**Session Date/Time:** 19 Mar 2026 06:00 # [EMU](../wg/emu.html) ## Summary The EMU working group met at IETF 125 to discuss progress on Post-Quantum Cryptography (PQC) integration for EAP methods, updates to Tunnel Extensible Authentication Protocol (TEAP), and enhancements to forward security in re-authentication. Key topics included a new fragmentation mechanism for `draft-ietf-emu-pqc-eapaka`, a proposal for TEAPv2 with simplified key derivation and MTU management, and a new proposal for forward-secure re-authentication in EAP-AKA'. The session concluded with a discussion on generalizing PQC enhancements for all TLS-based EAP methods. ## Key Discussion Points ### Post-Quantum Enhancements in EAP-AKA' **Draft:** `draft-ietf-emu-pqc-eapaka` **Presentation:** [Post-Quantum Enhancements in EAP-AKA](https://datatracker.ietf.org/meeting/125/materials/slides-125-emu-post-quantum-enhancements-in-eap-aka-00) * **Fragmentation and Reassembly:** Tero presented (on behalf of Aritra) the latest updates involving a new `AT_FRAGMENT` attribute. Because PQC public keys and ciphertexts often exceed the EAP MTU, a native fragmentation and reassembly mechanism was introduced. * **Mechanism:** The solution uses a lock-step acknowledgment model similar to EAP-TLS. It includes "First" and "More" fragment flags and requires the receiver to acknowledge fragments before the sender proceeds. * **Generic Use:** Hiki asked if this fragmentation mechanism could be generalized for other non-PQC EAP methods. Tero noted that while it is currently within the EAP-AKA' context, the text is written generically enough to potentially be leveraged elsewhere. * **Implementation:** Hannes offered to assist with a reference implementation. ### TEAPv2 **Presentation:** [TEAPv2](https://datatracker.ietf.org/meeting/125/materials/slides-125-emu-teapv2-00) * **Simplification:** Alan discussed the need for TEAPv2 to simplify key derivation and document actual implementation practices rather than unimplemented theoretical features from RFC 7170. * **Mandating Flows:** To ensure interoperability, the proposal suggests mandating all allowed flows to prevent "subset-only" implementations. * **MTU Management:** Alan proposed mandating a maximum MTU of 1280 bytes for TEAP. This addresses issues where EAP packets fail to traverse Radius over UDP due to fragmentation issues at the transport/network layer. * **Adoption Interest:** Joe inquired about vendor interest. Alan indicated interest from Cisco and potential interest from the Aruba team. Hiki also expressed interest in the implementation. ### Forward Secure Re-authentication in EAP-AKA’ **Presentation:** [Forward Secure Reauthentication in EAP-AKA’](https://datatracker.ietf.org/meeting/125/materials/slides-125-emu-forward-secure-reauthentication-in-eap-aka-00) * **Privacy Vulnerability:** Guilin identified a privacy risk in current EAP-AKA' re-authentication. If long-term keys are compromised, attackers can decrypt re-authentication IDs, allowing them to link multiple re-authentication sessions to a single user. * **Proposed Solution:** The draft proposes updating transient EAP keys (`K_ENCR` and `K_AUT`) using ephemeral shared secrets (from DH or KEM) to provide forward security for the re-authentication process. * **Feedback:** John and Tero agreed with the problem analysis and found the proposed update to the key derivation function (KDF) to be a viable solution. ### Post-Quantum Enhancements to EAP‑TLS and EAP‑TTLS **Presentation:** [Post-Quantum Enhancements to EAP‑TLS and EAP‑TTLS](https://datatracker.ietf.org/meeting/125/materials/slides-125-emu-post-quantum-enhancements-to-eaptls-and-eapttls-00) * **Migration Paths:** Tero discussed transition strategies for TLS-based EAP, including hybrid KEMs (defense-in-depth) and pure PQC paths. * **Certificate Optimization:** To mitigate fragmentation issues caused by large PQC signatures, the draft suggests out-of-band retrieval of intermediate certificates using EST (Enrollment over Secure Transport) URIs. * **Scope Expansion:** John and Hannes suggested that the document's scope should be expanded to cover all TLS-based EAP methods, not just EAP-TLS and EAP-TTLS. Tero agreed to this change. * **Coordination:** Michael noted that using EST URIs for certificate distribution might require coordination with the LAMPS or ANIMA working groups, though it may not require a heavy formal process. ## Decisions and Action Items * **`draft-ietf-emu-pqc-eapaka`:** The working group will review the new fragmentation and reassembly sections. If stable, the document will move toward a Working Group Last Call (WGLC). * **TEAPv2:** Alan will continue work on a standalone TEAPv2 draft (incorporating stable parts of v1) and coordinate with Elliot on the HostAP/EAPoL-test implementation. * **TLS-based PQC:** Tero will update his draft to encompass all TLS-based EAP methods based on working group feedback. ## Next Steps * **Call for Adoption:** The chairs will take the discussion of the new PQC and TEAPv2 drafts to the mailing list to gauge consensus for adoption. * **Cross-WG Review:** Chairs and authors will monitor developments in the TLS and LAMPS working groups regarding hybrid certificates and EST extensions to ensure alignment. * **Review Solicitation:** The authors of the forward-secure re-authentication proposal requested more detailed reviews of the KDF updates.