-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposed updates #44
base: master
Are you sure you want to change the base?
Proposed updates #44
Conversation
…d in 5G and the exact function name is not important for this draft
…e to use in protocol run'
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall comments:
- Generally all very good modifications, thank you!
- A few points where we should discuss if a change is actually needed
- Also, there's a parallel PR from Sean Turner which changed (editorially) some of the same sentences.
In more detail, per section:
Abstract:
- All good
- But wouldn't it make sense to keep the zero-trust mention?
Introduction:
- All good
- But is there a reason to remove the paragraph on this work being part of defending against pervasive surveillance?
- Same question for changing the language from "large number of users" to "many users".
Protocol design:
- All good
Background:
- This specification does not introduce a new EAP method. This change seems incorrect.
AKA:
- All good
EAP-AKA protocol:
- All good
Attacks Against Long-Term Shared Secrets in Smart Cards:
- Is there a reason to remove this section?
Protocol overview:
- Is there a reason for removing the 7748 refernence and X25519?
EAP-AKA' FS Authentication Process:
- What is AD and was that previously defined?
- Why was this removed? "A privacy-friendly identifier SHALL be used"
- This new text is not the usual definition of must be supported: "The term "support" here means that the group MUST be implemented and MUST be possible to use during a protocol run."
- Otherwise all good
Security considerations:
- Why was the discussion of attacks on key storage removed?
- The new consequences discussion removed some aspects that I found important, like impersonation. Was there a reason?
(Run out of time to review the rest)
Abstract:
The present text just makes a general claim that assuming breach and minimizing its Introduction:
It is not removed, only rewritten to focus on what the protocol does: provide
This was just text compression. I have no strong feeling for the change. Background:
OK. You probably know that better. Please change it to "extension of EAP-method" Attacks Against Long-Term Shared Secrets in Smart Cards:
The section mostly repeat information from the introduction. I moved the Protocol overview:
The clause gives an example of a group to use for the DH computation. It does EAP-AKA' FS Authentication Process:
AD is "Authentication Database" mentioned just above the figure. I forgot
Privacy-friendly identifiers are not defined, so it is unclear how to test compliance with the SHALL.
OK, can we point to a place where that is defined then? My point is to avoid Security considerations:
The discussion was compressed because it is repeating text, some even verbatim from the It also seems to give a skewed view. A discussion on compromised supply chains needs
This paragraph was technically incorrect. It claimed that a mechanism for FS
The above attack has nothing to do with forward secrecy. The reason EAP-AKA-FS protects against
The above attack is possible even when EAP-AKA-FS is used. Since the adversary is active, it simply mounts Also this attack is unrelated to forward secrecy and rather relates to PCS. |
The XML does not compile. I also think the SVG is not possible to fix manually as the positions also change when the text is changes. HSS should be changes as that is 4G. And as the term seems to change every gen it is probably best with a general term like AD. I will commit the changes that affect the figures "AD" and "long-term key" to master and regenerate the SVG. |
Now everything from the IETF last call reviews (except explaining why ECDHE is not in some of the keys) are fixed in master. This PR needs som manual handling.
|
Some comment
This is just one form of active attack. A attacker can also impersonate.
Changes this to Changed some additional identity module to USIM Authentication Server (AS) is not used. I suggest we don't introduce terms (AS )we don't use Ephemeral public-key validation requirements are defined in Section 5 of . The NIST ublic-key validation requirements are genereal, not for ephemeral. I added this instead: |
No description provided.