Mohit Sethi M <[email protected]> wrote: > Is your concern only in the context of IoT or do you think in general > we are better off using protocols directly without the EAP framework > overhead?
EAP is designed to be used within a protocol, to interact with AAA infrastructure. Use within 802.1X, and IKEv2 has been great. The purpose of which is to authenticate a relationship, and provide keying material. This document claims to be useful between two peers, then goes on to acknowledge that there are more entities involved. 1) If we aren't talking about IoT, why would we be talking about CoAP? 2) I haven't seen a use case for this yet. 3) If you are trying to produce keying material for OSCORE, and EDHOC is not to your liking, and you want *TLS* involved, then just use DTLS or ATLAS or cTLS. You can run your favourite EAP methods within TLS if you want to. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] [email protected] http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
