Overall, this draft is a significant improvement over the previous one. However, this draft appears to add support for new authentication modes such as PSK and ticket authentication. As far as I know, these features are not supported in any existing implementation and therefore would complicate testing and advancement of EAP-TLS to Standards status. I am also concerned that these changes will invalidate prior EAP-TLS security proofs and introduce new potential security vulnerabilities.
John Mattsson said: Hi, We have submitted an updated version of draft-mattsson-eap-tls13. The new version is a significant update based on the feedback and comments on the EAP and EMU mailing lists. The new version also fills in all the sections that was TDB in the -00 version. - The draft now updates version updates RFC5216 (instead of obsoleting) and all text have been updated to make sure that the update stays compatible with all existing implementations of EAP-TLS. - Added more text on what TLS 1.3 changes and why an update to RFC5216 is needed. - As this is now an update, all duplicated text is removed, and the draft only describe the changes to message flow, messages, key derivation, privacy, etc. when TLS 1.3 is used. The new draft follows the structure of RFC5216 and lists updates (if any) to each section. - Clearly stated that PSK authentication SHALL not be used (except for resumption). [BA] Why add support for PSK authentication outside of resumption? AFAIK there are no implementations of this. - Due to the encrypted handshake in TLS 1.3 there is no longer any need for the EAP client to send and empty certificate list. A privacy section has been added that explains this. - A key hierarchy section has been added specifying that when TLS 1.3 is used then Key_Material, IV, and Session-Id SHALL be derived from the exporter_master_secret using the TLS exporter interface. Comments appreciated. Cheers, John
_______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
