From hartmans@mit.edu Tue Feb 8 11:42:53 2011 Return-Path: X-Original-To: emu@core3.amsl.com Delivered-To: emu@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 04CC93A6860 for ; Tue, 8 Feb 2011 11:42:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.265 X-Spam-Level: X-Spam-Status: No, score=-102.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mlqry0OgE8MG for ; Tue, 8 Feb 2011 11:42:52 -0800 (PST) Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by core3.amsl.com (Postfix) with ESMTP id 0E4833A6837 for ; Tue, 8 Feb 2011 11:42:51 -0800 (PST) Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id B36FC20239; Tue, 8 Feb 2011 14:40:51 -0500 (EST) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id D8CE54307; Tue, 8 Feb 2011 14:42:55 -0500 (EST) From: Sam Hartman To: Alan DeKok References: <4D2C181E.8000405@deployingradius.com> Date: Tue, 08 Feb 2011 14:42:55 -0500 In-Reply-To: <4D2C181E.8000405@deployingradius.com> (Alan DeKok's message of "Tue, 11 Jan 2011 09:43:10 +0100") Message-ID: User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Sam Hartman , emu@ietf.org Subject: Re: [Emu] Channel Bindings: RADIUS or Diameter namespace X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2011 19:42:53 -0000 >>>>> "Alan" == Alan DeKok writes: >> 2) Have multiple namespaces for attributes we support. This may >> remove a lot of the overhead savings for RADIUS over Diameter; in >> the obvious implementation I'd expect we would waste a byte per >> AVP. Alan> I'm not sure what you mean by that proposal. So, we're asking EAP methods to give us a space to stick channel bindings data. The channel bindings data could look like a set of * Length * namespace ID * ns-specific namespace 0: RADIUS--a single RADIUS type and value (we already have a length) So, assuming 1 byte for the namespace and no padding, it takes us an extra byte over RADIUS to store a RADIUS AVP in channel binding data. There are obvious ways you could optimize that some. From Ron.Williams@us.ibm.com Tue Feb 8 15:03:23 2011 Return-Path: X-Original-To: emu@core3.amsl.com Delivered-To: emu@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 21CD63A687C for ; Tue, 8 Feb 2011 15:03:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.598 X-Spam-Level: X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3viX0Qo81iLs for ; Tue, 8 Feb 2011 15:03:22 -0800 (PST) Received: from e5.ny.us.ibm.com (e5.ny.us.ibm.com [32.97.182.145]) by core3.amsl.com (Postfix) with ESMTP id 2FC2A3A688C for ; Tue, 8 Feb 2011 15:03:22 -0800 (PST) Received: from d01dlp02.pok.ibm.com (d01dlp02.pok.ibm.com [9.56.224.85]) by e5.ny.us.ibm.com (8.14.4/8.13.1) with ESMTP id p18Mckah021038 for ; Tue, 8 Feb 2011 17:39:28 -0500 Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by d01dlp02.pok.ibm.com (Postfix) with ESMTP id 457164DE8040 for ; Tue, 8 Feb 2011 18:02:41 -0500 (EST) Received: from d03av02.boulder.ibm.com (d03av02.boulder.ibm.com [9.17.195.168]) by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id p18N3Sl8128968 for ; Tue, 8 Feb 2011 18:03:29 -0500 Received: from d03av02.boulder.ibm.com (loopback [127.0.0.1]) by d03av02.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id p18N3S8Q019480 for ; Tue, 8 Feb 2011 16:03:28 -0700 Received: from d03nm119.boulder.ibm.com (d03nm119.boulder.ibm.com [9.17.195.145]) by d03av02.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id p18N3RTa019399 for ; Tue, 8 Feb 2011 16:03:27 -0700 Auto-Submitted: auto-generated From: Ron Williams To: emu@ietf.org Message-ID: Date: Tue, 8 Feb 2011 16:03:25 -0700 X-MIMETrack: Serialize by Router on D03NM119/03/M/IBM(Release 8.5.1FP2|March 17, 2010) at 02/08/2011 16:03:26 MIME-Version: 1.0 Content-type: multipart/alternative; Boundary="0__=08BBF2A2DFED2EA28f9e8a93df938690918c08BBF2A2DFED2EA2" Content-Disposition: inline X-Content-Scanned: Fidelis XPS MAILER Subject: [Emu] AUTO: Ron Williams is out of the office (returning 02/11/2011) X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2011 23:03:23 -0000 --0__=08BBF2A2DFED2EA28f9e8a93df938690918c08BBF2A2DFED2EA2 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: quoted-printable I am out of the office until 02/11/2011. Note: This is an automated response to your message "Emu Digest, Vol 6= 1, Issue 1" sent on 2/8/11 13:00:25. This is the only notification you will receive while this person is awa= y.= --0__=08BBF2A2DFED2EA28f9e8a93df938690918c08BBF2A2DFED2EA2 Content-type: text/html; charset=US-ASCII Content-Disposition: inline Content-transfer-encoding: quoted-printable

I am out of the office until 02/11/2011.




Note: This is an automated re= sponse to your message "Emu Digest, Vo= l 61, Issue 1" sent = on 2/8/11 13:00:25.

This is the only notification= you will receive while this person is away.= --0__=08BBF2A2DFED2EA28f9e8a93df938690918c08BBF2A2DFED2EA2-- From hartmans@mit.edu Wed Feb 9 13:09:05 2011 Return-Path: X-Original-To: emu@core3.amsl.com Delivered-To: emu@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1DE073A67C3 for ; Wed, 9 Feb 2011 13:09:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.265 X-Spam-Level: X-Spam-Status: No, score=-102.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7A0ypwVr5rgr for ; Wed, 9 Feb 2011 13:09:04 -0800 (PST) Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by core3.amsl.com (Postfix) with ESMTP id 66A223A67B7 for ; Wed, 9 Feb 2011 13:09:04 -0800 (PST) Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 16B2B20222 for ; Wed, 9 Feb 2011 16:07:06 -0500 (EST) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 1BFF24307; Wed, 9 Feb 2011 16:09:10 -0500 (EST) From: Sam Hartman To: emu@ietf.org Date: Wed, 09 Feb 2011 16:09:10 -0500 Message-ID: User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [Emu] draft-ietf-emu-chbind-07 submitted X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Feb 2011 21:09:05 -0000 The major difference in this version is that I've thrown together a candidate protocol based on the discussions of the last few days. I think this should give us something concrete to discuss. While I think the text includes the necessary information, there are three places where packet diagrams would really clarify things. Would anyone be willing to help me construct these? From Internet-Drafts@ietf.org Wed Feb 9 13:15:03 2011 Return-Path: X-Original-To: emu@core3.amsl.com Delivered-To: emu@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1982B3A69E8; Wed, 9 Feb 2011 13:15:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.537 X-Spam-Level: X-Spam-Status: No, score=-102.537 tagged_above=-999 required=5 tests=[AWL=0.062, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wpf3iMGbTl1t; Wed, 9 Feb 2011 13:15:02 -0800 (PST) Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 68B533A6866; Wed, 9 Feb 2011 13:15:02 -0800 (PST) MIME-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 3.12 Message-ID: <20110209211502.22185.98997.idtracker@localhost> Date: Wed, 09 Feb 2011 13:15:02 -0800 Cc: emu@ietf.org Subject: [Emu] I-D Action:draft-ietf-emu-chbind-07.txt X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Feb 2011 21:15:03 -0000 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update Working Group of the IETF. Title : Channel Binding Support for EAP Methods Author(s) : S. Hartman, et al. Filename : draft-ietf-emu-chbind-07.txt Pages : 28 Date : 2011-02-09 This document defines how to implement channel bindings for Extensible Authentication Protocol (EAP) methods to address the lying NAS as well as the lying provider problem. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-emu-chbind-07.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-emu-chbind-07.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2011-02-09130211.I-D@ietf.org> --NextPart-- From aland@deployingradius.com Thu Feb 10 04:47:22 2011 Return-Path: X-Original-To: emu@core3.amsl.com Delivered-To: emu@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 009063A6A09 for ; Thu, 10 Feb 2011 04:47:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qv6ZYS7dV5up for ; Thu, 10 Feb 2011 04:47:21 -0800 (PST) Received: from liberty.deployingradius.com (liberty.deployingradius.com [88.191.76.128]) by core3.amsl.com (Postfix) with ESMTP id 2DB0A3A69AF for ; Thu, 10 Feb 2011 04:47:21 -0800 (PST) Message-ID: <4D53DE63.2040503@deployingradius.com> Date: Thu, 10 Feb 2011 13:47:31 +0100 From: Alan DeKok User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: Sam Hartman References: <4D2C181E.8000405@deployingradius.com> In-Reply-To: X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: emu@ietf.org Subject: Re: [Emu] Channel Bindings: RADIUS or Diameter namespace X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2011 12:47:22 -0000 Sam Hartman wrote: > So, we're asking EAP methods to give us a space to stick channel > bindings data. > The channel bindings data could look like a set of > * Length > * namespace ID > * ns-specific > > namespace 0: RADIUS--a single RADIUS type and value (we already have a > length) Ah, OK. > So, assuming 1 byte for the namespace and no padding, it takes us an > extra byte over RADIUS to store a RADIUS AVP in channel binding data. > > There are obvious ways you could optimize that some. Hmm... I might be inclined to keep the namespace-specific packing. i.e. the RADIUS namespace packs RADIUS attributes, just like they would be packed in a RADIUS packet. That has slightly more overhead, and the issue of lengths potentially disagreeing. But it has the benefit of simplifying the packing/unpacking code somewhat. The issue for Diameter is that the requirements are for the data to be aligned. Does that requirement continue for the channel-bindings data? Or can we just pack Diameter data into an opaque blob, and wrap a 2-4 byte "channel binding" header around it? Alan DeKok. From hartmans@mit.edu Thu Feb 10 05:58:39 2011 Return-Path: X-Original-To: emu@core3.amsl.com Delivered-To: emu@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AF4683A6997 for ; Thu, 10 Feb 2011 05:58:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.265 X-Spam-Level: X-Spam-Status: No, score=-102.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3PejcW12sX16 for ; Thu, 10 Feb 2011 05:58:39 -0800 (PST) Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by core3.amsl.com (Postfix) with ESMTP id E371D3A6989 for ; Thu, 10 Feb 2011 05:58:38 -0800 (PST) Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 8A97E20246; Thu, 10 Feb 2011 08:56:41 -0500 (EST) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id DC5094307; Thu, 10 Feb 2011 08:58:44 -0500 (EST) From: Sam Hartman To: Alan DeKok References: <4D2C181E.8000405@deployingradius.com> <4D53DE63.2040503@deployingradius.com> Date: Thu, 10 Feb 2011 08:58:44 -0500 In-Reply-To: <4D53DE63.2040503@deployingradius.com> (Alan DeKok's message of "Thu, 10 Feb 2011 13:47:31 +0100") Message-ID: User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Sam Hartman , emu@ietf.org Subject: Re: [Emu] Channel Bindings: RADIUS or Diameter namespace X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2011 13:58:39 -0000 I considered retaining namespace-specific packing. my concern is that in the channel binding response you want to remove values. This ends up being a bit namespace specific because of VSAs but seems to argue for the channel binding logic ending up getting stuck with a fair bit of namespace specific logic. I also really wanted to avoid more than one length for a given attribute because that tends to cause problems in a security protocol--they can get out of sync. A blob of RADIUS stuff all with its own length would not suffer from the length issue so much. This is an area where I want us to decide quite quickly what the answer is going to be, but where I don't have a hugely strong opinion on what it is. I threw something out to make forward progress. So long as we can actually decide on something soon, I'm happy to change to another way of encoding. From aland@deployingradius.com Thu Feb 24 02:32:06 2011 Return-Path: X-Original-To: emu@core3.amsl.com Delivered-To: emu@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B0B873A6A5D for ; Thu, 24 Feb 2011 02:32:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.576 X-Spam-Level: X-Spam-Status: No, score=-102.576 tagged_above=-999 required=5 tests=[AWL=0.023, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gLlQ3pmzIT86 for ; Thu, 24 Feb 2011 02:32:04 -0800 (PST) Received: from liberty.deployingradius.com (liberty.deployingradius.com [88.191.76.128]) by core3.amsl.com (Postfix) with ESMTP id 3BCA23A6A55 for ; Thu, 24 Feb 2011 02:32:03 -0800 (PST) Message-ID: <4D6633D2.5020204@deployingradius.com> Date: Thu, 24 Feb 2011 11:32:50 +0100 From: Alan DeKok User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: "emu@ietf.org" X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: [Emu] Call for agenda items for IETF X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Feb 2011 10:32:06 -0000 We've asked for a 2 hour session for IETF. Please send requests for agenda items to myself and Joe Salowey. Alan DeKok. From Josh.Howlett@ja.net Fri Feb 25 02:37:27 2011 Return-Path: X-Original-To: emu@core3.amsl.com Delivered-To: emu@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ADE303A685B; Fri, 25 Feb 2011 02:37:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.855 X-Spam-Level: X-Spam-Status: No, score=-101.855 tagged_above=-999 required=5 tests=[AWL=-0.744, BAYES_05=-1.11, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HRuTjQr-0XvK; Fri, 25 Feb 2011 02:37:26 -0800 (PST) Received: from har003676.ukerna.ac.uk (har003676.ukerna.ac.uk [194.82.140.75]) by core3.amsl.com (Postfix) with ESMTP id CF2863A67D4; Fri, 25 Feb 2011 02:37:25 -0800 (PST) Received: from har003676.ukerna.ac.uk (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id 99F1E4A6B63_D678698B; Fri, 25 Feb 2011 10:38:16 +0000 (GMT) Received: from EXC001.atlas.ukerna.ac.uk (exc001.atlas.ukerna.ac.uk [193.62.83.37]) by har003676.ukerna.ac.uk (Sophos Email Appliance) with ESMTP id 816524A6B5A_D678698F; Fri, 25 Feb 2011 10:38:16 +0000 (GMT) Received: from EXC001.atlas.ukerna.ac.uk ([193.62.83.37]) by EXC001 ([193.62.83.37]) with mapi id 14.01.0218.012; Fri, 25 Feb 2011 10:38:35 +0000 From: Josh Howlett To: "moonshot-community@jiscmail.ac.uk" Thread-Topic: Moonshot GSS EAP mechanism released and Cyrus GS2 mechanism relicensed Thread-Index: AcvU2BCufwOoXtwUTM2cQcOVzwk4mA== Date: Fri, 25 Feb 2011 10:38:34 +0000 Message-ID: <55DC663C2F4F9F439F23543E0078E8B30BAC0A@EXC001> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-cr-puzzleid: {37B736D1-4D0F-4F2D-8BEB-A281203F2665} x-cr-hashedpuzzle: v4w= A7nf B4Ir CGKG DZt3 FHWA IraP NGUL OEMW PqP/ SGxo Wjvp ujkl 1PEr 5vEM /DIF; 6; YQBiAGYAYQBiAEAAaQBlAHQAZgAuAG8AcgBnADsAZQBtAHUAQABpAGUAdABmAC4AbwByAGcAOwBrAGkAdAB0AGUAbgBAAGkAZQB0AGYALgBvAHIAZwA7AG0AbwBiAGkAbABpAHQAeQBAAHQAZQByAGUAbgBhAC4AbwByAGcAOwBtAG8AbwBuAHMAaABvAHQALQBjAG8AbQBtAHUAbgBpAHQAeQBAAGoAaQBzAGMAbQBhAGkAbAAuAGEAYwAuAHUAawA7AHQAZgAtAGUAbQBjADIAQAB0AGUAcgBlAG4AYQAuAG8AcgBnAA==; Sosha1_v1; 7; {37B736D1-4D0F-4F2D-8BEB-A281203F2665}; agBvAHMAaAAuAGgAbwB3AGwAZQB0AHQAQABqAGEALgBuAGUAdAA=; Fri, 25 Feb 2011 10:37:56 GMT; TQBvAG8AbgBzAGgAbwB0ACAARwBTAFMAIABFAEEAUAAgAG0AZQBjAGgAYQBuAGkAcwBtACAAcgBlAGwAZQBhAHMAZQBkACAAYQBuAGQAIABDAHkAcgB1AHMAIABHAFMAMgAgAG0AZQBjAGgAYQBuAGkAcwBtACAAcgBlAGwAaQBjAGUAbgBzAGUAZAA= x-originating-ip: [194.82.140.76] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: Josh Howlett , TF-EMC2 , "abfab@ietf.org" , TF-Mobility + Network Middleware , "emu@ietf.org" , "kitten@ietf.org" Subject: [Emu] Moonshot GSS EAP mechanism released and Cyrus GS2 mechanism relicensed X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Feb 2011 10:37:27 -0000 (Apologies for cross-posting) I am pleased to announce the release of the Moonshot GSS EAP mechanism impl= ementation under the BSD licence, and the relicensing of PADL Software's Cy= rus SASL GS2 implementation to the BSD licence. These implement draft-ietf-= abfab-gss-eap-00 and RFC5801 respectively. These mechanisms enable the use of EAP authentication methods for applicati= ons. SAML and RADIUS attributes may be exposed to applications for authoris= ation purposes through GSS-API Naming Extensions. The mechanism is also abl= e to use EAP keying material exported by the EAP method for message integri= ty and confidentiality between client and server. The source-code can be obtained from the Project Moonshot repository: http://www.project-moonshot.org/gitweb Many thanks to Luke Howard of PADL Software Pty for this excellent work. Josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024=20 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG From hartmans@mit.edu Mon Feb 28 06:24:15 2011 Return-Path: X-Original-To: emu@core3.amsl.com Delivered-To: emu@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 984CE3A6C0A for ; Mon, 28 Feb 2011 06:24:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.265 X-Spam-Level: X-Spam-Status: No, score=-2.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id utvwxL2PoNBf for ; Mon, 28 Feb 2011 06:24:15 -0800 (PST) Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by core3.amsl.com (Postfix) with ESMTP id EAB8D3A69CC for ; Mon, 28 Feb 2011 06:24:14 -0800 (PST) Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id B3B4E20265; Mon, 28 Feb 2011 09:22:43 -0500 (EST) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 1DC914307; Mon, 28 Feb 2011 09:25:10 -0500 (EST) From: Sam Hartman To: Alan DeKok References: <4D6633D2.5020204@deployingradius.com> Date: Mon, 28 Feb 2011 09:25:10 -0500 In-Reply-To: <4D6633D2.5020204@deployingradius.com> (Alan DeKok's message of "Thu, 24 Feb 2011 11:32:50 +0100") Message-ID: User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: "emu@ietf.org" Subject: Re: [Emu] Call for agenda items for IETF X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Feb 2011 14:24:15 -0000 I'd very much like to discuss the changes to the channel binding draft. The highest level item is whether we're going in the right direction. I'd also like to come to closure on Alan's comment about whether we want each AVP split out or whether we want to reuse more of the RADIUS/whatever encoding and have one blob per namespace. From jsalowey@cisco.com Mon Feb 28 14:50:21 2011 Return-Path: X-Original-To: emu@core3.amsl.com Delivered-To: emu@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BD9483A6A21 for ; Mon, 28 Feb 2011 14:50:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -110.599 X-Spam-Level: X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0+TRI4UNWQt5 for ; Mon, 28 Feb 2011 14:50:20 -0800 (PST) Received: from sj-iport-3.cisco.com (sj-iport-3.cisco.com [171.71.176.72]) by core3.amsl.com (Postfix) with ESMTP id 7D0573A6C25 for ; Mon, 28 Feb 2011 14:50:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=jsalowey@cisco.com; l=2151; q=dns/txt; s=iport; t=1298933482; x=1300143082; h=mime-version:subject:from:date:cc: content-transfer-encoding:message-id:references:to; bh=y0Luy/z1E8MBH6a3WGR8G3Z3dQDY8DZVt3uElL4iPaU=; b=NwVjqYOEw9PvO1w/vhtHbedITtxHxmm5GLtjEAE9hZd4R0aQb+prLsf1 m6NX3Tbe0ShqKFRT8hYbkq17mI+7O8XHbx2VQ3WEUWaBWO6fc9uo+YRxI f7m3qeMTrE11Z1Z6H8hBUAq+BK2xSy9v88J1jcB0GWz9f9M26hg1waj7t Q=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AsYHAKO1a02rR7H+/2dsb2JhbACYMI4VdKAAm2GCf4JiBIUPhw2DPg X-IronPort-AV: E=Sophos;i="4.62,243,1297036800"; d="scan'208";a="271994412" Received: from sj-core-2.cisco.com ([171.71.177.254]) by sj-iport-3.cisco.com with ESMTP; 28 Feb 2011 22:51:22 +0000 Received: from [10.33.251.197] ([10.33.251.197]) by sj-core-2.cisco.com (8.13.8/8.14.3) with ESMTP id p1SMpLpu019681; Mon, 28 Feb 2011 22:51:21 GMT Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Apple Message framework v1082) From: Joe Salowey Date: Mon, 28 Feb 2011 14:52:40 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4D63D693.7020204@gridmerge.com> To: emu@ietf.org X-Mailer: Apple Mail (2.1082) Cc: robert.cragie@gridmerge.com Subject: [Emu] Fwd: [TLS] Alert processing in RFC 5216 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Feb 2011 22:50:21 -0000 Forwarding to the EMU list which works on EAP methods. =20 Begin forwarded message: > From: Robert Cragie > Date: February 22, 2011 7:30:27 AM PST > To: tls@ietf.org > Subject: [TLS] Alert processing in RFC 5216 > Reply-To: robert.cragie@gridmerge.com >=20 > I have a question about RFC 5216 (EAP-TLS) regarding the conversation = illustrated on page 10 introduced by "In the case where the server = authenticates to the peer successfully, but the peer fails to = authenticate to the server, the conversation will appear as follows:". = Shouldn't the conversation appear as follows, i.e. where the alert is = sent from the server instead of the change_cipher_spec and finished from = the server? This is because the server can tell at the point it receives = the client's finished message that authentication has failed. Or am I = missing something? >=20 > Authenticating Peer Authenticator > ------------------- ------------- > <- EAP-Request/ > Identity > EAP-Response/ > Identity (MyID) -> > <- EAP-Request/ > EAP-Type=3DEAP-TLS > (TLS Start) > EAP-Response/ > EAP-Type=3DEAP-TLS > (TLS client_hello)-> > <- EAP-Request/ > EAP-Type=3DEAP-TLS > (TLS server_hello, > TLS certificate, > [TLS server_key_exchange,] > TLS certificate_request, > TLS server_hello_done) >=20 > EAP-Response/ > EAP-Type=3DEAP-TLS > (TLS certificate, > TLS client_key_exchange, > TLS certificate_verify, > TLS change_cipher_spec, > TLS finished) -> > <- EAP-Request > EAP-Type=3DEAP-TLS > (TLS Alert message) > EAP-Response/ > EAP-Type=3DEAP-TLS -> > <- EAP-Failure > (User Disconnected) >=20 > Regards >=20 > Robert >=20 > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls