Hi Alan, Do you have experience with such cross method resumption? Are there any deployments that make use of this?
My initial reaction is that such cross method session resumption should be forbidden. That is because EAP-TLS has different security properties where both the peer and server are mutually authenticated with TLS and certificates. Mixing it with other EAP methods that use TLS only for server authentication complicates the security properties and proofs. Also, EAP methods that only use TLS for the outer tunnel (TTLS, PEAP, etc.) typically begin with an anonymous NAI for privacy. What NAI would such peers use if they rely solely on TLS based resumption? As a co-author of draft-ietf-emu-eap-tls13, I don't think we should support such cross method resumption. If anything, this should be discouraged/forbidden. --Mohit On 2/1/19 7:49 PM, Alan DeKok wrote: > This question isn't directly applicable to EAP-TLS, but it is related. > > There are multiple EAP methods that use TLS, and presumably all of them > will enable session resumption. The question is, what do we do with > cross-method session resumption? > > i.e. a user starts with EAP-TLS, and then tries to "resume" his session, > but this time uses TTLS. It's not clear that anything in the spec forbids or > prevents this. > > It's not clear if this resumption is an issue, but it should be > highlighted. > > The issue is made more difficult by the fact that session resumption is > usually done at the TLS layer. This means there is minimal ability for the > EAP layer to cross-check method types. > > If we do allow it, it should be called out explicitly in the EAP-TLS > document. If we don't allow it, we should find a way to forbid it. > > Alan DeKok. > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
