Markdown Version | Session Recording

Session Date/Time: 20 Mar 2025 06:00

emu

Summary

The emu working group meeting covered several important topics, including the status of EAP-TEAP bis, EAP-Adhoc, EAP-FIDO, EAP-PPT charter, and post-quantum cryptography enhancements for EAP. Key discussions revolved around interoperability issues with EAP-TEAP, the potential for simplifying the protocol, the use cases and security considerations for EAP-Adhoc, the integration of EAP-FIDO with web authentication standards, the scope and goals of the EAP-PPT charter, and the adoption of post-quantum cryptography in EAP protocols.

Key Discussion Points

• EAP-TEAP bis:
  • Interoperability issues identified with EMSK compound MAC derivations across different server implementations.
  • Proposal to declare Microsoft's behavior as the standard for TEAPv1 and strip out EMSK-related complexities.
  • Discussion on the need to simplify the MSK and EMSK derivation process.
  • Agreement that the document needs significant revisions and will be returned to the working group.
• EAP-Adhoc:
  • Presentation of the latest updates, including security considerations and channel binding mechanisms.
  • Discussion on whether to include fast reconnect functionality, considering the dependency on the draft adopted by Lake.
  • Concerns raised about the use case for EAP-Adhoc and its applicability to wireless LAN environments.
• EAP-FIDO:
  • Update on implementation progress and ongoing discussions about design decisions, including the custom FIDO challenge format.
  • Debate on whether to align more closely with standard FIDO/WebAuthn or to deviate and create a more customized solution.
  • Discussion on crypto agility and the possibility of reusing the hash algorithm negotiated in TLS.
  • Concerns about server certificate validation and potential cross-protocol attacks.
  • Suggestion to consult with the FIDO Alliance and W3C on standardizing FIDO usage outside of the web.
• EAP-PPT Charter:
  • Discussion on the wording of the charter, particularly concerning privacy pass protocols and tokens.
  • Agreement to revise the language to be more general and inclusive of other privacy technologies.
  • Recognition that the new work may represent architectural changes in EAP.
• Post-Quantum Cryptography Enhancements for EAP:
  • Presentation of hybrid and pure post-quantum cryptography approaches for EAP key exchange.
  • Explanation of the protocol flow and attribute additions for hybrid and pure PQC schemes.
  • Suggestion to consider providing updates to EAP-AKA' prime in WPA supplicant.

Decisions and Action Items

• EAP-TEAP bis:
  • The EAP-TEAP bis document will be returned to the working group for significant revisions.
  • Action: Allan to revise the EAP-TEAP bis document based on the meeting discussion.
• EAP-Adhoc:
  • Action: Authors to consider feedback on use cases, security considerations, and fast reconnect functionality. Post to mailing list for further discussion.
• EAP-FIDO:
  • Action: Janfred to engage with W3C and the FIDO Alliance to explore standardization options for FIDO usage outside of the web. Explore alternatives for incorporating crypto agility.
• EAP-PPT Charter:
  • Action: Joe and Peter to revise the EAP-PPT charter text based on the meeting discussion. Joe will send out an adoption call for EPPT, and also update/batch a recharter at the same time.

Next Steps

• Revise and resubmit the EAP-TEAP bis document to the working group.
• Further discuss EAP-Adhoc use cases and security considerations on the mailing list.
• Explore collaboration opportunities with W3C and the FIDO Alliance regarding EAP-FIDO.
• Issue an adoption call for the EAP-PPT charter item.
• Consider feedback and pursue post-quantum cryptography enhancements for EAP based on the hybrid or pure post-quantum approaches.