Thanks for the pointer.

I am fine with the proposed way forward.

Russ


> On Mar 10, 2020, at 12:43 PM, Mohit Sethi M <mohit.m.se...@ericsson.com> 
> wrote:
> 
> Hi Russ,
> 
> You can listen here: https://youtu.be/YJLG4JUftqI?t=1144
> 
> We plan to support it in EAP-TLS-PSK instead: 
> https://tools.ietf.org/html/draft-mattsson-emu-eap-tls-psk-00. We have 
> already added a reference to draft-ietf-tls-tls13-cert-with-extern-psk 
> and plan to use it. I think using an external PSK any ways requires 
> ironing out some issues like what is the relationship between NAI and 
> the PSK identity? And do we allow user-configured PSK identities/PSKs etc.?
> 
> Would it be reasonable if we specify the usage of 
> draft-ietf-tls-tls13-cert-with-extern-psk in EAP-TLS-PSK instead?
> 
> --Mohit
> 
> On 3/10/20 6:30 PM, Russ Housley wrote:
>> I do not understand the reason for Bernard's objection.  I looked at the 
>> minutes, and I do not find any rationale there.  Can you help?
>> 
>> Russ
>> 
>> 
>>> On Mar 9, 2020, at 5:59 AM, John Mattsson <john.matts...@ericsson.com> 
>>> wrote:
>>> 
>>> Hi Russ,
>>> 
>>> Sorry for the late reply. I actually brought up your draft 
>>> [ID-ietf-tls-tls13-cert-with-extern-psk] during my EMU presentation at IETF 
>>> 106 as something that should probably be in EAP-TLS. Bernard Aboba then 
>>> expressed a very strong opinion that 
>>> [ID-ietf-tls-tls13-cert-with-extern-psk] should absolutely not be included 
>>> in the EAP-TLS Type-Code 0x0D. After this the WG decided as a way forward 
>>> to specify EAP-TLS with PSK authentication in a new draft.
>>> 
>>> Given these strong opinions from Bernard Aboba, and the wish to publish 
>>> draft-ietf-emu-eap-tls13 soon. I think the best way forward would be 
>>> specify the use of [ID-ietf-tls-tls13-cert-with-extern-psk] in the same new 
>>> draft as EAP-TLS with PSK authentication. Does that sound like an 
>>> acceptable way forward?
>>> 
>>> Cheers,
>>> John
>>> 
>>> -----Original Message-----
>>> From: Russ Housley <hous...@vigilsec.com>
>>> Date: Monday, 13 January 2020 at 18:29
>>> To: John Mattsson <john.matts...@ericsson.com>
>>> Cc: EMU WG <emu@ietf.org>
>>> Subject: Late WGLC Comment on draft-ietf-emu-eap-tls13
>>> 
>>>    John:
>>> 
>>>    Section 2.1.1 says:
>>> 
>>>       Pre-Shared Key (PSK) authentication SHALL NOT be used except
>>>       for resumption.
>>> 
>>>    I would rather this say:
>>> 
>>>       Pre-Shared Key (PSK) authentication SHALL NOT be used except
>>>       for resumption or in conjunction with the "tls_cert_with_extern_psk"
>>>       extension [ID-ietf-tls-tls13-cert-with-extern-psk].
>>> 
>>>    Russ
>>> 
>>> 
>>> 
>> _______________________________________________
>> Emu mailing list
>> Emu@ietf.org
>> https://www.ietf.org/mailman/listinfo/emu

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Reply via email to