On Sep 12, 2019, at 9:53 AM, Aura Tuomas <tuomas.a...@aalto.fi> wrote: > > I was looking at the EAP-TLS with TLS 1.3 draft and noticed that it forbids > PSK authentication. Why is that?
See Section 2.1.2. TLS 1.3 uses PSK for resumption. As a result, we *cannot* use PSK for authentication in EAP-TLS. > While there is the EAP-PSK method, I would much rather use EAP-TLS with PSK > because it provides identity protection and perfect forward secrecy, unlike > EAP-PSK. Use EAP-PWD for that. > In fact, I think EAP-TLS with PSK should become the standard authentication > method for networks that rely on shared secrets, e.g. WPA-Personal. Unifying > the Wi-Fi authentication around EAP would greatly simplify the Wi-Fi protocol > stack. Not that I expect it to happen immediately, but we should not close > sensible paths forward. The time to fix that was before TLS 1.3 was standardized. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
