Automatic IETF Minutes

Markdown Version | Session Recording

Session Date/Time: 27 Mar 2023 00:30

# emu Session - IETF 116

## Summary

This session covered several topics including updates on the KEEP protocol, discussion of TLS bootstrapping methods, lightweight EAP methods, and potential new work on credential management. The main focus was on progressing existing drafts, resolving open issues, and gauging interest in new proposals.

## Key Discussion Points

*   **KEEP Protocol:**
    *   Significant effort has been put into the KEEP document, but several issues remain.
    *   Specifically, the lack of client identity information in the initial TLS handshake is problematic.  The server doesn't know which authentication method to propose (EAP or password).
    *   There was discussion about the meaning of "credentials unavailable" error, its ambiguity and how implementations should handle it by sending an error, instead of doing some odd behavior.
    *   The working group needs to decide whether to publish the current document with known issues and then create a v2 to fix the issues.
    *   Elliot stated that they have PK options implemented in the EPA sub. The intent is to feed them right back to the working group.
    *   Dan Har expressed that adding the Csr attributes TLV would be useful for asked.
    *   Cipher suites should be updated.

*   **Bootstrap TLS Authentication:**
    *   Dan Har presented an update on the bootstrap TLS authentication draft, addressing the catch-22 of needing a certificate to get on the network.
    *   Discussion focused on simplifying the key expansion process (addressing Han's comment) and ensuring compatibility with EPA.
    *   Csr attributes, Tlv should be linked in.

*   **EAP Ad-hoc:**
    *   John presented an update on the EAP ad-hoc draft, a lightweight EAP method aimed at constrained IoT devices.
    *   The draft is now undergoing directorate review and is nearing last call.
    *   Discussion centered on message sizes and the mandatory security properties.

*   **EAP Tips:**
    *   Mailing discussed the draft on EAP Tips and mentioned that it had been updated to a new version.
    *   There seemed to be low interest on EAP Tips.

*   **KEEP Onboarding:**
    *   Alan mentioned this and concrete results of some implementations are expected in the future.

*   **MATS for TLS with PSK:**
    *   Eric mentioned this discussion.

*   **Credential Management**
    *   Max from discussed continued work on managing credentials. This would remove the authentication part and could allow for definition of security levels and policies to be implemented.

## Decisions and Action Items

*   **KEEP Protocol:**
    *   **ACTION:** Elliott to provide a pull request for Pk operation changes.
    *   **ACTION:** Get a P r for identity TvL.
    *   **ACTION:** Investigate cipher suite and update PR to the list.
    *   **ACTION:** Clarify the "credentials unavailable" error on the mailing list and define what it means.
    *   **ACTION:** Send a request action frame upfront. People... That will make it a little more concrete for people to to discuss.

*   **Bootstrap TLS Authentication:**
    *   **ACTION:** Dan Har to publish a new document with proposed changes.
    *   **ACTION:** Dan Har to address Harness comment to remove one of those extraneous aggravation.

*   **EAP Ad-hoc:**
    *   Working group to consider if this is an appropriate item for email working group and take to list to see the interest.

## Next Steps

*   Continue discussions on open issues and action items on the mailing list.
*   Prepare updated drafts based on meeting discussions and identified actions.
*   Chairs to consult on timing of Working Group Last Calls for KEEP and Bootstrap TLS Authentication.
*   Evaluate the feedback from the list regarding the appropriateness of ad-hoc and make a decision.