See comments inline -----Original Message----- From: Alan DeKok <[email protected]> Date: Thursday, 12 September 2019 at 15:56 To: Aura Tuomas <[email protected]> Cc: EMU WG <[email protected]>, "[email protected]" <[email protected]> Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Resent from: <[email protected]> Resent to: John Mattsson <[email protected]>, <[email protected]> Resent date: Thursday, 12 September 2019 at 15:56
> Alan DeKok wrote: > On Sep 12, 2019, at 9:53 AM, Aura Tuomas <[email protected]> wrote: > > > > I was looking at the EAP-TLS with TLS 1.3 draft and noticed that it > forbids PSK >authentication. Why is that? There was discussion regarding this on the list some years ago. The conclusion was to use the EAP-TLS Type-Code should be exclusively for certificate authentication. At that point, nobody expressed wish to use EAP-TLS with PSK authentication. If someone wants to use EAP-TLS with symmetric keys that should probably be a new code point. > See Section 2.1.2. TLS 1.3 uses PSK for resumption. As a result, we > *cannot* use PSK for >authentication in EAP-TLS. I don't understand why this could not be done. My view is that allowing PSK authentication would be quite easy. > > While there is the EAP-PSK method, I would much rather use EAP-TLS with > PSK because it >provides identity protection and perfect forward secrecy, > unlike EAP-PSK. > > Use EAP-PWD for that. Standardizing EAP-TLS should only be done if it has some significant advantages over EAP-PWD, and there are people wanting to implement and use it. 3GPP is e.g. adding identity protection and perfect forward secrecy to EAP-AKA instead. > > > In fact, I think EAP-TLS with PSK should become the standard > authentication method for >networks that rely on shared secrets, e.g. > WPA-Personal. Unifying the Wi-Fi authentication >around EAP would greatly > simplify the Wi-Fi protocol stack. Not that I expect it to happen > >immediately, but we should not close sensible paths forward. > > The time to fix that was before TLS 1.3 was standardized. > > Alan DeKok. _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
