From cemckay@nsa.gov Thu Jul 17 10:48:05 2014 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CC6D1A026F for ; Thu, 17 Jul 2014 10:48:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.001 X-Spam-Level: X-Spam-Status: No, score=-5.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qPTr-s-RbdYO for ; Thu, 17 Jul 2014 10:48:03 -0700 (PDT) Received: from emvm-gh1-uea08.nsa.gov (emvm-gh1-uea08.nsa.gov [63.239.67.9]) by ietfa.amsl.com (Postfix) with ESMTP id 5B7F81A0062 for ; Thu, 17 Jul 2014 10:48:03 -0700 (PDT) X-TM-IMSS-Message-ID: <85cd5a1000107295@nsa.gov> Received: from MSHT-GH1-UEA02.corp.nsa.gov ([10.215.227.181]) by nsa.gov ([63.239.67.9]) with ESMTP (TREND IMSS SMTP Service 7.1; TLSv1/SSLv3 AES128-SHA (128/128)) id 85cd5a1000107295 ; Thu, 17 Jul 2014 13:48:12 -0400 Received: from MSMR-GH1-UEA03.corp.nsa.gov (10.215.224.3) by MSHT-GH1-UEA02.corp.nsa.gov (10.215.227.181) with Microsoft SMTP Server (TLS) id 14.2.347.0; Thu, 17 Jul 2014 13:48:02 -0400 Received: from MSMR-GH1-UEA08.corp.nsa.gov ([10.215.225.3]) by MSMR-GH1-UEA03.corp.nsa.gov ([10.215.224.3]) with mapi id 14.02.0342.003; Thu, 17 Jul 2014 13:48:01 -0400 From: "Mckay, Clinton E" To: "'emu@ietf.org'" Thread-Topic: possible update to EAP-TLS standard Thread-Index: Ac+h50DvA8u/xszCTk6x0ZdXTp7CRQ== Date: Thu, 17 Jul 2014 17:48:01 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.215.224.46] Content-Type: multipart/alternative; boundary="_000_D41DF0088DC7C249B0A274612CF16A300190086B2AMSMRGH1UEA08c_" MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/emu/utNc-slAHeHdsoeLaDj-r4_qrSg X-Mailman-Approved-At: Thu, 17 Jul 2014 10:59:07 -0700 Subject: [Emu] possible update to EAP-TLS standard X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jul 2014 17:49:18 -0000 --_000_D41DF0088DC7C249B0A274612CF16A300190086B2AMSMRGH1UEA08c_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Although I see that the EMU WG concluded earlier this year, I'd like to ask= those on this mail list to consider whether an update to RFC 5216 may be w= orth pursuing. Wireless LAN deployments commonly leverage the EAP-TLS standard. The IEEE t= ook steps earlier this year to raise the bar for wireless security through = publishing the new 802.11ac standard. RFC 5216 currently requires TLS 1.0, and the only mandatory cipher suite sp= ecified is TLS_RSA_WITH_3DES_EDE_CBC_SHA. I'd like to suggest updating the = standard in a manner that also requires mandatory support for TLS 1.2 and E= CDHE_ECDSA AEAD cipher suites. Best regards, Clint Clint McKay NSA Information Assurance --_000_D41DF0088DC7C249B0A274612CF16A300190086B2AMSMRGH1UEA08c_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Although I see that the EMU WG concluded earlier thi= s year, I’d like to ask those on this mail list to consider whether a= n update to RFC 5216 may be worth pursuing.

Wireless LAN deployments commonly leverage the EAP-T= LS standard. The IEEE took steps earlier this year to raise the bar for wir= eless security through publishing the new 802.11ac standard.

RFC 5216 currently requires TLS 1.0, and the only ma= ndatory cipher suite specified is TLS_RSA_WITH_3DES_EDE_CBC_SHA. I’d = like to suggest updating the standard in a manner that also requires mandat= ory support for TLS 1.2 and ECDHE_ECDSA AEAD cipher suites.

 

Best regards,

Clint

 

Clint McKay

NSA Information Assurance

 

--_000_D41DF0088DC7C249B0A274612CF16A300190086B2AMSMRGH1UEA08c_--