[{"author": "Michael Richardson", "text": "

@Deb, if you get here from calendar, then you have to back to DT.

", "time": "2023-01-04T17:01:16Z"}, {"author": "Alan DeKok", "text": "

to remind people:


errata: https://www.rfc-editor.org/errata/rfc7170


Joe's suggestions: https://github.com/emu-wg/teap-errata/pulls


github for 7170bis: https://github.com/emu-wg/rfc7170bis

", "time": "2023-01-04T17:01:19Z"}, {"author": "Alan DeKok", "text": "


", "time": "2023-01-04T17:02:22Z"}, {"author": "Alan DeKok", "text": "


", "time": "2023-01-04T17:02:47Z"}, {"author": "Alan DeKok", "text": "


", "time": "2023-01-04T17:03:34Z"}, {"author": "Eliot Lear", "text": "


", "time": "2023-01-04T17:08:02Z"}, {"author": "Eliot Lear", "text": "

thanks, michael

", "time": "2023-01-04T17:13:14Z"}, {"author": "Heikki Vatiainen", "text": "

How about EAP Notification and NAK?

", "time": "2023-01-04T17:27:26Z"}, {"author": "Oleg Pekar", "text": "

@Heikki: it seems that everything that starts with EAP Identity Request is an EAP method and must finish with EAP Success/Failure (and Intermediate-Result TLV)

", "time": "2023-01-04T17:31:45Z"}, {"author": "Michael Richardson", "text": "

@John, are there PQC concerns with truncating a MAC to 20 bytes?

", "time": "2023-01-04T17:32:02Z"}, {"author": "Heikki Vatiainen", "text": "

Ok, Notication and NAK therefore don't require a specific mention.

", "time": "2023-01-04T17:33:11Z"}, {"author": "Eliot Lear", "text": "

Yes, that works!

", "time": "2023-01-04T17:34:11Z"}, {"author": "Alexander Clouter", "text": "

expanding field for 1.3 gets my vote

", "time": "2023-01-04T17:34:14Z"}, {"author": "Eliot Lear", "text": "

Good one, Alan.

", "time": "2023-01-04T17:34:22Z"}, {"author": "Oleg Pekar", "text": "

Please note: Crypto-Binding TLV section said \"For an implementation compliant with this version of TEAP, the version number MUST be set to one (1)\".

", "time": "2023-01-04T17:35:12Z"}, {"author": "Joseph Salowey", "text": "

@oleg maybe that should also reference this version of TEAP with TLS 1.2

", "time": "2023-01-04T17:36:04Z"}, {"author": "Oleg Pekar", "text": "

Erratum 5775 may require also adding a new flag to Crypto-Binding TLV that indicates that Zero-MSK is present (in addition to MSK is present and EMSK is present)

", "time": "2023-01-04T17:42:49Z"}, {"author": "Michael Richardson", "text": "

@Eliot, I'll read your emails, and try to understand the deployment scenarios you are concerned about.

", "time": "2023-01-04T17:44:55Z"}, {"author": "Michael Richardson", "text": "


", "time": "2023-01-04T17:45:25Z"}, {"author": "Michael Richardson", "text": "

I think that the Auth server has to be an RA, even if it talks to another RA.

", "time": "2023-01-04T17:46:01Z"}, {"author": "John Preu\u00df Mattsson", "text": "

@John, are there PQC concerns with
\ntruncating a MAC to 20 bytes?



", "time": "2023-01-04T17:46:29Z"}, {"author": "Alan DeKok", "text": "

@oleg good point, we can rev Crypto-Binding independent of anything else. Which means we can truncate now, and later make it variable sized

", "time": "2023-01-04T17:46:48Z"}, {"author": "Michael Richardson", "text": "

Might be a good use for Oblivious TLS :-)

", "time": "2023-01-04T17:47:03Z"}, {"author": "Michael Richardson", "text": "

I have to leave now.

", "time": "2023-01-04T17:47:36Z"}, {"author": "Eliot Lear", "text": "

we have code ready for hostap for the #7/#10 TLVs

", "time": "2023-01-04T17:48:48Z"}, {"author": "Eliot Lear", "text": "


", "time": "2023-01-04T17:49:19Z"}, {"author": "Oleg Pekar", "text": "

@Alan that's what Alexander suggested, I'm just pointing out that if we go for it we need also to change this restriction

", "time": "2023-01-04T17:49:20Z"}, {"author": "Alan DeKok", "text": "


", "time": "2023-01-04T17:49:37Z"}, {"author": "Oleg Pekar", "text": "

For errata 5770: IMSK can be derived from inner method MSK or EMSK, or ZeroMSK if it was no inner method. Since the sender doesn\u2019t know before the receiver's response which IMSK is negotiated according to sender and receiver common capabilities, the sender needs to calculate all four keys derived from both MSK and EMSK.

", "time": "2023-01-04T17:52:45Z"}, {"author": "Alexander Clouter", "text": "

can we not just rely on that the CMAC would fail if one end uses zero and the other does not, if they match and you locally used zero, you know zero was there?

", "time": "2023-01-04T17:53:37Z"}, {"author": "Oleg Pekar", "text": "

@Alexander: I remember it was a sentence that says that if the inner method supports MSK or EMSK - Zero-MSK can't be used. If it is not present - we should add it :)

", "time": "2023-01-04T17:57:34Z"}, {"author": "Alan DeKok", "text": "

Thanks! That was very productive

", "time": "2023-01-04T18:01:15Z"}]