Jim Schaad <[email protected]> wrote: > I am finally getting caught up on this thread and I have found it to be very > frustrating because it appears to make an assumption which I do not believe > is warranted.
> I do not see any problems with allowing TLS session to be used across
> different types of EAP assuming that EAP correctly checks the output of
TLS
> before continuing. When a session ticket is issued for a TLS session it
> contains the authentication done by that TLS authentication session. It
> does not contain any of the containing EAP authentication information that
> has been done.
I have been following along the discussion, and I think that I missed the use
case.
Why are we having this discussion?
alan> i.e. a user starts with EAP-TLS, and then tries to "resume" his
alan> session, but this time uses TTLS. It's not clear that anything in the
alan> spec forbids or prevents this.
What's in it for the user?
Is this an attack?
Does it avoid an interaction with a human?
Does it enable mobility between different networks?
Does this avoid some interaction with a two-factor authenticator?
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
