emanjon
commented
1 year ago due to supply chain attacks
As can be seen Bo uses the term "supply chain attacks". I think that is an important term to have in the document. I don't think we should remove it as suggested by Karl's PR. Instead I think we should keep the term and explain it using the text provided by Karl.
Hi,
I am the assigned ops reviewer. Thanks for the document.
This is a well written document that describes the background of the 3GPP issues, the two Forward Secrecy extensions, and the impact on the existing EAP-AKA' messages.
This document defines the EAP-AKA’(RFC 9048) Forward Secrecy extension to address the issue of compromised shared secrets stored on 3GPP 5G networks Smart Cards due to supply chain attacks.
With only IETF technical background, it seems more readable if UICC, HSS can expand on the first-time use.
Thanks, Bo Wu