> -----Original Message----- > From: Bernard Aboba [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 07, 2007 9:00 PM > To: Joseph Salowey (jsalowey); [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Cc: [email protected] > Subject: RE: [Emu] RFC4279 support in draft-simon-emu-rfc2716bis? > > >[Joe] The KDF needs to be looked at, but I do not think it is > >necessarily a show stopper, it does provide KDF agility. > Reports from > >people who implemented EAP-GPSK indicate that it was simple to > >implement. I have heard push back from embedded system > implementers on > >EAP-TLS stating that it is too complex, this may be a result of > >certificate support I am not sure. > > In my experience, adding certificate support dramatically > increases footprint. For example, as I recall IKEv1/IPsec > with AES CBC/HMAC-SHA1 is around 250 KB or so if we're just > talking about pre-shared key authentication but if you add > certificate support that is another 750 KB, which will be too > big for some applications. > > I would think that the same logic applies to EAP-TLS-PSK. Of > course that would require a stripped down implemenation of > TLS that only supported TLS-PSK, no certificates. I guess > that doesn't exist yet? If you had to pull in all of say, > Open SSL plus add TLS-PSK support, that would almost > certainly make it too large for many embedded applications. > [Joe] Yes OpenSSL is a commonly used toolkit, however I don't think one of its design goals is a small footprint.
_______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
