changed the definition of what "supported" means to focus on feature being implemented, but not require that it is usable during a protocol run, because configuration, new security information, etc. might imply that a particular feature is implemented but disabled for policy reasons. Changed the MITM terminology to be on-path attacks. Corrected a reference typo in the IANA considerations section. Shortened the abstract and introduction to the key aspects and removed duplication. Several editorial changes. Jari > internet-dra...@ietf.org kirjoitti 19.2.2024 kello 20.23: > > Internet-Draft draft-ietf-emu-aka-pfs-12.txt is now available. It is a work > item of the EAP Method Update (EMU) WG of the IETF. > > Title: Forward Secrecy for the Extensible Authentication Protocol Method > for Authentication and Key Agreement (EAP-AKA' FS) > Authors: Jari Arkko > Karl Norrman > John Preuß Mattsson > Name: draft-ietf-emu-aka-pfs-12.txt > Pages: 34 > Dates: 2024-02-19 > > Abstract: > > This document updates RFC 9048, the improved Extensible > Authentication Protocol Method for 3GPP Mobile Network Authentication > and Key Agreement (EAP-AKA'), with an optional extension providing > ephemeral key exchange. Similarly, this document also updates the > earlier version of the EAP-AKA' specification in RFC 5448. The > extension EAP-AKA' Forward Secrecy (EAP-AKA' FS), when negotiated, > provides forward secrecy for the session keys generated as a part of > the authentication run in EAP-AKA'. This prevents an attacker who > has gained access to the long-term key from obtaining session keys > established in the past, assuming these have been properly deleted. > In addition, EAP-AKA' FS mitigates passive attacks (e.g., large scale > pervasive monitoring) against future sessions. This forces attackers > to use active attacks instead. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-emu-aka-pfs/ > > There is also an HTMLized version available at: > https://datatracker.ietf.org/doc/html/draft-ietf-emu-aka-pfs-12 > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-aka-pfs-12 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
