Automatic IETF Minutes

Markdown Version | Session Recording

Session Date/Time: 07 Nov 2023 14:30

# emu

## Summary

The EMU working group session at IETF 118 covered several topics including the status of existing working group documents, a call for adoption for EAP-Adhoc, a presentation on MKA over IP, and a proposal for a new EAP provisioning domain (EAP.ARPA). A new draft on EAP-FIDO was also presented and discussed.

## Key Discussion Points

*   **EAP AKA Forward Secrecy:**  The document is in the hands of the authors, awaiting submission with a few nits to be addressed.
*   **EAP-Adhoc:** Goran presented EAP-Adhoc, highlighting its use of seaborne and cozy for compact message sizes, and potential applications in IoT and 3GPP.  A call for adoption was requested. There was discussion of whether it duplicated existing EAP methods.
*   **MKA over IP:** Hooman presented MKA over IP, explaining its use of MACsec with programmable authentication and encryption offsets to encrypt IP and MPLS traffic. The presentation focused on enabling quantum-safe encryption. There was discussion on whether the work was a good fit for the working group, and whether existing mechanisms like PANA could fulfill the same need.  The presentation also included security discussions and discussion about exposing MPLS headers, but not the quantum-safe aspects.
*   **EAP.ARPA:** Alan presented a proposal to add EAP.ARPA as a special use domain for EAP provisioning.  The aim is to create a domain under IETF control to facilitate server-unauthenticated provisioning and other EAP-related functions.
*   **EAP-FIDO:** Jian Fred and Stephan presented a new EAP method using FIDO security keys (EAP-FIDO) for authentication. The goals include minimal configuration, username-less authentication, and better privacy. Revocation of credentials was discussed, as was choosing a proper name.

## Decisions and Action Items

*   **EAP-Adhoc:** The chairs will initiate a formal working group call for adoption on the mailing list.
*   **MKA over IP:** The working group chairs will consider whether to recharter the group to address MKA over IP, or suggest other working groups.
*   **EAP.ARPA:** Alan will prepare a draft and registration for EAP.ARPA and the EAP identifier registry.
*   **EAP-FIDO:** 
    *   Jian Fred will find appropriate contacts at the FIDO Alliance and involve them in the development and review of the EAP-FIDO draft.
    *   The authors will refine the name of the draft, to make it clear which Fido mechanism is used, and consider the implications of that.
    *   The authors will also consider and document implications of the design, and the lack of certificate revocation functionality.

## Next Steps

*   Authors to work on action items identified above.
*   Chairs to coordinate the call for adoption for EAP-Adhoc.
*   Chairs to investigate potential homes for MKA over IP within the IETF.