However, this requires more cryptographic computations since both entities will encrypt the second TLS session packets and it augments significantly the number of rounds trips over the wireless link, which is not always widely available.
As you point out, the approach described in the document is not optimal; rather the goal was to provide functionality that could be most easily implemented, and would be "good enough".
The computational load of encrypting additional packets is fairly small compared with the initial TLS negotiation, which may involve public key computations, so I don't think this is much of a burden.
I believe that the proposed approach adds 1.5 round trips to an initial conversation (session resumption is not affected). As noted in the draft, ciphersuite negotiation could eliminate this. On the other hand, the total number of round-trips in EAP-TLS is largely determined by the certificate chain size, which is the same whether privacy is supported or not. So adding 1.5 round-trips for an initial exchange will typically not represent much of a performance penalty in intranet scenarios.
Hajjeh and I recently submitted a document to add identity protection to TLS. This solution does not suffer from interoperability issues related to TLS Extensions, TLS 1.0 and TLS 1.1 implementations. I would like that EAP-TLS reconsider this document for identity protection implementations.
If and when identity protection ciphersuites are added to TLS, EAP-TLS implementations can support it. I agree that it would be somewhat more efficient in terms of round-trips.
However, I don't think we want to require that EAP-TLS implementations wishing to implement privacy support identity protection ciphersuites. For example, the set of Identity protection ciphersuites described in the document are limited, so that an EAP-TLS implementation might not be able to negotiate the ciphersuites that it would prefer along with identity privacy.
_______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
