On Wed, Oct 30, 2019 at 4:12 AM Alan DeKok <al...@deployingradius.com>

> On Oct 30, 2019, at 5:02 AM, Eliot Lear <l...@cisco.com> wrote:
> > A fair argument, if it can be made, and I am not convinced it has been
> fully expressed, is the idea that there is no context by which one can
> separate fast restart and initial authentication.  This is Alan’s concern.
> I’m not saying it’s without merit, but what I cannot yet see is whether it
> is an implementation or a protocol matter.
>   I believe it's a protocol matter.  In TLS 1.3, PSK handshakes are the
> same as resumption handshakes.
>   It's not clear to me how this issue was addressed when using TLS 1.3
> with HTTPS.  But I do believe it's an issue there, too.
[Joe] Can you elaborate on what the issue is?  I think most TLS deployments
operate in either a certificate based mode or a PSK mode, but not both at
the same time.

>   As an additional note, I believe it's also important that
> draft-dekok-emu-tls-eap-types be published at the same time as the EAP-TLS
> document.  The only unknown there is FAST and TEAP.  I'm happy to remove
> them from the document.
>   But at this point it's not even a WG document.  There's not even
> consensus that the document necessary, which surprises me rather a lot.
> Because password-based EAP methods are *much* more wide-spread than EAP-TLS.
>   If the IETF publishes EAP-TLS without simultaneously rev'ing TTLS and
> PEAP, it will not only look bad, it will *be* bad.  And the industry press
> will (rightfully) lambast the standards process.
[Joe] We need people to contribute to the document.  If we are going to
publish a document through the working group it needs to at least to
include TEAP.   I know there are folks on this list who are implementing.
They need to step up and help with this document and the TEAP errata.

>   Alan DeKok.
Emu mailing list

Reply via email to