This version contains substantial changes from the previous version. The changes are largely rewordings of the previous text. As noted earlier, there has been substantial off-list discussion among implementers about the draft.
There were many questions raised about unclear or ambiguous text. In the interest of creating interoperable implementations, I've clarified substantial amounts of the text. There are still a few open questions which I will address separately. At a high level, the changes are: * formatting - include section links when referencing external specifications. Update internal section references. * formatting - add "-" to the names of some fields (Compound-MAC vs Compound MAC). This makes it clear that the item being talked about is a named field, and is not an english description of something. * addition - explain more corner cases for inner method ordering * addition - explain more corner cases for the Identity-Type TLV. * addition - more error codes to signal fatal errors resulting from invalid Crypto-Binding TLV * editorial: minor clarifications of multiple TLV definitions * substantial changes to 5.2. Intermediate Compound Key Derivations * add overview, to explain which keys are used for what * split the large section into multiple sub-sections * define key acronyms before using them * explain that some inner methods may derive EMSK (or not), and may derive different EMSK on peer and server * rearrange the text to explain / define S-IMCK before referencing it * Add section on inner method security (ordering inner methods) * completely re-write the "derive Crypto-Binding from Compound MAC" text. That has been moved to explain the flow of server -> peer and back, rather than generic "sender" and "receiver". Explicit if/then/else steps are described I hope the new text is clearer. > On Feb 6, 2025, at 2:22 PM, internet-dra...@ietf.org wrote: > > Internet-Draft draft-ietf-emu-rfc7170bis-21.txt is now available. It is a work > item of the EAP Method Update (EMU) WG of the IETF. > > Title: Tunnel Extensible Authentication Protocol (TEAP) Version 1 > Author: Alan DeKok > Name: draft-ietf-emu-rfc7170bis-21.txt > Pages: 120 > Dates: 2025-02-06 > > Abstract: > > This document defines the Tunnel Extensible Authentication Protocol > (TEAP) version 1. TEAP is a tunnel-based EAP method that enables > secure communication between a peer and a server by using the > Transport Layer Security (TLS) protocol to establish a mutually > authenticated tunnel. Within the tunnel, TLV objects are used to > convey authentication-related data between the EAP peer and the EAP > server. This document obsoletes RFC 7170 and updates RFC 9427 by > moving all TEAP specifications from those documents to this one. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-21.html > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-21 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > Emu mailing list -- emu@ietf.org > To unsubscribe send an email to emu-le...@ietf.org _______________________________________________ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
