On Mar 6, 2025, at 6:19 AM, Peter Yee <pe...@akayla.com> wrote: > We still have some time available in our time slot, so if you want to present > something that I've missed, please let me know. And for those of you already > on the agenda, let me know if I did not get the duration of your presentation > right.
I'm hoping that we only need 20min for 7170bis. Either few people will comment and it will be quick, or everyone will have an opinion, and it will take a long time. The results of interop testing are up on the Wiki: https://github.com/emu-wg/rfc7170bis/wiki/Interop-Testing In short, for inner methods, the following combinations work for all implementations: * EAP-MSCHAPv2 * EAP-MSCHAPv2 followed by EAP-MSCHAPv2 That's it. If the suppliant doesn't include the EMSK Compound-MAC in the Crypto-Binding TLV, then all combinations of EAP-MSCHAPv2 and EAP-TLS work, either one at a time, or in any combination. Subject to a bug fix in one implementation, the following also works: * EAP-TLS * EAP-TLS followed by EAP-MSCHAPv2 EAP-TLS all by itself works because the derivation of the EMSK Compound MAC for the first round is clear. EAP-TLS following by EAP-MSCHAPv2 works because for EAP-TLS, the EMSK Compound MAC works as above. And EAP-MSCHAPv2 uses only the MSK Command MAC. Any issues with deriving different ESMK Compound MAC for the second inner method are therefore avoided. Nothing else works across all implementations. The issue seems to be that all implementations did something different to derive the EMSK Compound MAC for the second inner method. As a result, we have shipping code from multiple vendors which doesn't interoperate. This is about the worst outcome I could think of. We now need to decide what to do about it. That decision is informed by the additional knowledge that there's really only one shipping / production supplicant for TEAP: MSFT. TEAP is in hostap / wpa_supplicant, but hasn't been used in production environments. Other supplicants either don't exist, or their vendors aren't participating here. The simplest way forward that I can think of is the following: 1) declare the MSFT behaviour TEAPv0. Crypto-Binding contains only the MSK Compound MAC, the EMSK Compound MAC is always zero 2) decide what we want to do to derive the EMSK Compound MAC. Write it down. Test it with implementations. 3) issue TEAPv1 which defines the EMSK Compound MAC, and uses it in the Crypto-Binding TLV. Alan DeKok. _______________________________________________ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
