On Wed, Apr 9, 2025 at 1:08 PM Alan DeKok <al...@deployingradius.com> wrote:
> On Apr 9, 2025, at 4:03 PM, Joseph Salowey <j...@salowey.net> wrote: > > This is an adoption call for EAP-PPT ( > https://datatracker.ietf.org/doc/draft-sawant-eap-ppt/). This draft > defines an EAP method that provides privacy by preventing a visited network > or service from knowing the identity of a user, and for keeping the > identity provider for that user from tracking what networks or services the > specific user is accessing. Please respond to this thread on whether you > think this work should be adopted by the EMU working group. If you object > to this item please indicate why and if you approve of its adoption please > indicate whether you are willing to review and/or contribute text. > > I think this work should be adopted by the WG, and I will review, etc. > > > In addition, please review the charter amendment available here: > https://github.com/emu-wg/charter/pull/4/files and indicate if you > support the charter revision. You may comment on the charter by responding > to this thread or commenting on the pull request. > > The charter updates describe one privacy-preserving proposal. Given the > EAP-FIDO draft, should we allow for more than one new method? > > [Joe] We have an item from the last charter revision: "While TLS-based EAP mechanisms provide strong channel protections, if the client does not authenticate and validate the server's credentials properly (possibly owing to a lack of provisioned information necessary to undertake that validation), an EAP mechanism running over TLS that relies on passwords is vulnerable to client credential theft, much the same as password authentication over plain TLS is. The FIDO Alliance and the W3C have developed a passwordless authentication scheme known as FIDO2, which combines elements of the W3C's WebAuthn and FIDO's CTAP standards. The group will devise an EAP method suitable for use with passwordless authentication schemes such as the CTAP2 version of FIDO2." We could make some modifications to this if necessary. We also have some items for provisioning. > Alan DeKok. > >
_______________________________________________ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
