I was looking at the EAP-TLS with TLS 1.3 draft and noticed that it forbids PSK authentication. Why is that? While there is the EAP-PSK method, I would much rather use EAP-TLS with PSK because it provides identity protection and perfect forward secrecy, unlike EAP-PSK.
In fact, I think EAP-TLS with PSK should become the standard authentication method for networks that rely on shared secrets, e.g. WPA-Personal. Unifying the Wi-Fi authentication around EAP would greatly simplify the Wi-Fi protocol stack. Not that I expect it to happen immediately, but we should not close sensible paths forward. Tuomas _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
