From nobody Mon Apr 1 03:45:53 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78F0412008F for ; Mon, 1 Apr 2019 03:45:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.608 X-Spam-Level: ** X-Spam-Status: No, score=2.608 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_96_XX=3.405, HTML_IMAGE_ONLY_16=1.092, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_HK_NAME_DR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2bU5nKY8zP8u for ; Mon, 1 Apr 2019 03:45:50 -0700 (PDT) Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id 377F112007A for ; Mon, 1 Apr 2019 03:45:50 -0700 (PDT) Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id DA9E53741026 for ; Mon, 1 Apr 2019 10:45:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at katezarealty.com Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id JpcrcWqG8zW7 for ; Mon, 1 Apr 2019 06:45:49 -0400 (EDT) Received: from CableLabsMacWork.hsd1.co.comcast.net (c-73-203-120-205.hsd1.co.comcast.net [73.203.120.205]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id B213437408A3 for ; Mon, 1 Apr 2019 06:45:48 -0400 (EDT) To: EMU WG From: "Dr. Pala" Organization: OpenCA Labs Message-ID: <33af57b3-950b-20e2-7aae-7fea8d07b283@openca.org> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------854FB0E768F2E36587F9196D" Content-Language: en-US Archived-At: Subject: [Emu] EAP and Transport Protocol X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Mon, 01 Apr 2019 10:45:52 -0000 X-Original-Date: Fri, 8 Mar 2019 15:51:53 -0700 X-List-Received-Date: Mon, 01 Apr 2019 10:45:52 -0000 This is a multi-part message in MIME format. --------------854FB0E768F2E36587F9196D Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hi EMU-ers, being fairly new to the EAP world, I noticed that in some environment,=20 EAP is layered on top of other protocols - in particular RADIUS and=20 DIAMETER. I guess that in some environments this make sense because of=20 accounting purposes across operators, however this makes the protocol=20 stack quite complicated. In particular, I was working on the definition of a PAM module to=20 provide SSH credentials delegation and I wanted to use EAP - however, I=20 could not find an implementation of EAP-over-TLS that could be easily=20 used. In particular, the use of the --=20 Best Regards, Massimiliano Pala, Ph.D. OpenCA Labs Director OpenCA Logo --------------854FB0E768F2E36587F9196D Content-Type: multipart/related; boundary="------------6C7CA3145AEDCE2278ABF5B5" --------------6C7CA3145AEDCE2278ABF5B5 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit

Hi EMU-ers,

being fairly new to the EAP world, I noticed that in some environment, EAP is layered on top of other protocols - in particular RADIUS and DIAMETER. I guess that in some environments this make sense because of accounting purposes across operators, however this makes the protocol stack quite complicated.

In particular, I was working on the definition of a PAM module to provide SSH credentials delegation and I wanted to use EAP - however, I could not find an implementation of EAP-over-TLS that could be easily used. In particular, the use of the

--
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo
--------------6C7CA3145AEDCE2278ABF5B5 Content-Type: image/png; name="llbfljeeghnggljc.png" Content-Transfer-Encoding: base64 Content-ID: Content-Disposition: inline; filename="llbfljeeghnggljc.png" iVBORw0KGgoAAAANSUhEUgAAAGQAAAA2CAMAAAAGesyaAAADAFBMVEUsJiEAAQAKAwMABwoX BwESCQAqDgEkEQItFQESGykaGh0WGyE1FwE9GwJHHwElJiY4JBQmKDE1KCAfLUQ8KygoMEAq MjpXKgs/MilMMR0pOFEyOUo4OTo1OkRqMgpjOBlpNxUwQV1DPz48QExdOyM4QVV+OQRRQzo1 SGdDR0lDSFJfRDFASVyaPwF+RRpNT1I9UXlwSi8+UnNDUm6hQgCPRhBdUEZTUlBKVGlPVF27 PgCaSANtUT57VBerSQOMUgxHW4KMUiepTwmJVDh6WT6KVjGCWDpRYH21TwFiYF57YgJXYXae VR+lVRZrYld1ZiB7YEuSYQBgZW+8VAlkZWjBVQCfXiqqXwG1WhPLVgedYDazXiDZVgCWZEDV WQJ1blapYjbXWgDRXACMaU6WbgCiZjnIXw9mcIixZC6pZjJ/cUeLbFdycmZ4cGnnWwNwc3Wq aS6BcGeobwndXwzkXwLgYgDaYwyMeCq/bQHJaBi9ajDMagWVegvRZxzVaAvXaQDLainqZAuv cEPrZQDQaSyockrFbSvmZwnabQLvZwDpaQB0fpPkaxGld1d+f3/3aACfeV6RfG2JfnLebSF7 gYy2fQmugQCigxW8d0K3eEr1bQXaciTicRqKgnzNewHuchbUdzKYiDzrdwKah1erjAvOfEXl eSq5g1qYjGikiHO2kADigwC2hmSZjIGGj6aHkJzQiwCximixim/EkAORkZGVkYrOh0rPiVL5 giTvhDKkk4LMjF23mR+zmTrhikrviDzsi0TAlHDCnwvKlGqpnJLdlF2boKy+m324nImkoZ+e o6XKpgrloATwl1WypZPOn3zfqQjYrgLBrVDdo3nGq5mysa/SrI7dq4bqqXTOrpWttL+6s6uw tbe/t4rhvALetpjQuqnuwwe9v8LAv7vauqD3xA68w9XBw83rvJfRwbXFyMvbxbPNyMP8zgTc zMDr0mb91xLM1ODQ1NfS1c7p0sD70bPd19PX4qj83cje4+Xr4tv54NLp7/Hy9PHw9fj6/v3Y ktvJAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAjrSURBVFjDtVcNWFPXGT6E+l9BZ0EF sTKEIQaUAIrTZdYqxqG0I3UjIuiDM0ipoyO5l0rFh2PE472EoIJKL9hQV2OxqM+USgFL4r9g EaIoQxgqKBZBR+nGGhXYdwNro0Kfkcp3ntzce/7e8/2e70PoJVDl3bMlZyurUSsaKnqESrMp lYrByozCjUOEUZORodMRVsViTjJc8GbLUGCUUstLv1SyLCGch8DGRiDPe/kY5/2HCQQTxZEE y4fb2gDI8KjjLxsjfyyc3lZgM3KixwgeY4TEzk7+kjHODbeb6u0xAhiw8XgFMOxolpP6J75U jLZfp6dzHIcBYCQbIBB4sCxDOLK6eMAVT39it57+e09ysCnDUtnrJ0vS5ZMW0PBFWDbd40G/ 85sH2KeXvj94u/flX8/2J6kYQkhkHbzWbkdH0N0UDN8sURS8uMd9dMzPL7BxIIjOayuWLBIf 70RPUPjxLouBEgVhMaYuWXQlMjwsN+eFTR4cDZ4werRDYOoAIFkrptm/Ni0gthOt9Q4yWQxc AwyWTbacW0sTDGoJen4P002/2S7LjgV6BpY1N6OO5g5eeiZTY/P9b1FzRwfKWuk9p/72ct+N puKpq32qLVaexOCCJB91aezt5y6zt7fXILSdJZjlVr1w0mCR66x6FL3QOXiUQ2a0k/sFlDlq 1LzUMQ4uxxycjl0LWO1bBsY6yXR3wSTJGxqLhdsJHDsS9cwF47XlvcQGQiXhRbih/HkQv4XO cajZb6GDu7PTFEdPkVu0k4vQyd3Jc/SUwNnB+RJ/XsI9ptZDIxMly3dbLNwGnGBJF+Id3cZM 9ui8Gjq5P/TDiRCegbOFgSKRo5e7yNHV2dnPdVb0bHfHQCevNIV/rxqrX48oFQdYcpKMtYRb juxtfqRypNACK28+j3FsqcilAD0ADuIWCt0yRa7zRNEOY2YELhW5CV2dXVKixH8BC+s8GDN9 wWKxf94zpsRiJuWmBYjgndsKFmu5Bc+D3HQXCcu7QTFTMl3HF0SLxruLvGa4zUqdMGFWqqfX 3GSxN0y6NT154i+v75zvH2thXiWgY2YVElhwYl9NYxarlr0grlQn92DQt1vBUk+nUFeHGZme gUIvl1RXr1AnV/fx6zd4v3HptM/YaXbrzmYFePu2WpowYRlJo+2PGLb2d9WE5bw1L4DcnOco 9HIcH3o02HOecMqMJhQqdLPXpArHl2uEo+Na8qZPXxw0+bVx46bFzhw3eZylM2dgwkbWW3Iy Jp9lMDe9H2/raiqPCy5/fHSCu+M7mkffoQuzQhvRhWVlj1FcWTfq6dwdElJmarxedr/u3P6C Nn7Fk95ol8wRjIMsOLGJSwLm/OMGjlFHJ7hqelDuxdMlpbU16JvqlJTamivoBjrfUgNB69zf b6Fr1TWPKmtOw9xCdLayEFWvBlaSfmEBsk6LSdTMNnQaldTe7Qfj20yveddR2toVEevCi9/f fmntR7ErtvompmyICM9qyYpZsG3FhqwNYRH5KUtyW7eGRRxfH1OHDv0ZXH6ihbSyVYzSY3Fu BkVR9LaS2wPxUxyTFpu2eGverr+dezvi0ttpOy/tTKlL2ZkWs6p4VV1Kyq60nevS8iLyi1tW hfNWzMfhYT+ArAQ+5odRBENjlRW5F/vH6O7u7urpXtvR/bQbmX/dPd3w7Ok+2Ij4ry5o0N/d Y1p7qA21FodhFRc1ctjIsXZ2Y18VcwCixNgcWlgVbUiue3b3J33te7497vv/oT1Bj5/7br1R grYlfrReSqmwPDyK0GqOUHKWj/RwP0J0ZlmsK3o2HP+7Qt9HBr3BYH5aNL3FG/+ul8sjKcxH dRJFGJkhfKxgmM2rUoaSg5h4GAwXJsF00dRGq+/21k2EF7o50oNswrNfsYUQKRBIZWIFh3lu aLNe1F++bjXGyWyzZiGoYFYLx5Ys4v0R3GWRdBHNErBiSiqVRhHMyeaYrMQ4SENWCvEcfhCm GIzpqKlm27KTSWUcAX1goBw5oATctDb33aLTYV5SWoaXP5+gyqlFdnZ23nB+plcnREv0RWJC BVkrrBJ1BewMmlVpgRUQF7wpItMJTcsJ34GBRVaFdQZaqoqxFmSb3qDQgu1A2GI4YAnODkQY IOhklDKzo2C1IV2sijzdhjorqwefNdL6ihxzegU7SynexHgBMXy+xWFG8qvdf91D8WpRi41q KFl02YaswYNkULTeLC9CFFK4bDHDMmZbhnuXSOdAsnN1LxgfVu7ZvG8LpSJUlO/gnaWQFwYv JpZeKdUaSC8ApuhIShYQYp5yWQ0oPgVXPtkcHz/fx5rqqzosHSSlBYHIxKSolJcUsIIpnzkh mt4b7Z/tOzBRQWaA6uNCNdet0nxLkL8CgzeQKIlCXaHjXR9MlqQn9Y1fNd5RE0zF/ryKwVR/ JMnsI3S8Umcw6NRYxRuUKqk3lfnKeGcTySAx5hy+7WfgZOv4uLLl0w8wUah71QLBpJeXq/eM VVivV8jz6lB2ofWF6i1dEYRZfMJ4piE+ZweNeb7A2VVyKEx6vjt1z/ghMehVKiUpyt1VYBXC N6j0Q4Mazp7TvvndhIaGhqqvP1bwFk0YRYR5RoLR+PkWmlIpV/oEDQ6jB9Wc3Z6bm6zLTtLl gLC4LVWXz5Q1ffbV5oZ24wmsV/NeKTlirmg+u/q7w7/38PDdeKF8UBgXs2kV4WUC0YR/KOLv Pby3L5O30yvG9vY/6vX8JSbb2je96coXX5QPznqfokKKEPWBAwd20ApaTWsP7LnTfsd42at3 +B+H7+zRUfwZZMutN6baHCX5+Ou9Zy4f3nuiKr7KaHxoNDbsSwhp6htvfyg3Zw901G+ttVlT Ja34/E+fvrXmvY3713xy6tSZfadOJby7X1P/vwn/MeaYr0mF7IMEq690Gu95KwQq5L5K+f59 qGUtaZMSciHMKjdVbY6zFqRC/pv3LgxY5tcW0pjIpGGJ7+89kxBnbXZSmjuz7CeyihyG8fbd XXYdrWlqQg+sZWTdzPqBB68VEdnkzDY0lHSjSD9/GRpaMt3OWqLpQENOTf/PpP8CK9ZVVe2a 8XoAAAAASUVORK5CYII= --------------6C7CA3145AEDCE2278ABF5B5-- --------------854FB0E768F2E36587F9196D-- From nobody Mon Apr 1 04:16:26 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B96C1200F9 for ; Mon, 1 Apr 2019 04:16:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9qb7ZqTQ78Kv for ; Mon, 1 Apr 2019 04:16:21 -0700 (PDT) Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) by ietfa.amsl.com (Postfix) with ESMTP id 41DC11200E3 for ; Mon, 1 Apr 2019 04:16:20 -0700 (PDT) Received: from [192.168.46.58] (198-84-237-221.cpe.teksavvy.com [198.84.237.221]) by mail.networkradius.com (Postfix) with ESMTPSA id 3A21B2F6; Mon, 1 Apr 2019 11:16:19 +0000 (UTC) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) From: Alan DeKok In-Reply-To: <33af57b3-950b-20e2-7aae-7fea8d07b283@openca.org> Date: Mon, 1 Apr 2019 07:16:16 -0400 Cc: EMU WG Content-Transfer-Encoding: quoted-printable Message-Id: <5DF500CA-4D6F-4A03-A5E0-6F410D67370B@deployingradius.com> References: <33af57b3-950b-20e2-7aae-7fea8d07b283@openca.org> To: "Dr. Pala" X-Mailer: Apple Mail (2.3445.102.3) Archived-At: Subject: Re: [Emu] EAP and Transport Protocol X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Apr 2019 11:16:23 -0000 On Mar 8, 2019, at 5:51 PM, Dr. Pala wrote: >=20 > being fairly new to the EAP world, I noticed that in some environment, = EAP is layered on top of other protocols - in particular RADIUS and = DIAMETER. EAP was originally over PPP. Now it's mostly RADIUS. There may be = increasing use in the Diameter space. > I guess that in some environments this make sense because of = accounting purposes across operators, however this makes the protocol = stack quite complicated. For TTLS, it can be: * Ethernet * IP * UDP * RADIUS * EAP * EAP-TTLS * TLS * EAP * EAP-MSCHAPv2 * MSCHAPv2 credentials Yes, it's complicated. > In particular, I was working on the definition of a PAM module to = provide SSH credentials delegation and I wanted to use EAP - however, I = could not find an implementation of EAP-over-TLS that could be easily = used. hostap. It has both client and server implementations of most EAP = types. See also "eapol_test" for an example of integrating it into a = simple application. There's really no other choice. Open Source implementations of EAP are few and far between. On the = server side, it's only hostap and FreeRADIUS. On the client side, it's = hostap. There used to be "xsupplicant" and "open1x" on the client side, but = those have been dead for 10 years. > In particular, the use of the=20 Early truncation? Alan DeKok. From nobody Mon Apr 1 09:24:29 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03AB812038C for ; Mon, 1 Apr 2019 09:24:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9qMy5Fxq_jxk for ; Mon, 1 Apr 2019 09:24:24 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94369120390 for ; Mon, 1 Apr 2019 09:24:24 -0700 (PDT) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id 7B5803808A; Mon, 1 Apr 2019 12:23:37 -0400 (EDT) Received: by sandelman.ca (Postfix, from userid 179) id BCB68FF4; Mon, 1 Apr 2019 12:24:22 -0400 (EDT) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id B6F2626; Mon, 1 Apr 2019 12:24:22 -0400 (EDT) From: Michael Richardson To: "Dr. Pala" , EMU WG In-Reply-To: <5DF500CA-4D6F-4A03-A5E0-6F410D67370B@deployingradius.com> References: <33af57b3-950b-20e2-7aae-7fea8d07b283@openca.org> <5DF500CA-4D6F-4A03-A5E0-6F410D67370B@deployingradius.com> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Emu] EAP and Transport Protocol X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Apr 2019 16:24:27 -0000 --=-=-= Content-Type: text/plain Alan DeKok wrote: >> being fairly new to the EAP world, I noticed that in some environment, >> EAP is layered on top of other protocols - in particular RADIUS and >> DIAMETER. > EAP was originally over PPP. Now it's mostly RADIUS. There may be > increasing use in the Diameter space. I would say it differently, because radius and PPP are not equivalent. EAP was originally over-PPP connected to over-Radius. EAP is now more commonly over-802.1x connected over-Radius. With Diameter replacing Radius in some environments. EAP is "end-to-end" supplicant to Authentication Server. (I know you (Alan) know this, but others might not) > For TTLS, it can be: > * Ethernet > * IP > * UDP > * RADIUS > * EAP > * EAP-TTLS > * TLS > * EAP > * EAP-MSCHAPv2 > * MSCHAPv2 credentials > Yes, it's complicated. :-) > Open Source implementations of EAP are few and far between. On the > server side, it's only hostap and FreeRADIUS. On the client side, it's > hostap. > There used to be "xsupplicant" and "open1x" on the client side, but > those have been dead for 10 years. >> In particular, the use of the > Early truncation? lack of fragmentation :-) -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlyiOzYACgkQgItw+93Q 3WVyeggAvdvLhr1Kwk/WRSZyvQy2aMNwHDpw5jEjN9WaSmv0nKh4Jq42UKO5mReG 8NXQ760vrIUX026E2ee6cd9x5vqaLPvczAd82iUvGPm5VbQbu2PRxjUuCTJDt9sy hG4TwwjGBsbQBdmkU1Goivg+VfJDfxUumhusON/ih2qKrjYzFrOwBYVk6umC8Vub z3IObK1hyc45o2beIKL5UX8BK09v0cv9lIoYuqvYGwn6lr8u75AI8IeLhxu1iAF1 IeUokWdFKdrThRE2siUxjbRRWpMvD7r/e/nynhpYm/+622EMmKsZkfFoLRj90bAm vFhLEX5Bs9NfXtGgaGxN3B4MFILE1Q== =a8eg -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Apr 2 02:00:21 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A379120094 for ; Tue, 2 Apr 2019 02:00:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ktfc31N7YXq2 for ; Tue, 2 Apr 2019 02:00:15 -0700 (PDT) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60062.outbound.protection.outlook.com [40.107.6.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B6E512008C for ; Tue, 2 Apr 2019 02:00:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Hl8DaMSS6CRVaoBSnscduWH2UGnDX+rN7ZNJFQYxqrU=; b=Jf+bIxYijRzxwHYSfpxq+kGqqJB5izk4uTbXu2cs2xhvRvsmy45CHZGxnzI2M0yi23OJJBooI27XV2pjMbfC98R8UtZluihayt0atS2tH3AOaYM7aYAVx2ZM8mpXniFwgse/3SDvGtepdXfkrclpPhepqi7IMhYqxWYpm5R7bbs= Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com (10.168.98.146) by HE1PR0701MB2297.eurprd07.prod.outlook.com (10.168.127.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.9; Tue, 2 Apr 2019 09:00:12 +0000 Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::6877:aa58:3e6:6a4b]) by HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::6877:aa58:3e6:6a4b%5]) with mapi id 15.20.1771.007; Tue, 2 Apr 2019 09:00:12 +0000 From: Mohit Sethi M To: "emu@ietf.org" Thread-Topic: Minutes from EMU @ IETF104 Thread-Index: AQHU6TJ6umAr7cHJH02impTwoLWoDg== Date: Tue, 2 Apr 2019 09:00:12 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 x-originating-ip: [89.166.49.243] x-clientproxiedby: HE1P195CA0014.EURP195.PROD.OUTLOOK.COM (2603:10a6:3:fd::24) To HE1PR0701MB2905.eurprd07.prod.outlook.com (2603:10a6:3:57::18) authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9a9a0b66-0401-4e7a-d2f0-08d6b7499d27 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600139)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:HE1PR0701MB2297; x-ms-traffictypediagnostic: HE1PR0701MB2297: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-forefront-prvs: 0995196AA2 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(346002)(396003)(39860400002)(376002)(136003)(189003)(53754006)(199004)(2906002)(97736004)(31686004)(6916009)(66066001)(71200400001)(71190400001)(5660300002)(65956001)(256004)(58126008)(26005)(102836004)(25786009)(478600001)(7736002)(4744005)(186003)(6436002)(3846002)(106356001)(6116002)(99286004)(65806001)(305945005)(2616005)(105586002)(2351001)(36756003)(6486002)(486006)(65826007)(966005)(86362001)(1730700003)(81156014)(8676002)(81166006)(14454004)(53936002)(476003)(5640700003)(6512007)(8936002)(52116002)(2501003)(68736007)(386003)(6506007)(6306002)(316002)(31696002)(64126003); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2297; H:HE1PR0701MB2905.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: ccVse0SVf5D+VJlZJM6RrNatV26qshXY300NNp2p4CnmKiP9e5rGq4VV2wIvKzMyVlmlIIZcZcE80c99Mlw9MbqPMze0L4o9RoqmpJN49igB8Rga7/OaS3t5oqtQu810IIZf4HG/V0utT+5KfZTcnBjUAC1ATSbRwxBXqAnGnLXsplT1n6ZKXYpAjrxxTQbppm5iSiqporvgia5AjiMCXc7KnMsfqBz/RBKNEZLoZuDkc0ugfP22iUsU1RO/J1z+cDl64LDLOn3cQ6035BioaLrHx8CS9G4SIWROyqyWWBZ/L3e/ecUZVSmnXJLhVSSyKnzuS2pJdwArUa9hAw6d3+JIU/CP2sjq58pCMZp9GHE6LhgA5mp/DQaU1yeDihPw1msJIAozbRIrz4wBcCP7hy0+Ir5+nnZr4V8LRTKhCTo= Content-Type: text/plain; charset="utf-8" Content-ID: <0A7C3D217BDD9847A0ECA88C89141511@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9a9a0b66-0401-4e7a-d2f0-08d6b7499d27 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Apr 2019 09:00:12.1136 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2297 Archived-At: Subject: [Emu] Minutes from EMU @ IETF104 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Apr 2019 09:00:19 -0000 SGkgYWxsLA0KDQpUaGFuayB5b3UgZm9yIHBhcnRpY2lwYXRpbmcgaW4gdGhlIEVNVSBzZXNzaW9u IGF0IElFVEYgMTA0LiBBIHNwZWNpYWwgDQp0aGFuayB5b3UgdG8gTWF4IGZvciB0YWtpbmcgdGhl IG1pbnV0ZXMgYW5kIHRvIEVsbGlvdCBmb3Igc2VydmluZyBhcyB0aGUgDQpqYWJiZXIgc2NyaWJl Lg0KDQpNaW51dGVzIGZyb20gdGhlIEVNVSBzZXNzaW9uIGF0IElFVEYgMTA0IGhhdmUgbm93IGJl ZW4gdXBsb2FkZWQ6DQpodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL21lZXRpbmcvMTA0L21h dGVyaWFscy9taW51dGVzLTEwNC1lbXUtMDANCg0KUGxlYXNlIHJlcG9ydCBhbnkgaXNzdWVzIGJ5 IEFwcmlsIDksIDIwMTkuDQoNCkpvZSBhbmQgTW9oaXQNCg0K From nobody Tue Apr 2 22:37:46 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E152120499 for ; Tue, 2 Apr 2019 22:37:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Aa2aLxK7ZNPz for ; Tue, 2 Apr 2019 22:37:40 -0700 (PDT) Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB880120019 for ; Tue, 2 Apr 2019 22:37:40 -0700 (PDT) Received: by mail-qt1-x82a.google.com with SMTP id v32so17859801qtc.10 for ; Tue, 02 Apr 2019 22:37:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=L1qirsiO7qLSu88vtq6zX7PE4zJmiATrx/MkSzZ3CRs=; b=DLfF87jImqIjy9Eh52PeDiyD0jXTa68mlAztfVYd1kuElLVrWF5MSYJEYPEWqKBANZ 92uKoVzlrr9CAlOYT52UqQpV5dSQnV3Uzj3WX1OY2N8jiOeM3q2ZIZkf/vWLptKHu1SM Qeh7nYkU2qv9jr7vr1EeIM/11OArWJ00wfVi+4e6vaMV9xDMQvmtgvce/Pi5+rXzVoh2 LZjJ28DeyBVqhh1wL+Sxaz5CLo0mi4hMZ/AsdfsNl6y6PwVeRsgpft9rdNwKO018/FAE cs13hiIKX5bHXg1pSztZogvZuGXWTanUnTANVIrlVEZe21SBvzDLb7FMdq2VRijC2WtB zMjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=L1qirsiO7qLSu88vtq6zX7PE4zJmiATrx/MkSzZ3CRs=; b=S4rtk2275FqkhUMpqH2/4Tw18Ct4s92b6qGeJ9cPdo41M3QO6rP5yG1rXh86qzpo9F nP2CmTJ2L3RunE1jQ5fYcSaMx6/J484VfA0Y3qgyNIA8gIRE2Hz4MomMxThh4ybfpwNV PTumNvSVBUThSA0k/PnFRZvfu/eFWZnx5VYSRhCFvusW4fGNarYY2+lvphuoDJ/co/vb C30d2TQU6dUb6gpJlS4SysV3XKUi3dBkmGwGz1G9XNDIycY1EgxNT8RFXyOYyhKNNf+i U2kp46D1zIFIJH7IvHuMKqRo1n2/3pd27Kh+iUX5VjcuDMIFQuNGTtLfknTnetqDl8k4 4LDQ== X-Gm-Message-State: APjAAAXpvLrraQ3I0bFir22zVoizqVTdmMfOLVjM7A8fm8hhDAhRjqY9 kkebiz4RVv8PFrEnQqkkF9B8/uHC+HmaEoQsYfYqVHj7lpuWVg== X-Google-Smtp-Source: APXvYqwpZV2tvPBPu0qVjO9nPZUc9WtNwYjJg1XnsiCsp0+DeAF2Vd7xNMkXM2cb7egMukbY+2dNw6zErU6W+5jIeQc= X-Received: by 2002:a0c:949c:: with SMTP id j28mr14222820qvj.18.1554269859660; Tue, 02 Apr 2019 22:37:39 -0700 (PDT) MIME-Version: 1.0 References: <20357.1553893062@dooku.sandelman.ca> <3A358E18-F3C3-40FF-BF87-DEB963549BE8@deployingradius.com> <8549.1553993591@dooku.sandelman.ca> In-Reply-To: <8549.1553993591@dooku.sandelman.ca> From: Joseph Salowey Date: Tue, 2 Apr 2019 22:37:28 -0700 Message-ID: To: Michael Richardson Cc: Alan DeKok , emu@ietf.org Content-Type: multipart/alternative; boundary="000000000000dee34a058599a66c" Archived-At: Subject: Re: [Emu] EAP-AKA' and Re: WG adoption call for draft-arkko-eap-aka-pfs X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Apr 2019 05:37:45 -0000 --000000000000dee34a058599a66c Content-Type: text/plain; charset="UTF-8" Thanks for reviving this thread. I agree this is important work, but we need to have consensus to bring the item into the working group. I think the IPR issue is the main sticking point. I'll note that RFC 5448 has a similar IPR declaration and both documents are targeted as informational. Some possible ways forward: 1. Come up with an alternative proposal. Since no one has already stepped forward I don't think this is realistic. 2. Accept the document into the working group. 3. Reject the document, which will force the work to go through the independent submission process, which will probably result in less broad and thorough review. 4. Amendment to the license terms of the IPR - I have received no indication that this will happen The document will likely get published in either case 2 or 3 above. I'd like to work through this discussion over the next few weeks so please voice your views on this thread. Thanks, Joe On Sat, Mar 30, 2019 at 5:53 PM Michael Richardson wrote: > > Alan DeKok wrote: > > Let's be realistic about the IETF. While we pretend that we have > > individual contributors, the reality is that large companies fund > huge > > chunks of it. Those companies effectively shield individual > > contributors from patent lawsuits. i.e. no one will sue an employee > of > > Cisco about a standard, they will instead sue Cisco directly. > > Actually, nobody seems to sue the majors except other majors. > Nobody seems to sue small entities that have no money except patent trolls. > > > Michael and I have no such protection. As an implementor of > EAP-SIM > > and EAP-AKA, he may be personally liable. As the person hosting the > > web site and source code, I may also be personally liable. > > I don't think you can be sued for patent infringemenet for writing about > the patent, only for using it. Copyright, yes, but not patents. > > > And realistically, Open Source has driven the explosion of tech > > companies in the past 10 years. I think few companies could have > been > > profitable if they had paid license fees for an OS, web server, etc. > > So there should be a vested interest in protecting open source as > part > > of the IETF standardization process. > > I agree with you, and so it borders on seriously insulting to open source > authors to have these super-vague IPR claims show up from non-technical > lawyers. > > Let me restate my original opinion: > - if this is important to 5G, then anything that gets in the way of > adoption is a problem. If it's not important enough to fix the IPR, > then it's actually that important. > - adopting AKA is very important. > > > -- > ] Never tell me the odds! | ipv6 mesh > networks [ > ] Michael Richardson, Sandelman Software Works | network > architect [ > ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on > rails [ > > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu > --000000000000dee34a058599a66c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks for reviving this thread.=C2=A0 I agree this is imp= ortant work, but we need to have consensus to bring the item into the worki= ng group.=C2=A0 I think the IPR issue is the main sticking point.=C2=A0
I'll note that RFC 5448 has a similar IPR declaration a= nd both documents are targeted as informational.=C2=A0 =C2=A0Some possible = ways forward:

1. Come up with an alternative propo= sal.=C2=A0 Since no one has already stepped forward I don't think this = is realistic.=C2=A0
2. Accept the document into the working group= .
3. Reject the document, which will force the work to go thr= ough the independent submission process, which will probably result in less= broad and thorough review.=C2=A0=C2=A0
4. Amendment to the licen= se terms of the IPR - I have received no indication that this will happen

The document will likely get published in either ca= se 2 or 3 above.=C2=A0 I'd like to work through this discussion over th= e next few weeks so please voice your views on this thread.=C2=A0=C2=A0

Thanks,
Joe



On Sat, Mar 30, 2019 at 5:53 PM Michael Richardson <mcr+ietf@sandelman.ca> wrote:

Alan DeKok <aland@deployingradius.com> wrote:
=C2=A0 =C2=A0 >=C2=A0 =C2=A0Let's be realistic about the IETF.=C2=A0= While we pretend that we have
=C2=A0 =C2=A0 > individual contributors, the reality is that large compa= nies fund huge
=C2=A0 =C2=A0 > chunks of it.=C2=A0 Those companies effectively shield i= ndividual
=C2=A0 =C2=A0 > contributors from patent lawsuits.=C2=A0 i.e. no one wil= l sue an employee of
=C2=A0 =C2=A0 > Cisco about a standard, they will instead sue Cisco dire= ctly.

Actually, nobody seems to sue the majors except other majors.
Nobody seems to sue small entities that have no money except patent trolls.=

=C2=A0 =C2=A0 >=C2=A0 =C2=A0Michael and I have no such protection.=C2=A0= As an implementor of EAP-SIM
=C2=A0 =C2=A0 > and EAP-AKA, he may be personally liable.=C2=A0 As the p= erson hosting the
=C2=A0 =C2=A0 > web site and source code, I may also be personally liabl= e.

I don't think you can be sued for patent infringemenet for writing abou= t
the patent, only for using it.=C2=A0 =C2=A0 Copyright, yes, but not patents= .

=C2=A0 =C2=A0 >=C2=A0 =C2=A0And realistically, Open Source has driven th= e explosion of tech
=C2=A0 =C2=A0 > companies in the past 10 years.=C2=A0 I think few compan= ies could have been
=C2=A0 =C2=A0 > profitable if they had paid license fees for an OS, web = server, etc.
=C2=A0 =C2=A0 > So there should be a vested interest in protecting open = source as part
=C2=A0 =C2=A0 > of the IETF standardization process.

I agree with you, and so it borders on seriously insulting to open source authors to have these super-vague IPR claims show up from non-technical
lawyers.

Let me restate my original opinion:
=C2=A0 =C2=A0- if this is important to 5G, then anything that gets in the w= ay of
=C2=A0 =C2=A0 =C2=A0adoption is a problem.=C2=A0 If it's not important = enough to fix the IPR,
=C2=A0 =C2=A0 =C2=A0then it's actually that important.
=C2=A0 =C2=A0- adopting AKA is very important.


--
]=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Never tell me the o= dds!=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| ipv6 me= sh networks [
]=C2=A0 =C2=A0Michael Richardson, Sandelman Software Works=C2=A0 =C2=A0 =C2= =A0 =C2=A0 | network architect=C2=A0 [
]=C2=A0 =C2=A0 =C2=A0= mcr@sandelman.ca=C2=A0 http://www.sandelman.ca/=C2=A0 =C2=A0 =C2=A0 = =C2=A0 |=C2=A0 =C2=A0ruby on rails=C2=A0 =C2=A0 [


_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
--000000000000dee34a058599a66c-- From nobody Wed Apr 3 02:58:50 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 440DD12008C for ; Wed, 3 Apr 2019 02:58:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ssautbnHmhTb for ; Wed, 3 Apr 2019 02:58:45 -0700 (PDT) Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20066.outbound.protection.outlook.com [40.107.2.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67A5112001E for ; Wed, 3 Apr 2019 02:58:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z/bKz9l5aqWYYNpnV6li1abNvKvK4CX/x+Ah25AkLcY=; b=Rjcr+yqLw7ErI0WPcpbGOTpdlXRWkuAfzF4YoahrTYb3X9e97fdOU60vifAejPRTcNsbSDfuy7zwj8a+ihQSq41TiV9CnaMEG8rJ4kkxcxqcoCTPQWg4sak4iHWZ+AAFGisovyuetLfVrC5CbOpcGWCoJlCFQBQL2kczjFi6yak= Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.166.22) by HE1PR07MB0956.eurprd07.prod.outlook.com (10.162.27.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.6; Wed, 3 Apr 2019 09:58:42 +0000 Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::91bd:a367:2414:b4bc]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::91bd:a367:2414:b4bc%5]) with mapi id 15.20.1771.007; Wed, 3 Apr 2019 09:58:42 +0000 From: John Mattsson To: 'EMU WG' , "mcr+ietf@sandelman.ca" Thread-Topic: [Emu] EAP-AKA' and Re: WG adoption call for draft-arkko-eap-aka-pfs Thread-Index: AQHU6gPRQTyYPRuqyEaivrs158AcHw== Date: Wed, 3 Apr 2019 09:58:42 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.17.1.190326 authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com; x-originating-ip: [82.214.46.143] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 259c47ff-a806-4f59-bebd-08d6b81af420 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600139)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:HE1PR07MB0956; x-ms-traffictypediagnostic: HE1PR07MB0956: x-microsoft-antispam-prvs: x-forefront-prvs: 0996D1900D x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(396003)(366004)(136003)(346002)(376002)(199004)(189003)(83716004)(3846002)(8676002)(105586002)(6512007)(81166006)(81156014)(14444005)(71190400001)(186003)(6486002)(486006)(26005)(68736007)(82746002)(106356001)(102836004)(99286004)(33656002)(58126008)(478600001)(110136005)(8936002)(86362001)(14454004)(25786009)(6436002)(256004)(53936002)(66066001)(44832011)(316002)(97736004)(2616005)(305945005)(7736002)(5660300002)(6506007)(2906002)(71200400001)(36756003)(6116002)(476003); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB0956; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: MTKIcqiJ4WEut6iiONPHFSXkbxMJqbTU8eWJmOqFlEYB/x9zNub/N5XUK2mQTiSWtZqA0VuBO+irQO0Hry8EiZTqpSNmblWF/858ChgGDhobnouoLQj6vGj1XR0tYVhYMsULSXZwJS4UtMIgazVDYFD3gTEMO15SFCUUo14I3ot1s55qZKl7eFN/yM4surhResWOPBDR8yd6AHDgI1ImrtBrzkDruyRT38F8/YzCnDbTiyUFmwRPDh+RSWTS/o0I/3Oo7YSs6tDe9eR7tP3HiZZTrFIljEaqBYVaEPRhbi/2CkmfQCkb0QUGrIjf5hOWHCpPEsvQkN3w1H32QX9QbEBKqGnhtlyc+00E8MEoKf5ENU9p5ddrLgw/pngrBi0odvpEcbvFlMNvR0Zu5UpXU06DhwqLY72+z6g3nmJl/qI= Content-Type: text/plain; charset="utf-8" Content-ID: <2F68447AF556B044A1AFCDB4970B7673@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 259c47ff-a806-4f59-bebd-08d6b81af420 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2019 09:58:42.2750 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB0956 Archived-At: Subject: [Emu] EAP-AKA' and Re: WG adoption call for draft-arkko-eap-aka-pfs X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Apr 2019 09:58:48 -0000 TWljaGFlbCBSaWNoYXJkc29uIDxtY3IraWV0ZkBzYW5kZWxtYW4uY2E+IHdyb3RlOg0KDQo+SSBp bXBsZW1lbnRlZCBzZXJ2ZXIgc2lkZSBFQVAtU0lNIGFuZCBFQVAtQUtBIGJhY2sgMTYgc29tZSB5 ZWFycyBhZ28uDQo+QmFzZWQgdXBvbiB0aGUgbWFueSBlbWFpbHMgSSBnb3QgYXNraW5nIGZvciBo ZWxwIGNvbmZpZ3VyaW5nIEVBUC1TSU0sIGFuZA0KPnRoZSB6ZXJvIEkgZ290IGZvciBFQVAtQUtB LCBJIGhhdmUgbmV2ZXIgYmVlbiBzdXJlIHRvIHdoYXQgZXh0ZW5kIEFLQQ0KPnJlYWxseSBnbyBv dXQgdGhlcmUuICBJcyB0aGUgbmFuby1TSU0gaW4gbXkgcGhvbmUgU0lNIG9yIGRpZCBpdCBtdXRh dGUgaW50bw0KPkFLQT8gIEkgbmV2ZXIgcXVpdGUga25ldy4NCj4NCj5JIHdhcyBhbHdheXMgdmVy eSBzYWQgdGhhdCBBS0EgZGlkIG5vdCBnZXQgbW9yZSB1cHRha2UgYXMgaXQgYXV0aGVudGljYXRl cw0KPnRoZSBuZXR3b3JrIHRvIHRoZSBwaG9uZSwgYW5kIHRoZXJlZm9yZSB3b3VsZCBoYXZlIChh cyBJIHVuZGVyc3RhbmQgdGhpbmdzKQ0KPmRlZmVuZGVkIGFnYWluc3QgIlN0aW5ncmF5IiBsaWtl IGVxdWlwbWVudCB1c2VkIHdpdGhvdXQganVkaWNpYWwgcmV2aWV3LA0KPnJlcXVpcmluZyBpbnRl cmNlcHRvcnMgdG8gc2lnbmlmaWNhbnRseSBpbnZvbHZlIHRlbGNvIGluIHN1Y2ggdGhpbmdzLCBh bmQNCj5saW1pdGluZyB3aG8gdGhleSB3b3VsZCBhY3R1YWxseSAiY2F0Y2giLiAgLi4uIEkndmUg aGVhcmQgb3RoZXIgY2xhaW1zIHRvby4NCg0KU2V2ZXJhbCBpbmRlcGVuZGVudCB0aGluZ3MgaGVy ZSwgZmlyc3QgdGhlcmUgYXJlIDQgZGlmZmVyZW50IGZvcm0gZmFjdG9ycyBmb3IgcmVtb3ZhYmxl IFVJQ0NzIChha2EgIlNJTSBjYXJkcyIpDQoxRkYgKCJGdWxsLXNpemUiKSA9IElELTENCjJGRiAo Ik1pbmktU0lNIikgPSBJRC0wMDANCjNGRiAoIk1pY3JvLVNJTSIpID0gTWluaS1VSUNDDQo0RkYg KCJOYW5vLVNJTSIpDQoNCk9uIHRoZSBVSUNDLCB0aGVyZSBhcmUgZWl0aGVyIGEgU0lNIGFwcGxp Y2F0aW9uICgyRyksIGFuIFVTSU0gYXBwbGljYXRpb24gKDNHKSBvciBib3RoLiBJZiB5b3UgbGl2 ZSBpbiBhIGNvdW50cnkgdGhhdCBoYXZlIDRHIGFuZCBkbyBub3QgdXNlIGEgdmVyeSBvbGQgU0lN LWNhcmQsIHlvdXIgU0lNLWNhcmQgaGF2ZSBVU0lNIGFuZCBjYW4gZG8gQUtBIHdpdGggbmV0d29y ayBhdXRoZW50aWNhdGlvbi4gQXV0aGVudGljYXRpb24gdG8gYSA0Ry9MVEUgbmV0d29yayByZXF1 aXJlcyBhIFVTSU0gYW5kIGFsd2F5cyB1c2UgQUtBIHdpdGggbmV0d29yayBhdXRoZW50aWNhdGlv bi4NCg0KVHdvIG1haW4gdHlwZXMgb2YgIlN0aW5ncmF5IGxpa2UgZXF1aXBtZW50Ig0KDQotIG9u ZSBpcyBwYXNzaXZlIElNU0kgY2F0Y2hlcnMuIFRoZXkganVzdCBwYXNzaXZlbHkgZWF2ZXNkcm9w IHRvIGNhdGNoIGlkZW50aXRpZXMuIFRoZXNlIHdpbGwgYmUgbWl0aWdhdGVkIGluIDVHIHdpdGgg RUNJRVMgZW5jcnlwdGlvbiBvZiB0aGUgaWRlbnRpdGllcyBhcyBsb25nIGFzIHlvdXIgb3BlcmF0 b3IgcHJvdmlzaW9ucyBpdHMgcHVibGljIGtleSBvbiB0aGUgVUlDQy4NCg0KLSB0aGUgb3RoZXIg aXMgYWN0aXZlIGZhbHNlIGJhc2Ugc3RhdGlvbnMuIE1hbnkgb3BlcmF0b3JzIGFyb3VuZCB0aGUg d29ybGQgaGFzIGFscmVhZHkgdHVybmVkIG9mZiB0aGVpciAyRy9HU00gbmV0d29ya3MuIFRoZSBv bmx5IHJlYXNvbiB0aGlzIGF0dGFjayBzdGlsbCB3b3JrcyBpcyB0aGF0IHlvdXIgcGhvbmUgaGFw cGlseSBjb25uZWN0cyB0byBmYWxzZSAyRyBuZXR3b3JrIGlzIG9mZmVycyB0aGUgYmVzdCBzaWdu YWwuIE5laXRoZXIgaU9TIChBcHBsZSkgbm9yIEFuZHJvaWQgKEdvb2dsZSkgYWxsb3dzIHlvdSB0 byBldmVuIG1hbnVhbGx5IHR1cm4gb2ZmIDJHLiBUaGV5IGJvdGggYWxsb3cgeW91IHRvIHR1cm4g b2ZmIDRHIGZvciBiYXR0ZXJ5IHNhdmluZ3MgYnV0IG5vdCAyRyBmb3Igc2VjdXJpdHkgcmVhc29u cy4gQXNrIHRoZSBjb21wYW55IHRoYXQgbWFkZSB5b3VyIHBob25lIDspDQoNCkNoZWVycywNCkpv aG4NCg0KDQo= From nobody Wed Apr 3 04:59:50 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87C89120089 for ; Wed, 3 Apr 2019 04:59:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, LOTS_OF_MONEY=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id geQbtLe7AsQn for ; Wed, 3 Apr 2019 04:59:46 -0700 (PDT) Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) by ietfa.amsl.com (Postfix) with ESMTP id D970F1200D5 for ; Wed, 3 Apr 2019 04:59:45 -0700 (PDT) Received: from [192.168.46.58] (198-84-237-221.cpe.teksavvy.com [198.84.237.221]) by mail.networkradius.com (Postfix) with ESMTPSA id A69595A3; Wed, 3 Apr 2019 11:59:43 +0000 (UTC) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) From: Alan DeKok In-Reply-To: Date: Wed, 3 Apr 2019 07:59:37 -0400 Cc: Michael Richardson , emu@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20357.1553893062@dooku.sandelman.ca> <3A358E18-F3C3-40FF-BF87-DEB963549BE8@deployingradius.com> <8549.1553993591@dooku.sandelman.ca> To: Joseph Salowey X-Mailer: Apple Mail (2.3445.102.3) Archived-At: Subject: Re: [Emu] EAP-AKA' and Re: WG adoption call for draft-arkko-eap-aka-pfs X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Apr 2019 11:59:49 -0000 On Apr 3, 2019, at 1:37 AM, Joseph Salowey wrote: >=20 > Thanks for reviving this thread. I agree this is important work, but = we need to have consensus to bring the item into the working group. I = think the IPR issue is the main sticking point.=20 >=20 > I'll note that RFC 5448 has a similar IPR declaration and both = documents are targeted as informational. Some possible ways forward: >=20 > 1. Come up with an alternative proposal. Since no one has already = stepped forward I don't think this is realistic.=20 > 2. Accept the document into the working group. > 3. Reject the document, which will force the work to go through the = independent submission process, which will probably result in less broad = and thorough review. =20 > 4. Amendment to the license terms of the IPR - I have received no = indication that this will happen >=20 > The document will likely get published in either case 2 or 3 above. = I'd like to work through this discussion over the next few weeks so = please voice your views on this thread. =20 Despite my misgivings, I think (2) is necessary here. It would be helpful for the IETF as a whole to acknowledge the = importance of Open Source in the IETF process. And, that "RAND" = licensing isn't necessarily RAND when fees are involved. e.g. "Reasonable and Non-Discriminatory License to All Implementers = with Possible Royalty/Fee"=20 OK, *what* is that fee? A million dollars for a 5G operator / vendor? = How much should an Open Source implementation pay? Alan DeKok. From nobody Wed Apr 3 08:47:24 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C50E120148 for ; Wed, 3 Apr 2019 08:47:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WJOo1r939eXG for ; Wed, 3 Apr 2019 08:47:03 -0700 (PDT) Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by ietfa.amsl.com (Postfix) with ESMTP id D7FCB12010F for ; Wed, 3 Apr 2019 08:46:59 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 0024166013A; Wed, 3 Apr 2019 18:46:56 +0300 (EEST) Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hLg6UVvV3zRm; Wed, 3 Apr 2019 18:46:53 +0300 (EEST) Received: from [127.0.0.1] (p130.piuha.net [IPv6:2001:14b8:1829::130]) by p130.piuha.net (Postfix) with ESMTPS id D1BC0660118; Wed, 3 Apr 2019 18:46:53 +0300 (EEST) From: Jari Arkko Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_6DD0220E-964C-4764-9657-43834C17C6AB" Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Date: Wed, 3 Apr 2019 18:46:53 +0300 In-Reply-To: <20357.1553893062@dooku.sandelman.ca> Cc: emu@ietf.org To: Michael Richardson References: <20357.1553893062@dooku.sandelman.ca> X-Mailer: Apple Mail (2.3273) Archived-At: Subject: Re: [Emu] EAP-AKA' and Re: WG adoption call for draft-arkko-eap-aka-pfs X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Apr 2019 15:47:10 -0000 --Apple-Mail=_6DD0220E-964C-4764-9657-43834C17C6AB Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Michael, Thanks for your comments. A couple of responses: with regards to deployment, there=E2=80=99s some = amount of EAP SIM/AKA deployment, but until now it hasn=E2=80=99t been = for the primary mobile network access. It was only used for Wireless = LANs when you have a SIM card. Nevertheless, both protocols are very = widely implemented and very likely available on your phone. Future usage = is a guess, of course. 5G has two mandatory-to-implement authentication = approaches for mobile networks: the traditional, native AKA and EAP = (which defaults to EAP-AKA=E2=80=99). That is a much bigger potential = for usage. An optimistic future is where the use of EAP in this context = grows, and we use it to evolve the authentication so that improvements = can be more easily and frequently added. A less optimistic future is one = where we don=E2=80=99t really change the protocols to defend against new = attacks, e.g., pervasive monitoring. I don=E2=80=99t know which future = will actually happen but I=E2=80=99m willing to work towards the better = one :-) With regards to IMSI catchers, John already responded. And about the difficult-to-read sentences=E2=80=A6 I can work on that. = Thanks for the feedback. With regards to the AT_KDF text that you quoted, that=E2=80=99s not new, = it was part of RFC 5448, but can surely be improved. But the basic idea = is that if the server proposes KDFs A, B, and C, then if A is acceptable = to the peer, it will just do it. If A wants something else then it needs = to propose it by responding to the server by sending the AT_KDF = attribute back. If it sends A then obviously something is wrong, that = should not happen and the server will refuse to do that. The peer needs = to send either B or C, and then the server will use the chosen one in = the next round of messages. With regards to new versions and putting things in one or multiple = documents, my opinion is that 5448 clarifications deserve to be done = separately from significant new functionality such as the PFS. If we do = complete the PFS work and the IETF feels like stating it is required to = implement, we can state that at that time. But, I think now is too = early. With regards to AT_BIDDING, it is on purpose there only to prevent = bidding down from EAP-AKA=E2=80=99 to EAP-AKA. And again unchanged from = RFC 5448 (the diffs are here btw: = http://www.arkko.com/ietf/eap/draft-ietf-emu-rfc5448bis-from-rfc5448.diff.= html = ). It is true that one could (probably) design a more general = facility to protect against bidding down attacks in EAP more generally. = Again, that feels like a separate and fairly significant piece of work. = The specific EAP-AKA/EAP-AKA=E2=80=99 case solves an important subclass = of the general problem, though, and has been around for a long time. Jari --Apple-Mail=_6DD0220E-964C-4764-9657-43834C17C6AB Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Michael,

Thanks for your comments.

A couple of responses: with regards to = deployment, there=E2=80=99s some amount of EAP SIM/AKA deployment, but = until now it hasn=E2=80=99t been for the primary mobile network access. = It was only used for Wireless LANs when you have a SIM card. = Nevertheless, both protocols are very widely implemented and very likely = available on your phone. Future usage is a guess, of course. 5G has two = mandatory-to-implement authentication approaches for mobile networks: = the traditional, native AKA and EAP (which defaults to EAP-AKA=E2=80=99). = That is a much bigger potential for usage. An optimistic future is where = the use of EAP in this context grows, and we use it to evolve the = authentication so that improvements can be more easily and frequently = added. A less optimistic future is one where we don=E2=80=99t really = change the protocols to defend against new attacks, e.g., pervasive = monitoring. I don=E2=80=99t know which future will actually happen but = I=E2=80=99m willing to work towards the better one :-)

With regards to IMSI = catchers, John already responded.

And about the difficult-to-read = sentences=E2=80=A6 I can work on that. Thanks for the = feedback.

With = regards to the AT_KDF text that you quoted, that=E2=80=99s not new, it = was part of RFC 5448, but can surely be improved. But the basic idea is = that if the server proposes KDFs A, B, and C, then if A is acceptable to = the peer, it will just do it. If A wants something else then it needs to = propose it by responding to the server by sending the AT_KDF attribute = back. If it sends A then obviously something is wrong, that should not = happen and the server will refuse to do that. The peer needs to send = either B or C, and then the server will use the chosen one in the next = round of messages.

With regards to new versions and putting things in one or = multiple documents, my opinion is that 5448 clarifications deserve to be = done separately from significant new functionality such as the PFS. If = we do complete the PFS work and the IETF feels like stating it is = required to implement, we can state that at that time. But, I think now = is too early.

With regards to AT_BIDDING, it is on purpose there only to = prevent bidding down from EAP-AKA=E2=80=99 to EAP-AKA. And again = unchanged from RFC 5448 (the diffs are here btw: http://www.arkko.com/ietf/eap/draft-ietf-emu-rfc5448bis-from-rf= c5448.diff.html). It is true that one could (probably) design a more = general facility to protect against bidding down attacks in EAP more = generally. Again, that feels like a separate and fairly significant = piece of work. The specific EAP-AKA/EAP-AKA=E2=80=99 case solves an = important subclass of the general problem, though, and has been around = for a long time.

Jari

= --Apple-Mail=_6DD0220E-964C-4764-9657-43834C17C6AB-- From nobody Wed Apr 3 10:50:19 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D85612018E for ; Wed, 3 Apr 2019 10:50:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YF6iK-2Ya5Qb for ; Wed, 3 Apr 2019 10:50:14 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5F0612018B for ; Wed, 3 Apr 2019 10:50:14 -0700 (PDT) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id 69A5238274; Wed, 3 Apr 2019 13:49:25 -0400 (EDT) Received: by sandelman.ca (Postfix, from userid 179) id B7F3AD1E; Wed, 3 Apr 2019 13:50:13 -0400 (EDT) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id B58FECCC; Wed, 3 Apr 2019 13:50:13 -0400 (EDT) From: Michael Richardson To: John Mattsson cc: "'EMU WG'" In-Reply-To: References: X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Emu] EAP-AKA' and Re: WG adoption call for draft-arkko-eap-aka-pfs X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Apr 2019 17:50:17 -0000 --=-=-= Content-Type: text/plain John Mattsson wrote: >> I was always very sad that AKA did not get more uptake as it authenticates >> the network to the phone, and therefore would have (as I understand things) >> defended against "Stingray" like equipment used without judicial review, >> requiring interceptors to significantly involve telco in such things, and >> limiting who they would actually "catch". ... I've heard other claims too. > Several independent things here, first there are 4 different form > factors for removable UICCs (aka "SIM cards") > 1FF ("Full-size") = ID-1 > 2FF ("Mini-SIM") = ID-000 > 3FF ("Micro-SIM") = Mini-UICC > 4FF ("Nano-SIM") Yes, I knew that the original AKA form factor was different, and that this was a limitation on why we still had "SIM" cards, but then I thought that when we went to mini, that the form factors "converged", and you confirm that: > On the UICC, there are either a SIM application (2G), an USIM > application (3G) or both. If you live in a country that have 4G and do > not use a very old SIM-card, your SIM-card have USIM and can do AKA > with network authentication. Authentication to a 4G/LTE network > requires a USIM and always use AKA with network authentication. Good to know, thanks for this explanation. > - the other is active false base stations. Many operators around the > world has already turned off their 2G/GSM networks. The only reason > this attack still works is that your phone happily connects to false 2G > network is offers the best signal. Neither iOS (Apple) nor Android > (Google) allows you to even manually turn off 2G. They both allow you > to turn off 4G for battery savings but not 2G for security reasons. Ask > the company that made your phone ;) Sad to know. Thanks for explaining this. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlyk8lUACgkQgItw+93Q 3WUDNgf/cCrPa1Ut0h+YWt4am9MlIqvb8ce7Pz+dX1ZrIYuCgDYnLF7856k8D/Q3 2wdPBul9o/A8kg5s2YkkQzkCx86OgRspY7nGtohd2++rCBPAjNOvHRxm+5mQWKG2 aSeL+7/1ImrhoNTGFz9sNnA6/I9L52poJxI0JkkpwqZR9eOIq64+Cq61/nOLNaoi utu12uMKRqYJEVZ4JVhYtMFE8lyAI3TndqLvUZ3jTFOn6mt8PN3KwlfFjz6WbmHw J9V9XPbo9XMcwkIR8l3aMp9szZ5uBfS5duYtqFtZU749ux1iq2vyl6aD4UdNzXOz ON/sDBo6CK7VukDzUOuk52ULM5j0Ng== =VOUp -----END PGP SIGNATURE----- --=-=-=-- From nobody Sat Apr 6 02:10:16 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA1B012030E for ; Sat, 6 Apr 2019 02:10:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.002 X-Spam-Level: X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0FLlx4KtXfsr for ; Sat, 6 Apr 2019 02:10:11 -0700 (PDT) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140087.outbound.protection.outlook.com [40.107.14.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE255120004 for ; Sat, 6 Apr 2019 02:10:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Bw//iyr1P2c4PGenkMrVarQDocn4oz30sTJDpVOzVm8=; b=dyNVtgMBG+Zw6SAx+yAbOcHVER5H2Dcs3pJfi1F83YwKgK0p2bKf8nbOEn/LBmVxlGOnhRkvHkQ9eqU3J6T8jyz7rqdFqzwAPCduBjl3DQMRZC6GvJbc8uMFX4YWqjdfzn0PuC4lRe9Rj+ok2hgp8LzuHgciDPRlR27SHa4QJWM= Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.166.22) by HE1PR07MB4364.eurprd07.prod.outlook.com (20.176.167.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.8; Sat, 6 Apr 2019 09:10:07 +0000 Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::d49e:f22a:1e0b:f888]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::d49e:f22a:1e0b:f888%5]) with mapi id 15.20.1792.007; Sat, 6 Apr 2019 09:10:07 +0000 From: John Mattsson To: 'EMU WG' Thread-Topic: [Emu] EAP-AKA' and Re: WG adoption call for draft-arkko-eap-aka-pfs Thread-Index: AQHU7FiHcL9PDuOrKEez1ygtOt6UZg== Date: Sat, 6 Apr 2019 09:10:07 +0000 Message-ID: <7478CD5B-219B-4929-BD3E-0798E41F1B90@ericsson.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.17.1.190326 authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com; x-originating-ip: [82.214.46.143] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 3501fbf3-809d-43b2-35e6-08d6ba6faa1e x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(7193020); SRVR:HE1PR07MB4364; x-ms-traffictypediagnostic: HE1PR07MB4364: x-ms-exchange-purlcount: 3 x-microsoft-antispam-prvs: x-forefront-prvs: 0999136621 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(366004)(346002)(376002)(396003)(39860400002)(189003)(199004)(53546011)(6506007)(476003)(6116002)(6486002)(44832011)(6246003)(3846002)(2616005)(105586002)(2906002)(6306002)(6916009)(6512007)(316002)(229853002)(86362001)(58126008)(66574012)(5660300002)(14454004)(36756003)(486006)(966005)(53936002)(478600001)(82746002)(561944003)(256004)(71190400001)(25786009)(305945005)(33656002)(99286004)(102836004)(83716004)(14444005)(6436002)(71200400001)(8676002)(97736004)(8936002)(66066001)(26005)(68736007)(81156014)(106356001)(81166006)(186003)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4364; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: TvTpMVcoxC7NBinBmMuvOsYI7jk19QRqVqUHgPAUeeWM9ZpiKH6zQ1K9Vx+5YpUuNcwVXLhACyHXNWQ79QQBshzuTHmvsF/YjBY8Cu00lXhnhe2EnqXvJcFEhGTnpZGaPp5n+u6e3+3xgC15ydqFM/S7LiRP1yRPgLESngrpzIqMCkeyBX7y6T13T5kM5SrbWKkwRmf+VJxWlEG6rUB/ZBaNIvDikKKJ0V+kNqBczHeE1YQEah9JpY3VeMK5LDVVZzSdH9TFoEusQt78yvkItyElPyIGC/YjgluI5ObLGKCUp2f/E6cXfI1+I0OsZR4idYJR7D9Vsn08bcuOUMZ2Rk7kleCftxR37rUtgkyqfZJWNrRvu0NMOQs2+OBuC1Y6OoVfaKsgkOYu7cwbzhs9mDn9QZqvwfvrzG9lKCojhJ8= Content-Type: text/plain; charset="utf-8" Content-ID: <57445E327CD33348A4B69FE103A2A0B0@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3501fbf3-809d-43b2-35e6-08d6ba6faa1e X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2019 09:10:07.6255 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4364 Archived-At: Subject: Re: [Emu] EAP-AKA' and Re: WG adoption call for draft-arkko-eap-aka-pfs X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Apr 2019 09:10:14 -0000 SSB0aGluayBpdCBpcyBvZiB1dHRlciBpbXBvcnRhbmNlIHRoYXQgUEZTIGZvciBBS0EgZ2V0cyBw dWJsaXNoZWQgYW5kIGRlcGxveWVkLiBUaGUgZ3JlYXQgU0lNIGhlaXN0IHdhcyBhIGRpc2FzdGVy IGZvciBjZWxsdWxhciBzZWN1cml0eS4gVGhlIGV4dGVuc2lvbiBvZiB0aGUgaGVpc3QgaXMgbm90 IGtub3duLCBhbmQgdGhlIHJlcG9ydCBmcm9tIEdlbWFsdG8gd2FzIGEgam9rZSB0cnlpbmcgdG8g c3dlZXAgdGhpbmcgdW5kZXIgdGhlIHJ1Zy4gUG90ZW50aWFsbHkgYmlsbGlvbnMgb2Ygc2VjcmV0 IGtleXMgd2hlcmUgY29tcHJvbWlzZWQsIGVuYWJsaW5nIHBlcnZhc2l2ZSBtb25pdG9yaW5nIG9u IGEgZ2xvYmFsIHNjYWxlLiBUaGUgaGVpc3QgZGlkIG5vdCBvbmx5IGVuYWJsZSB0cmFja2luZyBv ZiB1c2VycywgYnV0IGFsc28gcGFzc2l2ZSBlYXZlc2Ryb3BwaW5nIG9mIGNvbW11bmljYXRpb24g ZnJvbSB0aGVzZSBkZXZpY2VzIGFzIHdlbGwgYXMgaW5zdGFsbGF0aW9uIG9mIG1hbHdhcmUuDQoN Cmh0dHBzOi8vd3d3Lmthc3BlcnNreS5jb20vYmxvZy9nZW1hbHRvLXNpbS1oYWNrLzc3NzQvDQpo dHRwczovL3RoZWludGVyY2VwdC5jb20vMjAxNS8wMi8xOS9ncmVhdC1zaW0taGVpc3QvDQpodHRw czovL21vdGhlcmJvYXJkLnZpY2UuY29tL2VuX3VzL2FydGljbGUvNHgzNTRiL3dvcmxkcy1sYXJn ZXN0LXNpbS1jYXJkLW1ha2VyLWhhcy1uby1jbHVlLXdoZXRoZXItaXQtd2FzLWhhY2tlZC1ieS10 aGUtbnNhDQoNCkV2ZW4gaWYgQUtBIGlzIHByaW1hcmlseSBhIDNHUFAgdGVjaG5vbG9neSwgSUVU RiBoYXMgYSB2ZXJ5IGltcG9ydGFudCByb2xlIHRvIHBsYXkgYXMgYSBkcml2aW5nIGZvcmNlIGFu ZCBndWFyZGlhbiBvZiBzZWN1cml0eSBhbmQgcHJpdmFjeSBmb3IgYWxsIEludGVybmV0IHVzZXJz LiBJRVRGIHRvb2sgYW4gZWFybHkgc3RhbmNlIGluIGZpZ2h0aW5nIHBlcnZhc2l2ZSBtb25pdG9y aW5nIGV2ZXJ5d2hlcmUgYW5kIEJDUCAxODggcmVxdWlyZXMgSUVURiB3b3JrIHRvIG1pdGlnYXRl IHBlcnZhc2l2ZSBtb25pdG9yaW5nIHdoZW4gcG9zc2libGUuIFByb3ZpZGluZyBwZXJmZWN0IGZv cndhcmQgc2VjcmVjeSBmb3Igc2Vzc2lvbiBrZXlzIGhhcyBiZWVuIGlkZW50aWZpZWQgYXMgb25l IG9mIHRoZSBlYXNpZXN0IGFuZCBtb3N0IGVmZmljaWVudCB3YXlzIHRvIGZpZ2h0IHBlcnZhc2l2 ZSBtb25pdG9yaW5nLg0KDQpKb2huDQoNCk9uIEFwciAzLCAyMDE5LCBhdCAxOjM3IEFNLCBKb3Nl cGggU2Fsb3dleSA8am9lQHNhbG93ZXkubmV0Pjsgd3JvdGU6DQo+IA0KPiBUaGFua3MgZm9yIHJl dml2aW5nIHRoaXMgdGhyZWFkLiAgSSBhZ3JlZSB0aGlzIGlzIGltcG9ydGFudCB3b3JrLCBidXQg d2UgbmVlZCB0byBoYXZlIGNvbnNlbnN1cyB0byBicmluZyB0aGUgaXRlbSBpbnRvIHRoZSB3b3Jr aW5nIGdyb3VwLiAgSSB0aGluayB0aGUgSVBSIGlzc3VlIGlzIHRoZSBtYWluIHN0aWNraW5nIHBv aW50LiANCj4gDQo+IEknbGwgbm90ZSB0aGF0IFJGQyA1NDQ4IGhhcyBhIHNpbWlsYXIgSVBSIGRl Y2xhcmF0aW9uIGFuZCBib3RoIGRvY3VtZW50cyBhcmUgdGFyZ2V0ZWQgYXMgaW5mb3JtYXRpb25h bC4gICBTb21lIHBvc3NpYmxlIHdheXMgZm9yd2FyZDoNCj4gDQo+IDEuIENvbWUgdXAgd2l0aCBh biBhbHRlcm5hdGl2ZSBwcm9wb3NhbC4gIFNpbmNlIG5vIG9uZSBoYXMgYWxyZWFkeSBzdGVwcGVk IGZvcndhcmQgSSBkb24ndCB0aGluayB0aGlzIGlzIHJlYWxpc3RpYy4gDQo+IDIuIEFjY2VwdCB0 aGUgZG9jdW1lbnQgaW50byB0aGUgd29ya2luZyBncm91cC4NCj4gMy4gUmVqZWN0IHRoZSBkb2N1 bWVudCwgd2hpY2ggd2lsbCBmb3JjZSB0aGUgd29yayB0byBnbyB0aHJvdWdoIHRoZSBpbmRlcGVu ZGVudCBzdWJtaXNzaW9uIHByb2Nlc3MsIHdoaWNoIHdpbGwgcHJvYmFibHkgcmVzdWx0IGluIGxl c3MgYnJvYWQgYW5kIHRob3JvdWdoIHJldmlldy4gIA0KPiA0LiBBbWVuZG1lbnQgdG8gdGhlIGxp Y2Vuc2UgdGVybXMgb2YgdGhlIElQUiAtIEkgaGF2ZSByZWNlaXZlZCBubyBpbmRpY2F0aW9uIHRo YXQgdGhpcyB3aWxsIGhhcHBlbg0KPiANCj4gVGhlIGRvY3VtZW50IHdpbGwgbGlrZWx5IGdldCBw dWJsaXNoZWQgaW4gZWl0aGVyIGNhc2UgMiBvciAzIGFib3ZlLiAgSSdkIGxpa2UgdG8gd29yayB0 aHJvdWdoIHRoaXMgZGlzY3Vzc2lvbiBvdmVyIHRoZSBuZXh0IGZldyB3ZWVrcyBzbyBwbGVhc2Ug dm9pY2UgeW91ciB2aWV3cyBvbiB0aGlzIHRocmVhZC4gIA0KPg0KPlRoYW5rcywNCj5Kb2UNCg0K