Thanks for the pointer. I am fine with the proposed way forward.
Russ > On Mar 10, 2020, at 12:43 PM, Mohit Sethi M <mohit.m.se...@ericsson.com> > wrote: > > Hi Russ, > > You can listen here: https://youtu.be/YJLG4JUftqI?t=1144 > > We plan to support it in EAP-TLS-PSK instead: > https://tools.ietf.org/html/draft-mattsson-emu-eap-tls-psk-00. We have > already added a reference to draft-ietf-tls-tls13-cert-with-extern-psk > and plan to use it. I think using an external PSK any ways requires > ironing out some issues like what is the relationship between NAI and > the PSK identity? And do we allow user-configured PSK identities/PSKs etc.? > > Would it be reasonable if we specify the usage of > draft-ietf-tls-tls13-cert-with-extern-psk in EAP-TLS-PSK instead? > > --Mohit > > On 3/10/20 6:30 PM, Russ Housley wrote: >> I do not understand the reason for Bernard's objection. I looked at the >> minutes, and I do not find any rationale there. Can you help? >> >> Russ >> >> >>> On Mar 9, 2020, at 5:59 AM, John Mattsson <john.matts...@ericsson.com> >>> wrote: >>> >>> Hi Russ, >>> >>> Sorry for the late reply. I actually brought up your draft >>> [ID-ietf-tls-tls13-cert-with-extern-psk] during my EMU presentation at IETF >>> 106 as something that should probably be in EAP-TLS. Bernard Aboba then >>> expressed a very strong opinion that >>> [ID-ietf-tls-tls13-cert-with-extern-psk] should absolutely not be included >>> in the EAP-TLS Type-Code 0x0D. After this the WG decided as a way forward >>> to specify EAP-TLS with PSK authentication in a new draft. >>> >>> Given these strong opinions from Bernard Aboba, and the wish to publish >>> draft-ietf-emu-eap-tls13 soon. I think the best way forward would be >>> specify the use of [ID-ietf-tls-tls13-cert-with-extern-psk] in the same new >>> draft as EAP-TLS with PSK authentication. Does that sound like an >>> acceptable way forward? >>> >>> Cheers, >>> John >>> >>> -----Original Message----- >>> From: Russ Housley <hous...@vigilsec.com> >>> Date: Monday, 13 January 2020 at 18:29 >>> To: John Mattsson <john.matts...@ericsson.com> >>> Cc: EMU WG <firstname.lastname@example.org> >>> Subject: Late WGLC Comment on draft-ietf-emu-eap-tls13 >>> >>> John: >>> >>> Section 2.1.1 says: >>> >>> Pre-Shared Key (PSK) authentication SHALL NOT be used except >>> for resumption. >>> >>> I would rather this say: >>> >>> Pre-Shared Key (PSK) authentication SHALL NOT be used except >>> for resumption or in conjunction with the "tls_cert_with_extern_psk" >>> extension [ID-ietf-tls-tls13-cert-with-extern-psk]. >>> >>> Russ >>> >>> >>> >> _______________________________________________ >> Emu mailing list >> Emu@ietf.org >> https://www.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu