**Session Date/Time:** 19 Mar 2024 05:30 # emu ## Summary This IETF 119 EMOS session covered several working group items, including the EAP AKA FS uplift request, bootstrap TLS, a charter update for new work (EAP EdHawk and EAP Fido), and discussions on EAP.arpa, EAP EdHawk, EAP Fido, and pre-shared key negotiation. The charter update focused on incorporating new work related to EAP methods for user authentication, specifically EAP EdHawk for constrained environments and EAP Fido for passwordless authentication. There were in-depth discussions on the feasibility and challenges related to each proposed solution. ## Key Discussion Points * **EAP AKA FS:** The upgrade of the previous RFC for standard track is proceeding, with no technical input received during the last call. * **Bootstrap TLS:** The document will proceed with a down-ref approach due to delays in the TLS workgroup. * **Charter Update:** A charter update is proposed to include new work items for EAP EdHawk and EAP Fido. * **EAP EdHawk:** Aims to provide a compact and lightweight authentication and key exchange mechanism for constrained IoT environments. * **EAP Fido:** Seeks to develop a passwordless EAP method leveraging CTAP 2, but faces challenges related to web origin requirements and silent authentication feasibility. * **EAP.arpa:** To add milestone and deliverable to the charter, to support other working group documents. * **EAP.arpa:** Addresses identification of EAP identity using the .arpa domain, defining a non-routable domain for radius proxying and a new EAP registry. * **EAP Fido:** Discussions highlighted concerns about the applicability of Fido/WebAuthn outside of web contexts, the feasibility of silent authentication, and the need for a fallback mechanism. The possibility of user interaction being required for authentication was also discussed. * **EAP AKA PQC:** Explores post-quantum cryptographic enhancements to EAP AKA, with server generating both ECDH and PQC keys. * **EAP PSK:** Presents a simple method for PSK negotiation in EAP, using multiple PSKs and managing them by categories based on the key producer, but more interest is needed. ## Decisions and Action Items * **Bootstrap TLS:** Proceed with the down-ref approach. * **Charter Update:** The chair will move forward with updating the charter to include EAP EdHawk, EAP Fido, and EAP.arpa. * **EAP Fido:** Ricard is going to explore the limitations of FIDO, specifically the silent authentications and potential fallback mechanisms. ## Next Steps * **EAP EdHawk:** Continue implementation and testing, with potential participation in a Hackathon in Paris in May. * **EAP Fido:** Refine the draft based on feedback, investigate Fido specifications further, and explore potential collaborations with Fido experts. * **EAP.arpa:** Prepare for working group last call after incorporating the latest information. * **EAP PSK:** Ray is to follow-up on the list to gather more interest.