Re: [Emu] WGLC completed for for draft-ietf-emu-eap-tls13-05

Wed, 24 Jul 2019 11:50:30 -0700 

Hi,

Based on the discussion on the list and at the meeting today I suggest the 
following changes to Section 2.1, 2.5, and figures. When we agree I will make a 
commit to GitHub and submit a new version of the draft.

With the solution suggested by Jim, there should be no need to force 
NewSessionTicket. Do we need a figure to illustrate the "or in a separate 
EAP-Request" part of " The TLS record with application data may be sent in the 
same EAP-Request as the last handshake record or in a separate EAP-Request."

Cheers,
John

Section 2.1:
---------------------------

OLD
   The EAP server commits to not send any more handshake messages by
   sending an empty TLS record, see Section 2.5.


NEW
   The EAP server commits to not send any more handshake messages by
   sending a TLS record with the application data 0x00, see Section 2.5.


Section 2.5 EAP State Machines
---------------------------

OLD
   When an EAP server has sent its last handshake message (Finished or a
   Post-Handshake), it commits to not sending any more handshake
   messages by appending an empty application data record (i.e. a TLS
   record with TLSPlaintext.type = application_data and
   TLSPlaintext.length = 0) to the last handshake record.  After sending
   an empty application data record, the EAP server may only send an
   EAP-Success, an EAP-Failure, or an EAP-Request with a TLS Alert
   Message.

NEW
   When an EAP server has sent its last handshake message (Finished or a
   Post-Handshake), it commits to not sending any more handshake
   messages by sending a TLS record with application data 0x00 (i.e. a
   TLS record with TLSPlaintext.type = application_data,
   TLSPlaintext.length = 1, and TLSPlaintext.fragment = 0x00).  EAP
   server implementations MUST set TLSPlaintext.fragment to 0x00, but
   EAP peer implementations MUST accept any application data as a commit
   from the EAP server to not send any more handshake messages.  The TLS
   record with application data may be sent in the same EAP-Request as
   the last handshake record or in a separate EAP-Request.  After
   sending the application data record, the EAP server may only send an
   EAP-Success, an EAP-Failure, or an EAP-Request with a TLS Alert
   Message.

Figures:
---------------------------

OLD
                                 <--------          TLS empty record)

NEW
                                 <--------      TLS Application Data)
 

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Reply via email to