We have had discussions on limiting the ciphersuites that are supported by EAP-TLS in the past. In particular it seemed that there was some leaning towards limiting it to certificate based ciphersuites. For the most part this seems unnecessary since TLS supports ciphersuite negotiation. However some have raised the concern that negotiating the use of different credentials may not be appropriate at the TLS level. If this is the case then one approach would be to assign different EAP method types to different types of ciphersuites.
Do people see the need to limit the types of ciphersuites that can be negotiated within EAP-TLS? If so what would be the appropriate way to divide up the ciphersuites with method types? Thanks, Joe _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
