Re: [Emu] WG Last Call: draft-simon-emu-rfc2716bis-05

To: badra at isima.fr, jsalowey at cisco.com
Subject: Re: [Emu] WG Last Call: draft-simon-emu-rfc2716bis-05
From: "Bernard Aboba" <bernard_aboba at hotmail.com>
Date: Fri, 01 Dec 2006 13:03:07 -0800
Bcc:
Cc: emu at ietf.org
In-reply-to: <61591.86.66.211.110.1165004445.squirrel@www.isima.fr>
List-archive: <http://www1.ietf.org/pipermail/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>

However, this requires more cryptographic computations
since both entities will encrypt the second TLS session packets and it
augments significantly the number of rounds trips over the wireless link,
which is not always widely available.

As you point out, the approach described in the document is not optimal; rather the goal was to provide functionality that could be most easily implemented, and would be "good enough".

The computational load of encrypting additional packets is fairly small compared with the initial TLS negotiation, which may involve public key computations, so I don't think this is much of a burden.

I believe that the proposed approach adds 1.5 round trips to an initial conversation (session resumption is not affected). As noted in the draft, ciphersuite negotiation could eliminate this. On the other hand, the total number of round-trips in EAP-TLS is largely determined by the certificate chain size, which is the same whether privacy is supported or not. So adding 1.5 round-trips for an initial exchange will typically not represent much of a performance penalty in intranet scenarios.

Hajjeh and I recently submitted a document to add identity protection to
TLS. This solution does not suffer from interoperability issues related to
TLS Extensions, TLS 1.0 and TLS 1.1 implementations. I would like that
EAP-TLS reconsider this document for identity protection implementations.

If and when identity protection ciphersuites are added to TLS, EAP-TLS implementations can support it. I agree that it would be somewhat more efficient in terms of round-trips.

However, I don't think we want to require that EAP-TLS implementations wishing to implement privacy support identity protection ciphersuites. For example, the set of Identity protection ciphersuites described in the document are limited, so that an EAP-TLS implementation might not be able to negotiate the ciphersuites that it would prefer along with identity privacy.

_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu

Follow-Ups:
- Re: [Emu] WG Last Call: draft-simon-emu-rfc2716bis-05
  - From: badra

References:
- Re: [Emu] WG Last Call: draft-simon-emu-rfc2716bis-05
  - From: badra

Prev by Date: Re: [Emu] WG Last Call: draft-simon-emu-rfc2716bis-05
Next by Date: Re: [Emu] WG Last Call: draft-simon-emu-rfc2716bis-05
Previous by thread: Re: [Emu] WG Last Call: draft-simon-emu-rfc2716bis-05
Next by thread: Re: [Emu] WG Last Call: draft-simon-emu-rfc2716bis-05
Index(es):
- Date
- Thread

Re: [Emu] WG Last Call: draft-simon-emu-rfc2716bis-05

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.