Skip to main content

Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS)
draft-ietf-emu-aka-pfs-12

Revision differences

Document history

Date Rev. By Action
2024-05-08
12 Liz Flynn Downref to RFC 9048 approved by Last Call for draft-ietf-emu-aka-pfs-12
2024-05-08
12 Liz Flynn Downref to RFC 7624 approved by Last Call for draft-ietf-emu-aka-pfs-12
2024-05-08
12 Liz Flynn Downref to RFC 5448 approved by Last Call for draft-ietf-emu-aka-pfs-12
2024-05-08
12 Liz Flynn Downref to RFC 4187 approved by Last Call for draft-ietf-emu-aka-pfs-12
2024-04-19
12 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2024-04-19
12 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2024-04-19
12 (System) IANA Action state changed to In Progress from Waiting on Authors
2024-04-16
12 (System) IANA Action state changed to Waiting on Authors from In Progress
2024-04-15
12 (System) RFC Editor state changed to EDIT
2024-04-15
12 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2024-04-15
12 (System) Announcement was received by RFC Editor
2024-04-15
12 (System) IANA Action state changed to In Progress
2024-04-15
12 Liz Flynn IESG state changed to Approved-announcement sent from Approved-announcement to be sent
2024-04-15
12 Liz Flynn IESG has approved the document
2024-04-15
12 Liz Flynn Closed "Approve" ballot
2024-04-15
12 Liz Flynn Ballot approval text was generated
2024-04-15
12 (System) Removed all action holders (IESG state changed)
2024-04-15
12 Paul Wouters IESG state changed to Approved-announcement to be sent from Waiting for AD Go-Ahead
2024-04-14
12 Murray Kucherawy
[Ballot comment]
Thanks for this work.  Thanks also to Sean Turner for the ARTART review.

And thanks for resolving the DISCUSS question around the document's …
[Ballot comment]
Thanks for this work.  Thanks also to Sean Turner for the ARTART review.

And thanks for resolving the DISCUSS question around the document's status.  The rest of my original comment is left here for reference.

===

Section 7:

The use of "RECOMMENDED" in Section 7 is peculiar.  As prescriptive interoperability or security advice, to whom does it apply?

Section 8:

BCP 26 strongly urges that a Specification Required registry has advice for the Designated Experts, but this document contains none.  Is there nothing to say here?

Francesca's point also needs attention.

===

Additional comments from incoming ART AD, Orie Steele:

6.5.2

> The peer identifier SHALL comply
  with the privacy-friendly requirements of [RFC9190].

ought to be a MUST?

Section 7

  > As discussed earlier (see Section 1 and Section 4.3, forward secrecy
  is an important countermeasure against well-resourced adversaries
  that who may get access to the long-term keys, see Section 1.  Many
  of the attacks against these keys can be best dealt [mitigated] with improved
  processes, e.g., [restricting] limiting the access to the key material within the
  [a] factory or personnel, etc.  But not all attacks can be entirely ruled
  out for well-resourced adversaries, irrespective of what the
  technical algorithms and protection measures are.  And the likelihood
  of practically feasible attacks has increased.  To assume that a
  breach is inevitable or has likely already occurred [NSA-ZT], and to
  minimize impact when breaches occur [NIST-ZT] are essential zero
  trust principles.  One type of breach is key compromise or key
  exfiltration.

I'd recommend rewording much of this section.

7.1

Perhaps there is a better word than "forget", consider "destroy", possibly with a call out defense against forensic analysis.
2024-04-14
12 Murray Kucherawy [Ballot Position Update] Position for Murray Kucherawy has been changed to No Objection from Discuss
2024-03-06
12 (System) IESG state changed to Waiting for AD Go-Ahead from In Last Call
2024-03-05
12 (System) IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed
2024-03-05
12 David Dong
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-emu-aka-pfs-12; we had previously reviewed draft-ietf-emu-aka-pfs-11 as well. If any part of this …
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-emu-aka-pfs-12; we had previously reviewed draft-ietf-emu-aka-pfs-11 as well. If any part of this review is inaccurate, please let us know.

IANA understands that, upon approval of this document, there are two actions which we must complete.

First, in the Attribute Types (Skippable Attributes 128-255) registry in the EAP-AKA and EAP-SIM Parameters registry group located at:

https://www.iana.org/assignments/eapsimaka-numbers/

two new registrations are to be made as follows:

Value: [ TBD-at-Registration ]
Description: AT_PUB_ECDHE
Reference: [ RFC-to-be ]

Value: [ TBD-at-Registration ]
Description: AT_KDF_FS
Reference: [ RFC-to-be ]

This document requests registrations in an Expert Review or Specification Required (see RFC 8126) registry; we had previously completed the required Expert Review.

Second, a new registry is to be created called the EAP-AKA' AT_KDF_FS Key Derivation Function Values registry. The new registry is to be located on the EAP-AKA and EAP-SIM Parameters registry page located at:

https://www.iana.org/assignments/eapsimaka-numbers/

The new registry will be managed via Specification Required as defined in RFC 8126. There are initial registrations in the new registry as follows:

Value Description Reference
0 Reserved [ RFC-to-be ]
1 EAP-AKA' with ECDHE and X25519 [ RFC-to-be ]
2 EAP-AKA' with ECDHE and P-256 [ RFC-to-be ]
3-65535 Unassigned

We understand that these are the only actions required to be completed upon approval of this document.

NOTE: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Sr. Specialist
2024-02-21
12 Cindy Morgan
The following Last Call announcement was sent out (ends 2024-03-06):

From: The IESG
To: IETF-Announce
CC: draft-ietf-emu-aka-pfs@ietf.org, emu-chairs@ietf.org, emu@ietf.org, paul.wouters@aiven.io, peter@akayla.com …
The following Last Call announcement was sent out (ends 2024-03-06):

From: The IESG
To: IETF-Announce
CC: draft-ietf-emu-aka-pfs@ietf.org, emu-chairs@ietf.org, emu@ietf.org, paul.wouters@aiven.io, peter@akayla.com
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS)) to Proposed Standard


The IESG has received a request from the EAP Method Update WG (emu) to
consider the following document: - 'Forward Secrecy for the Extensible
Authentication Protocol Method for
  Authentication and Key Agreement (EAP-AKA' FS)'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2024-03-06. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  This document updates RFC 9048, the improved Extensible
  Authentication Protocol Method for 3GPP Mobile Network Authentication
  and Key Agreement (EAP-AKA'), with an optional extension providing
  ephemeral key exchange.  Similarly, this document also updates the
  earlier version of the EAP-AKA' specification in RFC 5448.  The
  extension EAP-AKA' Forward Secrecy (EAP-AKA' FS), when negotiated,
  provides forward secrecy for the session keys generated as a part of
  the authentication run in EAP-AKA'.  This prevents an attacker who
  has gained access to the long-term key from obtaining session keys
  established in the past, assuming these have been properly deleted.
  In addition, EAP-AKA' FS mitigates passive attacks (e.g., large scale
  pervasive monitoring) against future sessions.  This forces attackers
  to use active attacks instead.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-emu-aka-pfs/


The following IPR Declarations may be related to this I-D:

  https://datatracker.ietf.org/ipr/3097/
  https://datatracker.ietf.org/ipr/3098/



The document contains these normative downward references.
See RFC 3967 for additional information:
    rfc4187: Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA) (Informational - Internet Engineering Task Force (IETF))
    rfc5448: Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA') (Informational - Internet Engineering Task Force (IETF))
    rfc7624: Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement (Informational - Internet Architecture Board (IAB))
    rfc9048: Improved Extensible Authentication Protocol Method for 3GPP Mobile Network Authentication and Key Agreement (EAP-AKA') (Informational - Internet Engineering Task Force (IETF))



2024-02-21
12 Cindy Morgan IESG state changed to In Last Call from Last Call Requested
2024-02-21
12 Cindy Morgan Last call announcement was generated
2024-02-21
12 Paul Wouters Last call was requested
2024-02-21
12 Paul Wouters IESG state changed to Last Call Requested from IESG Evaluation::AD Followup
2024-02-21
12 Paul Wouters Last call announcement was changed
2024-02-21
12 Paul Wouters Intended Status changed to Proposed Standard from Informational
2024-02-19
12 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2024-02-19
12 Jari Arkko New version available: draft-ietf-emu-aka-pfs-12.txt
2024-02-19
12 Jari Arkko New version accepted (logged-in submitter: Jari Arkko)
2024-02-19
12 Jari Arkko Uploaded new revision
2024-01-18
11 Cindy Morgan IESG state changed to IESG Evaluation::AD Followup from IESG Evaluation
2024-01-18
11 Robert Wilton
[Ballot comment]
Hi,

Thanks for this document, just one relatively minor suggestion.  I suggest dropping the first paragraph of the abstract and just keep the …
[Ballot comment]
Hi,

Thanks for this document, just one relatively minor suggestion.  I suggest dropping the first paragraph of the abstract and just keep the second.  The first paragraph seems to be about justifying why this document exists which I think is much better placed in the introduction, or a background subsection of the introduction.  This shortens the abstract to just describing what the document is.

Regards,
Rob
2024-01-18
11 Robert Wilton [Ballot Position Update] New position, No Objection, has been recorded for Robert Wilton
2024-01-17
11 Murray Kucherawy
[Ballot comment]
Thanks for this work.  Thanks also to Sean Turner for the ARTART review.

Section 7:

The use of "RECOMMENDED" in Section 7 is …
[Ballot comment]
Thanks for this work.  Thanks also to Sean Turner for the ARTART review.

Section 7:

The use of "RECOMMENDED" in Section 7 is peculiar.  As prescriptive interoperability or security advice, to whom does it apply?

Section 8:

BCP 26 strongly urges that a Specification Required registry has advice for the Designated Experts, but this document contains none.  Is there nothing to say here?

Francesca's point also needs attention.

===

Additional comments from incoming ART AD, Orie Steele:

6.5.2

> The peer identifier SHALL comply
  with the privacy-friendly requirements of [RFC9190].

ought to be a MUST?

Section 7

  > As discussed earlier (see Section 1 and Section 4.3, forward secrecy
  is an important countermeasure against well-resourced adversaries
  that who may get access to the long-term keys, see Section 1.  Many
  of the attacks against these keys can be best dealt [mitigated] with improved
  processes, e.g., [restricting] limiting the access to the key material within the
  [a] factory or personnel, etc.  But not all attacks can be entirely ruled
  out for well-resourced adversaries, irrespective of what the
  technical algorithms and protection measures are.  And the likelihood
  of practically feasible attacks has increased.  To assume that a
  breach is inevitable or has likely already occurred [NSA-ZT], and to
  minimize impact when breaches occur [NIST-ZT] are essential zero
  trust principles.  One type of breach is key compromise or key
  exfiltration.

I'd recommend rewording much of this section.

7.1

Perhaps there is a better word than "forget", consider "destroy", possibly with a call out defense against forensic analysis.
2024-01-17
11 Murray Kucherawy Ballot comment text updated for Murray Kucherawy
2024-01-17
11 Roman Danyliw
[Ballot comment]
Thank you to Carl Wallace for the SECDIR review.

** Section 1.  Editorial
  However, the danger of resourceful attackers attempting to gain …
[Ballot comment]
Thank you to Carl Wallace for the SECDIR review.

** Section 1.  Editorial
  However, the danger of resourceful attackers attempting to gain
  information about long-term keys is still a concern because many
  people use the service and these keys are high-value targets.

What service?  Could this text be clearer?

** Section 1.  Editorial.
  While strong protection of manufacturing and other processes is
  essential in mitigating the risks, there is one question that we as
  protocol designers can ask.  Is there something that we can do to
  limit the consequences of attacks, should they occur?

I’m not sure what this paragraph adds.  Consider if it is really needed.

** Section 1.  Editorial.
  This document specifies an extension that helps defend against one
  aspect of pervasive surveillance.  This is important, given the large
  number of users such practices may affect.  It is also a stated goal
  of the IETF to ensure that we understand the surveillance concerns
  related to IETF protocols and take appropriate countermeasures
  [RFC7258].

This text largely repeats what was said in the paragraph before last (which also cited RFC7258).  Consider if it is really needed.

** Section 1. 
  While optional, the use of this extension is strongly
  recommended.

Is this something better left to 3GPP in their profiling of this work?

** Section 1.  Editorial

  Forward secrecy [DOW1992] is on the list of
  features for the next release of 3GPP (5G Phase 2)

-- “Forward Secrecy” has been used multiple times by this point in the text.  Why is the referenced introduced here instead on first use?

-- Can an informative reference be provided for “5G Phase 2”?

** Section 3.

  The use of this extension is at the discretion of the authenticating
  parties.

Wasn’t this more strongly worded in Section 1 (i.e., “While optional, the use of this extension is strongly recommended.”).  Does it needed to be repeated?

** Section 3.  Editorial.

  It should be noted that FS and defenses against passive
  attacks do not solve all problems, but they can provide a partial
  defense that increases the cost and risk associated with pervasive
  surveillance.

Hasn’t this already been said in Section 1 (i.e., “This prevents an attacker who has ...”)

** Section 6.4
  The term "support" here means that the group MUST be implemented and
  MUST be possible to use during a protocol run.

What is a “protocol run”?  Could it be turned off with configuration?

** Section 7.

It is RECOMMENDED that EAP-AKA methods without
  forward secrecy be phased out in the long term.

It is not clear what this means to implementers.  What is “long term”?

** Section 7.  Typo. s/comprimised/compromised/

** Section 7.  Editorial.  In the spirit of more precise and inclusive language, consider if the term “Man in the Middle” can be replaced with another term.
2024-01-17
11 Roman Danyliw [Ballot Position Update] New position, No Objection, has been recorded for Roman Danyliw
2024-01-17
11 Warren Kumari
[Ballot comment]
Thank you for this document, and also to Bo Wu for the OpsDir review: https://datatracker.ietf.org/doc/review-ietf-emu-aka-pfs-10-opsdir-lc-wu-2023-03-20/

I'll note that the document was updated 10 …
[Ballot comment]
Thank you for this document, and also to Bo Wu for the OpsDir review: https://datatracker.ietf.org/doc/review-ietf-emu-aka-pfs-10-opsdir-lc-wu-2023-03-20/

I'll note that the document was updated 10 July 2023, after the OpsDir review (10 March 2023), but the (IMO) very reasonable suggestions were not taken:
"With only IETF technical background, it seems more readable if UICC, HSS can expand on the first-time use."

I hope / trust the the authors will consider and address these.
2024-01-17
11 Warren Kumari [Ballot Position Update] New position, No Objection, has been recorded for Warren Kumari
2024-01-17
11 Murray Kucherawy
[Ballot comment]
Thanks for this work.  Thanks also to Sean Turner for the ARTART review.

Section 7:

The use of "RECOMMENDED" in Section 7 is …
[Ballot comment]
Thanks for this work.  Thanks also to Sean Turner for the ARTART review.

Section 7:

The use of "RECOMMENDED" in Section 7 is peculiar.  As prescriptive interoperability or security advice, to whom does it apply?

Section 8:

BCP 26 strongly urges that a Specification Required registry has advice for the Designated Experts, but this document contains none.  Is there nothing to say here?

Francesca's point also needs attention.
2024-01-17
11 Murray Kucherawy Ballot comment text updated for Murray Kucherawy
2024-01-17
11 Murray Kucherawy
[Ballot discuss]
[For the IESG to discuss]

Further to Eric's point, I don't follow why this document, which specifies a protocol with interoperability properties, isn't …
[Ballot discuss]
[For the IESG to discuss]

Further to Eric's point, I don't follow why this document, which specifies a protocol with interoperability properties, isn't a Proposed Standard.  I get that it's updating/based on previous Informational documents, but it seems to me the fact that the original documents were Informational was done in error because they're a Technical Specification as defined by BCP 9.  The fact that it describes an optional extension also doesn't mean it's not a Technical Specification.
2024-01-17
11 Murray Kucherawy
[Ballot comment]
Thanks for this work.  Thanks also to Sean Turner for the ARTART review.

Section 7:

The use of "RECOMMENDED" in Section 7 is …
[Ballot comment]
Thanks for this work.  Thanks also to Sean Turner for the ARTART review.

Section 7:

The use of "RECOMMENDED" in Section 7 is peculiar.  As prescriptive interoperability or security advice, to whom does it apply?

Section 8:

BCP 26 strongly urges that a Specification Required registry has advice for the Designated Experts, but this document contains none.  Is there nothing to say here?
2024-01-17
11 Murray Kucherawy [Ballot Position Update] New position, Discuss, has been recorded for Murray Kucherawy
2024-01-17
11 Jim Guichard [Ballot Position Update] New position, No Objection, has been recorded for Jim Guichard
2024-01-17
11 John Scudder [Ballot Position Update] New position, No Objection, has been recorded for John Scudder
2024-01-17
11 Zaheduzzaman Sarker [Ballot Position Update] New position, No Objection, has been recorded for Zaheduzzaman Sarker
2024-01-17
11 Éric Vyncke [Ballot comment]
As usual, I wonder why an informational document uses BCP 14 normative language.
2024-01-17
11 Éric Vyncke [Ballot Position Update] New position, No Objection, has been recorded for Éric Vyncke
2024-01-17
11 Francesca Palombini
[Ballot comment]
Thank you for the work on this document.

Many thanks to Sean Turner for his ART ART review: https://mailarchive.ietf.org/arch/msg/art/Aua-Uh5CRr9oDEIanfD6qw8WqVM/.

I only have …
[Ballot comment]
Thank you for the work on this document.

Many thanks to Sean Turner for his ART ART review: https://mailarchive.ietf.org/arch/msg/art/Aua-Uh5CRr9oDEIanfD6qw8WqVM/.

I only have two very minor comments.

Section 6.1: AT_PUB_ECDHE. The way Length is defined in RFC4187 (specifying the length of the attribute in multiple of 4 bytes), and given the length of the ECDHE public key in the attribute value (currently 32 or 33 bytes), you probably should mention something about padding. I expect something analogous to what RFC4187 defines for AT_IDENTITY "Because the length of the attribute must be a multiple of 4 bytes, the sender pads the identity with zero bytes when necessary."

Section 8: IANA Considerations. The section doesn't spell out the fields of the "EAP-AKA' AT_KDF_FS Key Derivation Function Values" registry (Value, Description, Reference), although those are pretty obvious from the table itself. What I think is really missing is the expert guidelines - as RFC8126 specifies, the policy "Specification required" still requires review and approval by a designated expert. "As with Expert Review, clear guidance to the designated expert should be provided when defining the registry". What criteria is the expert supposed to base their decision on when deciding if a new value should be registered?
2024-01-17
11 Francesca Palombini [Ballot Position Update] New position, No Objection, has been recorded for Francesca Palombini
2024-01-16
11 Martin Duke [Ballot Position Update] New position, No Objection, has been recorded for Martin Duke
2024-01-14
11 Erik Kline [Ballot Position Update] New position, No Objection, has been recorded for Erik Kline
2024-01-11
11 Cindy Morgan Placed on agenda for telechat - 2024-01-18
2024-01-11
11 Paul Wouters Ballot has been issued
2024-01-11
11 Paul Wouters [Ballot Position Update] New position, Yes, has been recorded for Paul Wouters
2024-01-11
11 Paul Wouters Created "Approve" ballot
2024-01-11
11 (System) Changed action holders to Paul Wouters (IESG state changed)
2024-01-11
11 Paul Wouters IESG state changed to IESG Evaluation from Waiting for Writeup
2024-01-11
11 Paul Wouters Ballot writeup was changed
2024-01-11
11 (System) Removed all action holders (IESG state changed)
2024-01-11
11 Paul Wouters IESG state changed to Waiting for Writeup from Waiting for Writeup::Revised I-D Needed
2023-09-14
11 (System) Changed action holders to Jari Arkko, Karl Norrman, John Preuß Mattsson (IESG state changed)
2023-09-14
11 Paul Wouters IESG state changed to Waiting for Writeup::Revised I-D Needed from Waiting for Writeup
2023-08-04
11 (System) IANA Review state changed to IANA OK - Actions Needed from IANA - Not OK
2023-08-04
11 David Dong IANA Experts State changed to Expert Reviews OK from Reviews assigned
2023-08-04
11 David Dong
I have reviewed the proposed registration in draft-ietf-emu-aka-pfs and it
seems ok to me.

In addition, I noticed one typo in the IANA considerations section …
I have reviewed the proposed registration in draft-ietf-emu-aka-pfs and it
seems ok to me.

In addition, I noticed one typo in the IANA considerations section (8).
The text:
This extension of EAP-AKA' shares its attribute space and subtypes
with Extensible Authentication Protocol Method for Global System for
Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM)
[RFC4186], EAP-AKA [RFC4186], and EAP-AKA' [RFC9048].

has a wrong RFC number for EAP-AKA. It should be " EAP-AKA [RFC4187]".

Br, Vesa
2023-08-01
11 (System) IESG state changed to Waiting for Writeup from In Last Call
2023-07-27
11 David Dong IANA Experts State changed to Reviews assigned from Expert Reviews OK
2023-07-27
11 (System) IANA Review state changed to IANA - Not OK from Version Changed - Review Needed
2023-07-27
11 David Dong
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-emu-aka-pfs-11. If any part of this review is inaccurate, please let …
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-emu-aka-pfs-11. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator understands that, upon approval of this document, there are two actions which we must complete.

First, in the Attribute Types (Skippable Attributes 128-255) registry on the EAP-AKA and EAP-SIM Parameters registry page located at:

https://www.iana.org/assignments/eapsimaka-numbers/

two new values are to be registered as follows:

Value: [ TBD-at-registration ]
Description: AT_PUB_ECDHE
Reference: [ RFC-to-be ]

Value: [ TBD-at-registration ]
Description: AT_KDF_FS
Reference: [ RFC-to-be ]

As this document requests registrations in an Expert Review or Specification Required (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. This review must be completed before the document's IANA state can be changed to "IANA OK."

Second, a new registry is to be created called the EAP-AKA' AT_KDF_FS Key Derivation Function Values registry. The new registry will be created on the EAP-AKA and EAP-SIM Parameters registry page located at:

https://www.iana.org/assignments/eapsimaka-numbers/

The new registry will be managed via Specification Required as defined by [ RFC8126 ].

There are initial registrations in the new registry as follows:

Value Description Reference
-------+-------------------------------+-------------
0 Reserved [ RFC-to-be ]
1 EAP-AKA' with ECDHE and X25519 [ RFC-to-be ]
2 EAP-AKA' with ECDHE and P-256 [ RFC-to-be ]
3-65535 Unassigned [ RFC-to-be ]

The IANA Functions Operator understands that these two actions are the only ones required to be completed upon approval of this document.

Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Specialist
2023-07-11
11 Cindy Morgan
The following Last Call announcement was sent out (ends 2023-08-01):

From: The IESG
To: IETF-Announce
CC: draft-ietf-emu-aka-pfs@ietf.org, emu-chairs@ietf.org, emu@ietf.org, paul.wouters@aiven.io, peter@akayla.com …
The following Last Call announcement was sent out (ends 2023-08-01):

From: The IESG
To: IETF-Announce
CC: draft-ietf-emu-aka-pfs@ietf.org, emu-chairs@ietf.org, emu@ietf.org, paul.wouters@aiven.io, peter@akayla.com
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS)) to Informational RFC


The IESG has received a request from the EAP Method Update WG (emu) to
consider the following document: - 'Forward Secrecy for the Extensible
Authentication Protocol Method for
  Authentication and Key Agreement (EAP-AKA' FS)'
  as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2023-08-01. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  Many different attacks have been reported as part of revelations
  associated with pervasive surveillance.  Some of the reported attacks
  involved compromising the smart card supply chain, such as attacking
  Universal Subscriber Identity Module (USIM) card manufacturers and
  operators in an effort to compromise long-term keys stored on these
  cards.  Since the publication of those reports, manufacturing and
  provisioning processes have received much scrutiny and have improved.
  However, resourceful attackers are always a cause for concern.
  Always assuming a breach, such as long-term key compromise, and
  minimizing the impact of breach are essential zero trust principles.

  This document updates RFC 9048, the improved Extensible
  Authentication Protocol Method for 3GPP Mobile Network Authentication
  and Key Agreement (EAP-AKA'), with an optional extension providing
  ephemeral key exchange.  Similarly, this document also updates the
  earlier version of the EAP-AKA' specification in RFC 5448.  The
  extension EAP-AKA' Forward Secrecy (EAP-AKA' FS), when negotiated,
  provides forward secrecy for the session keys generated as a part of
  the authentication run in EAP-AKA'.  This prevents an attacker who
  has gained access to the long-term key from obtaining session keys
  established in the past, assuming these have been properly deleted.
  In addition, EAP-AKA' FS mitigates passive attacks (e.g., large scale
  pervasive monitoring) against future sessions.  This forces attackers
  to use active attacks instead.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-emu-aka-pfs/


The following IPR Declarations may be related to this I-D:

  https://datatracker.ietf.org/ipr/3097/
  https://datatracker.ietf.org/ipr/3098/





2023-07-11
11 Cindy Morgan IESG state changed to In Last Call from Last Call Requested
2023-07-11
11 Cindy Morgan Last call announcement was changed
2023-07-11
11 Paul Wouters Last call was requested
2023-07-11
11 (System) Changed action holders to Paul Wouters (IESG state changed)
2023-07-11
11 Paul Wouters IESG state changed to Last Call Requested from Waiting for Writeup::AD Followup
2023-07-11
11 Paul Wouters Last call announcement was generated
2023-07-11
11 Paul Wouters Changed consensus to Yes from Unknown
2023-07-10
11 (System) Changed action holders to Vesa Torvinen, Paul Wouters (IESG state changed)
2023-07-10
11 (System) Sub state has been changed to AD Followup from Revised I-D Needed
2023-07-10
11 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2023-07-10
11 Jari Arkko New version available: draft-ietf-emu-aka-pfs-11.txt
2023-07-10
11 Jari Arkko New version accepted (logged-in submitter: Jari Arkko)
2023-07-10
11 Jari Arkko Uploaded new revision
2023-05-03
10 (System) Changed action holders to Jari Arkko, Karl Norrman, Vesa Torvinen, John Preuß Mattsson, Paul Wouters (IESG state changed)
2023-05-03
10 Paul Wouters IESG state changed to Waiting for Writeup::Revised I-D Needed from Waiting for Writeup
2023-05-03
10 Paul Wouters
Hi authors,

Can you respond to Sean Turner's nits and maybe push out a -11 update ?

See https://www.spinics.net/lists/ietf/msg115454.html

Then I think we are ready …
Hi authors,

Can you respond to Sean Turner's nits and maybe push out a -11 update ?

See https://www.spinics.net/lists/ietf/msg115454.html

Then I think we are ready to let the IESG ballot
2023-03-20
10 Bo Wu Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Bo Wu. Sent review to list.
2023-03-17
10 Jean Mahoney Closed request for Last Call review by GENART with state 'Overtaken by Events'
2023-03-14
10 Carl Wallace Request for Last Call review by SECDIR Completed: Ready. Reviewer: Carl Wallace. Sent review to list.
2023-03-14
10 Sean Turner Request for Last Call review by ARTART Completed: Ready with Nits. Reviewer: Sean Turner. Sent review to list.
2023-03-14
10 (System) IANA Review state changed to IANA OK - Actions Needed from IANA - Not OK
2023-03-14
10 David Dong IANA Experts State changed to Expert Reviews OK from Reviews assigned
2023-03-13
10 (System) IESG state changed to Waiting for Writeup from In Last Call
2023-03-12
10 Linda Dunbar Request for Last Call review by GENART Completed: Ready with Nits. Reviewer: Linda Dunbar. Sent review to list.
2023-03-03
10 Jean Mahoney Request for Last Call review by GENART is assigned to Linda Dunbar
2023-03-03
10 Barry Leiba Request for Last Call review by ARTART is assigned to Sean Turner
2023-03-02
10 David Schinazi Assignment of request for Last Call review by GENART to David Schinazi was rejected
2023-03-02
10 Jean Mahoney Request for Last Call review by GENART is assigned to David Schinazi
2023-03-01
10 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Bo Wu
2023-02-28
10 David Dong IANA Experts State changed to Reviews assigned
2023-02-28
10 (System) IANA Review state changed to IANA - Not OK from IANA - Review Needed
2023-02-28
10 David Dong
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-emu-aka-pfs-10. If any part of this review is inaccurate, please let …
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-emu-aka-pfs-10. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator understands that, upon approval of this document, there are two actions which we must complete.

First, in the Attribute Types (Skippable Attributes 128-255) registry on the EAP-AKA and EAP-SIM Parameters registry page located at:

https://www.iana.org/assignments/eapsimaka-numbers/

two, new registrations are to be made as follows:

Value: [ TBD-at-Registration ]
Description: AT_PUB_ECDH
Reference: [ RFC-to-be ]

Value: [ TBD-at-Registration ]
Description: AT_KDF_FS
Reference: [ RFC-to-be ]

As this document requests registrations in an Expert Review or Specification Required (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. This review must be completed before the document's IANA state can be changed to "IANA OK."

Second, a new registry is to be created called the EAP-AKA' AT_KDF_FS Key Derivation Function Values registry. The new registry will be managed via Specification Required as defined in [RFC8126]. The new registry will be located on the EAP-AKA and EAP-SIM Parameters registry page located at:

https://www.iana.org/assignments/eapsimaka-numbers/

Initial registrations in the new registry are as follows:

Value Description Reference
-------+-------------------------------+-------------
0 Reserved [ RFC-to-be ]
1 EAP-AKA' with ECDHE and X25519 [ RFC-to-be ]
2 EAP-AKA' with ECDHE and P-256 [ RFC-to-be ]
3-65535 Unassigned [ RFC-to-be ]

The IANA Functions Operator understands that these two actions are the only ones required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Specialist
2023-02-28
10 Tero Kivinen Request for Last Call review by SECDIR is assigned to Carl Wallace
2023-02-27
10 Amy Vezza IANA Review state changed to IANA - Review Needed
2023-02-27
10 Amy Vezza
The following Last Call announcement was sent out (ends 2023-03-13):

From: The IESG
To: IETF-Announce
CC: draft-ietf-emu-aka-pfs@ietf.org, emu-chairs@ietf.org, emu@ietf.org, paul.wouters@aiven.io, peter@akayla.com …
The following Last Call announcement was sent out (ends 2023-03-13):

From: The IESG
To: IETF-Announce
CC: draft-ietf-emu-aka-pfs@ietf.org, emu-chairs@ietf.org, emu@ietf.org, paul.wouters@aiven.io, peter@akayla.com
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS)) to Informational RFC


The IESG has received a request from the EAP Method Update WG (emu) to
consider the following document: - 'Forward Secrecy for the Extensible
Authentication Protocol Method for
  Authentication and Key Agreement (EAP-AKA' FS)'
  as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2023-03-13. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  Many different attacks have been reported as part of revelations
  associated with pervasive surveillance.  Some of the reported attacks
  involved compromising the smart card supply chain, such as attacking
  SIM card manufacturers and operators in an effort to compromise
  shared secrets stored on these cards.  Since the publication of those
  reports, manufacturing and provisioning processes have gained much
  scrutiny and have improved.  However, the danger of resourceful
  attackers for these systems is still a concern.  Always assuming
  breach such as key compromise and minimizing the impact of breach are
  essential zero-trust principles.

  This specification updates RFC 9048, the improved Extensible
  Authentication Protocol Method for 3GPP Mobile Network Authentication
  and Key Agreement (EAP-AKA'), with an optional extension.  Similarly,
  this specification also updates the earlier version of the EAP-AKA'
  specification in RFC 5448.  The extension, when negotiated, provides
  Forward Secrecy for the session key generated as a part of the
  authentication run in EAP-AKA'.  This prevents an attacker who has
  gained access to the long-term pre-shared secret in a Subscriber
  Identity Module (SIM) card from being able to decrypt any past
  communications.  In addition, if the attacker stays merely a passive
  eavesdropper, the extension prevents attacks against future sessions.
  This forces attackers to use active attacks instead.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-emu-aka-pfs/


The following IPR Declarations may be related to this I-D:

  https://datatracker.ietf.org/ipr/3097/
  https://datatracker.ietf.org/ipr/3098/





2023-02-27
10 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2023-02-27
10 Amy Vezza Last call announcement was changed
2023-02-26
10 Paul Wouters Last call was requested
2023-02-26
10 Paul Wouters Ballot approval text was generated
2023-02-26
10 Paul Wouters Ballot writeup was generated
2023-02-26
10 (System) Changed action holders to Paul Wouters (IESG state changed)
2023-02-26
10 Paul Wouters IESG state changed to Last Call Requested from Publication Requested
2023-02-26
10 Paul Wouters Last call announcement was generated
2023-02-01
10 Peter Yee
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

## Document History

1. Does the working group (WG) consensus represent …
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

This document reflects strong consensus from members of the working group
interested in improving the EAP-AKA' method.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

Consensus was strong. There were zero objections raised to moving this work forward.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No threats or extreme discontent have been offered.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

There is at least one closed-source implementation of this specification. The
authors have indicated business interest in implementing this specification in
the near future.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

This document is built on AKA, but it does not modify AKA. 3GPP, which
specifies AKA and uses the underlying RFC 5448 and 9048, have seen this
work and provided feedback.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

NA

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

NA

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

NA

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes. This document directly addresses a demonstrated security threat. It's a clear
update to RFC 9048, yet it retains backward compatibility. The use of ECDHE in the
document appears correct. The document is ready for the responsible AD's review.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. For which areas have such issues been identified
    and addressed? For which does this still need to happen in subsequent
    reviews?

The security area issues list has been reviewed by the shepherd. The document
has not yet been reviewed by the security area directorate.

11. What type of RFC publication is being requested on the IETF stream ([Best
    Current Practice][12], [Proposed Standard, Internet Standard][13],
    [Informational, Experimental or Historic][14])? Why is this the proper type
    of RFC? Do all Datatracker state attributes correctly reflect this intent?

The document is requesting publication as Informational. It updates only
two Informational documents (RFC 5448, 9048). Informational status seems
the most suitable as the documents being updated are themselves Informational,
and this document specifies a common but optional means to add forward
secrecy to the underlying EAP method (EAP-AKA').

12. Have reasonable efforts been made to remind all authors of the intellectual
    property rights (IPR) disclosure obligations described in [BCP 79][7]? To
    the best of your knowledge, have all required disclosures been filed? If
    not, explain why. If yes, summarize any relevant discussion, including links
    to publicly-available messages when applicable.

Yes. There are two IPR disclosures in the datatracker for this document. See:
https://datatracker.ietf.org/ipr/search/?submit=draft&id=draft-ietf-emu-aka-pfs
These IPR disclosures were also called out during WGLC, but did not elicit any
concerns.

13. Has each author, editor, and contributor shown their willingness to be
    listed as such? If the total number of authors and editors on the front page
    is greater than five, please provide a justification.

Yes. The three authors are colleagues and all are willing to be noted as authors. A fourth
author listed in earlier versions of the I-D requested to be removed from the authors list.
(This will be seen when a -11 version is posted.)

14. Document any remaining I-D nits in this document. Simply running the [idnits
    tool][8] is not enough; please review the ["Content Guidelines" on
    authors.ietf.org][15]. (Also note that the current idnits tool generates
    some incorrect warnings; a rewrite is underway.)

The draft has been reviewed for nits. The content guidelines have been reviewed
against this document as well.

15. Should any informative references be normative or vice-versa? See the [IESG
    Statement on Normative and Informative References][16].

The informative and normative references look appropriate.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

All the normative references are freely available.

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
    97
][10]) that are not already listed in the [DOWNREF registry][17]? If so,
    list them.

No

18. Are there normative references to documents that are not ready to be
    submitted to the IESG for publication or are otherwise in an unclear state?
    If so, what is the plan for their completion?

No

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

The document updates, but does not change the status of any existing RFCs.

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][11]).

The document adds two values to the existing registry for EAP-AKA and EAP-SIM
Parameters in the Attribute Types (Skippable Attributes 128-255)
section. It also creates a new registry for "EAP-AKA' AT_KDF_FS Key Derivation
Function Values" under the EAP-AKA and EAP-SIM Parameters with Specification
Required and initial contents provided.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

No new registries that require Designated Expert Review.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://trac.ietf.org/trac/ops/wiki/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://trac.ietf.org/trac/iesg/wiki/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]:
https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/
2023-02-01
10 Peter Yee Responsible AD changed to Paul Wouters
2023-02-01
10 Peter Yee IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up
2023-02-01
10 Peter Yee IESG state changed to Publication Requested from I-D Exists
2023-02-01
10 Peter Yee Document is now in IESG state Publication Requested
2023-02-01
10 Peter Yee Intended Status changed to Informational from None
2023-02-01
10 Peter Yee Notification list changed to peter@akayla.com because the document shepherd was set
2023-02-01
10 Peter Yee Document shepherd changed to Peter E. Yee
2023-02-01
10 Peter Yee
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

## Document History

1. Does the working group (WG) consensus represent …
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

This document reflects strong consensus from members of the working group
interested in improving the EAP-AKA' method.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

Consensus was strong. There were zero objections raised to moving this work forward.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No threats or extreme discontent have been offered.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

There is at least one closed-source implementation of this specification. The
authors have indicated business interest in implementing this specification in
the near future.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

This document is built on AKA, but it does not modify AKA. 3GPP, which
specifies AKA and uses the underlying RFC 5448 and 9048, have seen this
work and provided feedback.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

NA

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

NA

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

NA

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes. This document directly addresses a demonstrated security threat. It's a clear
update to RFC 9048, yet it retains backward compatibility. The use of ECDHE in the
document appears correct. The document is ready for the responsible AD's review.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. For which areas have such issues been identified
    and addressed? For which does this still need to happen in subsequent
    reviews?

The security area issues list has been reviewed by the shepherd. The document
has not yet been reviewed by the security area directorate.

11. What type of RFC publication is being requested on the IETF stream ([Best
    Current Practice][12], [Proposed Standard, Internet Standard][13],
    [Informational, Experimental or Historic][14])? Why is this the proper type
    of RFC? Do all Datatracker state attributes correctly reflect this intent?

The document is requesting publication as Informational. It updates only
two Informational documents (RFC 5448, 9048). Informational status seems
the most suitable as the documents being updated are themselves Informational,
and this document specifies a common but optional means to add forward
secrecy to the underlying EAP method (EAP-AKA').

12. Have reasonable efforts been made to remind all authors of the intellectual
    property rights (IPR) disclosure obligations described in [BCP 79][7]? To
    the best of your knowledge, have all required disclosures been filed? If
    not, explain why. If yes, summarize any relevant discussion, including links
    to publicly-available messages when applicable.

Yes. There are two IPR disclosures in the datatracker for this document. See:
https://datatracker.ietf.org/ipr/search/?submit=draft&id=draft-ietf-emu-aka-pfs
These IPR disclosures were also called out during WGLC, but did not elicit any
concerns.

13. Has each author, editor, and contributor shown their willingness to be
    listed as such? If the total number of authors and editors on the front page
    is greater than five, please provide a justification.

Yes. The three authors are colleagues and all are willing to be noted as authors. A fourth
author listed in earlier versions of the I-D requested to be removed from the authors list.
(This will be seen when a -11 version is posted.)

14. Document any remaining I-D nits in this document. Simply running the [idnits
    tool][8] is not enough; please review the ["Content Guidelines" on
    authors.ietf.org][15]. (Also note that the current idnits tool generates
    some incorrect warnings; a rewrite is underway.)

The draft has been reviewed for nits. The content guidelines have been reviewed
against this document as well.

15. Should any informative references be normative or vice-versa? See the [IESG
    Statement on Normative and Informative References][16].

The informative and normative references look appropriate.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

All the normative references are freely available.

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
    97
][10]) that are not already listed in the [DOWNREF registry][17]? If so,
    list them.

No

18. Are there normative references to documents that are not ready to be
    submitted to the IESG for publication or are otherwise in an unclear state?
    If so, what is the plan for their completion?

No

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

The document updates, but does not change the status of any existing RFCs.

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][11]).

The document adds two values to the existing registry for EAP-AKA and EAP-SIM
Parameters in the Attribute Types (Skippable Attributes 128-255)
section. It also creates a new registry for "EAP-AKA' AT_KDF_FS Key Derivation
Function Values" under the EAP-AKA and EAP-SIM Parameters with Specification
Required and initial contents provided.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

No new registries that require Designated Expert Review.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://trac.ietf.org/trac/ops/wiki/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://trac.ietf.org/trac/iesg/wiki/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]:
https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/
2023-01-26
10 John Preuß Mattsson New version available: draft-ietf-emu-aka-pfs-10.txt
2023-01-26
10 John Preuß Mattsson New version accepted (logged-in submitter: John Preuß Mattsson)
2023-01-26
10 John Preuß Mattsson Uploaded new revision
2023-01-21
09 John Preuß Mattsson New version available: draft-ietf-emu-aka-pfs-09.txt
2023-01-21
09 John Preuß Mattsson New version accepted (logged-in submitter: John Preuß Mattsson)
2023-01-21
09 John Preuß Mattsson Uploaded new revision
2023-01-01
08 Peter Yee IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call
2022-10-23
08 Jari Arkko New version available: draft-ietf-emu-aka-pfs-08.txt
2022-10-23
08 Jari Arkko New version accepted (logged-in submitter: Jari Arkko)
2022-10-23
08 Jari Arkko Uploaded new revision
2022-08-16
07 Joseph Salowey IETF WG state changed to In WG Last Call from WG Document
2022-07-11
07 Jari Arkko New version available: draft-ietf-emu-aka-pfs-07.txt
2022-07-11
07 Jari Arkko New version accepted (logged-in submitter: Jari Arkko)
2022-07-11
07 Jari Arkko Uploaded new revision
2022-03-07
06 Jari Arkko New version available: draft-ietf-emu-aka-pfs-06.txt
2022-03-07
06 (System) New version accepted (logged-in submitter: Jari Arkko)
2022-03-07
06 Jari Arkko Uploaded new revision
2021-05-03
05 (System) Document has expired
2020-10-30
05 Jari Arkko New version available: draft-ietf-emu-aka-pfs-05.txt
2020-10-30
05 (System) New version accepted (logged-in submitter: Jari Arkko)
2020-10-30
05 Jari Arkko Uploaded new revision
2020-05-25
04 Jari Arkko New version available: draft-ietf-emu-aka-pfs-04.txt
2020-05-25
04 (System) New version accepted (logged-in submitter: Jari Arkko)
2020-05-25
04 Jari Arkko Uploaded new revision
2020-05-25
04 Jari Arkko New version available: draft-ietf-emu-aka-pfs-04.txt
2020-05-25
04 (System) New version accepted (logged-in submitter: Jari Arkko)
2020-05-25
04 Jari Arkko Uploaded new revision
2020-05-22
03 Jari Arkko New version available: draft-ietf-emu-aka-pfs-03.txt
2020-05-22
03 (System) New version accepted (logged-in submitter: Jari Arkko)
2020-05-22
03 Jari Arkko Uploaded new revision
2020-05-22
03 Jari Arkko New version available: draft-ietf-emu-aka-pfs-03.txt
2020-05-22
03 (System) New version accepted (logged-in submitter: Jari Arkko)
2020-05-22
03 Jari Arkko Uploaded new revision
2020-05-21
02 Mohit Sethi Added to session: interim-2020-emu-01
2020-05-20
02 (System) Document has expired
2019-11-17
02 Jari Arkko New version available: draft-ietf-emu-aka-pfs-02.txt
2019-11-17
02 (System) New version accepted (logged-in submitter: Jari Arkko)
2019-11-17
02 Jari Arkko Uploaded new revision
2019-11-07
01 Mohit Sethi Added to session: IETF-106: emu  Mon-1550
2019-11-04
01 Jari Arkko New version available: draft-ietf-emu-aka-pfs-01.txt
2019-11-04
01 (System) New version accepted (logged-in submitter: Jari Arkko)
2019-11-04
01 Jari Arkko Uploaded new revision
2019-07-25
00 Joseph Salowey This document now replaces draft-arkko-eap-aka-pfs instead of None
2019-07-25
00 Jari Arkko New version available: draft-ietf-emu-aka-pfs-00.txt
2019-07-25
00 (System) WG -00 approved
2019-07-25
00 Jari Arkko Set submitter to "Jari Arkko ", replaces to draft-arkko-eap-aka-pfs and sent approval email to group chairs: emu-chairs@ietf.org
2019-07-25
00 Jari Arkko Uploaded new revision