RE: [Emu] WGLC comments for draft-simon-emu-rfc2716bis

To: Pasi.Eronen at nokia.com, emu at ietf.org
Subject: RE: [Emu] WGLC comments for draft-simon-emu-rfc2716bis
From: "Bernard Aboba" <bernard_aboba at hotmail.com>
Date: Tue, 12 Dec 2006 10:55:12 -0800
Bcc:
Cc: aboba at internaut.com
In-reply-to: <B356D8F434D20B40A8CEDAEC305A1F2403858D32@esebe105.NOE.Nokia.com>
List-archive: <http://www1.ietf.org/pipermail/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>

Here are some of the changes to deal with the privacy comment. Let me know if this resolves the issue.

In Section 2.6:

  An EAP-TLS server supporting privacy MUST NOT treat a certificate
  list containing no entries as a terminal condition;  instead it MUST
  bring up the TLS session and then send a hello_request.  The
  handshake then proceeds normally; the client sends a client_hello and
  the server replies with a server_hello, certificate,
  server_key_exchange, certificate_request, server_hello_done, etc.
  For an example, see Appendix B.

The example:

     2. In the case where the peer and server support privacy and
     mutual authentication, the conversation will appear as follows:

     Authenticating Peer     Authenticator
     -------------------     -------------
                             <- EAP-Request/
                             Identity
     EAP-Response/
     Identity (AnonymousNAI) ->

                             <- EAP-Request/
                             EAP-Type=EAP-TLS
                             (TLS Start)
     EAP-Response/
     EAP-Type=EAP-TLS
     (TLS client_hello)->
                             <- EAP-Request/
                             EAP-Type=EAP-TLS
                             (TLS server_hello,
                              TLS certificate,
                      [TLS server_key_exchange,]
                       TLS certificate_request,
                          TLS server_hello_done)
     EAP-Response/
     EAP-Type=EAP-TLS
     (TLS certificate (no cert),
      TLS client_key_exchange,
      TLS change_cipher_spec,
      TLS finished) ->
                             <- EAP-Request/
                             EAP-Type=EAP-TLS
                             (TLS change_cipher_spec,
                               hello_request)
     EAP-Response/
     EAP-Type=EAP-TLS
     (TLS client_hello)->
                             <- EAP-Request/
                             EAP-Type=EAP-TLS
                             (TLS server_hello,
                              [TLS certificate,]
                      [TLS server_key_exchange,]
                       TLS certificate_request,
                          TLS server_hello_done)
     EAP-Response/
     EAP-Type=EAP-TLS
     (TLS certificate,
      TLS client_key_exchange,
      TLS certificate_verify,
      TLS change_cipher_spec,
      TLS finished) ->
                             <- EAP-Request/
                             EAP-Type=EAP-TLS
                             (TLS change_cipher_spec,
                              TLS finished)
     EAP-Response/
     EAP-Type=EAP-TLS ->
                             <- EAP-Success

A version of the document with most of the changes made is available here:
http://www.drizzle.com/~aboba/EMU/draft-simon-emu-rfc2716bis-06.txt

_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu

References:
- RE: [Emu] WGLC comments for draft-simon-emu-rfc2716bis
  - From: Pasi.Eronen

Prev by Date: RE: [Emu] WGLC comments for draft-simon-emu-rfc2716bis
Next by Date: RE: [Emu] WGLC comments for draft-simon-emu-rfc2716bis
Previous by thread: RE: [Emu] WGLC comments for draft-simon-emu-rfc2716bis
Next by thread: RE: [Emu] WGLC comments for draft-simon-emu-rfc2716bis
Index(es):
- Date
- Thread

RE: [Emu] WGLC comments for draft-simon-emu-rfc2716bis

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.