EAP Method Update (EMU) WG Minutes

Meeting : IETF-74, Wednesday 2009-03-25
Location: San Francisco
Chairs  : Joe Salowey and Alan DeKok
Minutes : Paul Hoffman and Dorothy Stanley
Version : 0
================================================

Text from the slides not repeated here

A. Agenda, Blue Sheets, Note takers
	
B. Tunnel requirements (draft-ietf-emu-eaptunnel-req-02.txt)
	
+ No comments in the room
+ 6 people have read the document, including 2 authors
- Seems like most of the issues have been worked out

Glen Zorn: will send an e-mail next week. Not major issues, some
  technical, some editorial. 

B. Channel bindings (draft-ietf-emu-chbind-01.txt)

- Presented by Katrin Hoeper
- Removed some text that had issues because it was not important
- Changed section 4 to present better
- Channel binding protocol description split into multiple 
  sections, 5.1 details the protocol itself, and 5.2 describing
  evaluation of policy consistency
- System requirements in section 6 split into General, EAP and 
  SAP transport requirements
- Lower-layer bindings. Only defined bindings for 802.11, and 
  added a new section7.1 with requirements for additional 
  protocols.

Katrin: Is the document ready for last call? Authors believe it is, 
  requesting WG review of the -01 version. 
Joe: asks for volunteers to read and post comments
+ 2 Volunteers

C. Transporting AAA Payloads (draft-clancy-emu-aaapay-01.txt)

- Author, Charles Clancy, will no longer be attending IETF
+ Three people read it

Avi Lior: It Should be WG doc, I don't have time to edit it. 
  Doc has multiple topics, We are missing a way of passing 
  attributes up to a client
Joe: We also need to deal with the channel binding issue
Avi: we need to specify which attributes are used for channel 
  binding vs "other"
Joe: Agreed, Attributes need to be clear on what is for 
  channel binding. 
Katrin: Should be WG doc We need one solution
Alan: Given that we haven’t decided on the tunneled protocol, 
  having this document using Diameter might be premature. 
Joe: All the mechanisms are flexible. Intent is for channel 
  bindings to apply to other methods, not just the tunneled 
  methods.
Joe: If we are going to move the document forward, 
  need an editor. Please send an e-mail to the chairs.


D. EAP Method for EKE Protocol (draft-sheffer-emu-eap-eke-01.txt)

- Presented by Yaron Sheffer
- EKE Patent will expire in 2011
- This is the first strong protocol for password auth with no
  need for other stuff
- Not formally proven, but believed secure
- Added a "round 0" to exchange identities and negotiation
- Added protection for the whole exchange
- Possible IPR for some additions, but not known

Comment: There are patents on requiring identities. Some 
  research should be done, since have a desire to be 
  unencumbered. 
Yaron: Original protocol passed one identity.

- Was reviewed by CFRG
  Good comments, discovered security hole
  Doing things wrong can lead to a dictionary attack
  Defined a modification of Group 14 to fix this
- Hopes this can be a WG item

Alan: Check for IPR on the change to Group 14
Joe: Asked who would find it useful after the patent expired

+ About 10
+ Five people would review

D. Finished Early