Hi Russ,

Sorry for the late reply. I actually brought up your draft 
[ID-ietf-tls-tls13-cert-with-extern-psk] during my EMU presentation at IETF 106 
as something that should probably be in EAP-TLS. Bernard Aboba then expressed a 
very strong opinion that [ID-ietf-tls-tls13-cert-with-extern-psk] should 
absolutely not be included in the EAP-TLS Type-Code 0x0D. After this the WG 
decided as a way forward to specify EAP-TLS with PSK authentication in a new 

Given these strong opinions from Bernard Aboba, and the wish to publish 
draft-ietf-emu-eap-tls13 soon. I think the best way forward would be specify 
the use of [ID-ietf-tls-tls13-cert-with-extern-psk] in the same new draft as 
EAP-TLS with PSK authentication. Does that sound like an acceptable way forward?


-----Original Message-----
From: Russ Housley <hous...@vigilsec.com>
Date: Monday, 13 January 2020 at 18:29
To: John Mattsson <john.matts...@ericsson.com>
Cc: EMU WG <emu@ietf.org>
Subject: Late WGLC Comment on draft-ietf-emu-eap-tls13

    Section 2.1.1 says:
       Pre-Shared Key (PSK) authentication SHALL NOT be used except
       for resumption.
    I would rather this say:
       Pre-Shared Key (PSK) authentication SHALL NOT be used except
       for resumption or in conjunction with the "tls_cert_with_extern_psk"
       extension [ID-ietf-tls-tls13-cert-with-extern-psk].

Emu mailing list

Reply via email to