> Do people see the need to limit the types of ciphersuites that can be > negotiated within EAP-TLS?
In general, no. > If so what would be the appropriate way to divide up the ciphersuites > with method types? When going down this road, it's difficult to tell where you should stop. The first step would be splitting PSK and PKI into two different EAP types. The problem is that the argument for doing the first split can be recursively applied until we have a different EAP type code for every EAP-TLS ciphersuite. I think the point of EAP-level vs TLS-level credential negotiation is valid from a protocol standpoint, but of insignificant importance in real-world deployments. For example, I've yet to encounter an 11i network that supports more than a single EAP type for authentication. Are we trying to solve a non-existant problem? Are there *real-world* scenarios (i.e. something someone has actually encountered, and not a hypothetical corner case) where this would be a *real* issue? -- t. charles clancy, ph.d. <> [EMAIL PROTECTED] <> www.cs.umd.edu/~clancy _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
