Hi Alan, Very good that this is discussed and highlighted.
My understanding is that TLS itself clearly allows a resumed connection to be used for a completely different purpose. The ALPN specification (RFC 7301) says that: "When session resumption or session tickets [RFC5077] are used, the previous contents of this extension are irrelevant, and only the values in the new handshake messages are considered." I don't know how important this feature is in EAP, but if it is useful and do not cause security problems, we should probably not forbid it. Cheers, John _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu