Hi Russ, Sorry for the late reply. I actually brought up your draft [ID-ietf-tls-tls13-cert-with-extern-psk] during my EMU presentation at IETF 106 as something that should probably be in EAP-TLS. Bernard Aboba then expressed a very strong opinion that [ID-ietf-tls-tls13-cert-with-extern-psk] should absolutely not be included in the EAP-TLS Type-Code 0x0D. After this the WG decided as a way forward to specify EAP-TLS with PSK authentication in a new draft.
Given these strong opinions from Bernard Aboba, and the wish to publish draft-ietf-emu-eap-tls13 soon. I think the best way forward would be specify the use of [ID-ietf-tls-tls13-cert-with-extern-psk] in the same new draft as EAP-TLS with PSK authentication. Does that sound like an acceptable way forward? Cheers, John -----Original Message----- From: Russ Housley <hous...@vigilsec.com> Date: Monday, 13 January 2020 at 18:29 To: John Mattsson <john.matts...@ericsson.com> Cc: EMU WG <firstname.lastname@example.org> Subject: Late WGLC Comment on draft-ietf-emu-eap-tls13 John: Section 2.1.1 says: Pre-Shared Key (PSK) authentication SHALL NOT be used except for resumption. I would rather this say: Pre-Shared Key (PSK) authentication SHALL NOT be used except for resumption or in conjunction with the "tls_cert_with_extern_psk" extension [ID-ietf-tls-tls13-cert-with-extern-psk]. Russ _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu