**Session Date/Time:** 05 Nov 2024 18:00 # emu Session at IETF 121 ## Summary The EMU session at IETF 121 covered several working group documents and proposals. Key topics included updates on EAP.ARPA, D-DPP provisioning, EAP-Hock, EAP-FIDO, and EAP-PPT. A significant portion of the session was dedicated to discussing challenges and potential solutions related to privacy, security, and deployment considerations for these protocols, particularly regarding user abuse and key revocation. ## Key Discussion Points * **EAP.ARPA:** Updates and clarifications were presented. Security and consistency aspects have been addressed. * **D-DPP Provisioning:** The draft is in last call with minor comments to address. Implementation status highlighted challenges with current TLS stack support for all dependent RFCs. Issues remain with commercial TLS stack support. * **EAP-Hock:** Discussion focused on connection identification and whether the HIP layer and lower layers can reliably relate exchanges, especially in parallel sessions. Fragmentation handling was also addressed. * **EAP-FIDO:** Debate centered around the FIDO challenge format (custom binary vs. WebAuthn-like) and the trade-offs between cryptographic binding to the TLS channel and interoperability with external FIDO servers. Concerns were raised about man-in-the-middle attacks and the need for robust server authentication. Domain name validation and certificate handling was also discussed. * **EAP-PPT:** Review feedback from IETF 120 was discussed along with new features and privacy improvements. Key topics included key material generation, channel binding, privacy-friendly outer identity, TLS session resumption limitations, and deployment considerations. * **EAP-PQ:** A discussion about e-packer prime forward secrecy for post-quantam enhancements and a call for feedback on the draft. * **User Abuse and Key Revocation:** Extensive discussion regarding the need for mechanisms to prevent user abuse and revoke access while maintaining user privacy. Coordination with the Privacy Pass working group was deemed essential. ## Decisions and Action Items * **D-DPP:** Owen to address the minor comments received since the presentation on Friday. * **EAP-Hock:** Working group to review the draft and provide feedback. Alan agreed to review the document, and others volunteered to help. * **EAP-FIDO:** The design of the challenge/response mechanism and related security implications require more analysis. * **EAP-PPT:** Continued discussion on abuse prevention, key revocation, and integration with Open Roaming on the mailing list. Chairs to determine if the current charter covers the proposed work or if an update is required. Applicant to communicate with the chairs on this matter. * Chairs to make a determination about next steps regarding scope for the PPT discussion on revocable credentials. ## Next Steps * **Mailing List Discussions:** Continue discussions on the mailing list for EAP-FIDO (challenge format, security), and EAP-PPT (abuse prevention, key revocation, charter scope). * **Charter Review:** Chairs to review the existing EMU charter to determine if it covers the EAP-PPT related work on privacy-preserving revocation, potentially in coordination with the AD. * **Collaboration:** Coordinate with the Privacy Pass working group on solutions for revocable credentials. * **Review:** The draft on the e-packer prime forward secrecy for post-quantam enhancements will be sent on the mailing list with a call for review.