Alan, How should we interpret this in RFC 5216 https://tools.ietf.org/html/rfc5216#section-2.1.1:
If the EAP server is not resuming a previously established session, then it MUST include a TLS server_certificate handshake message, and a server_hello_done handshake message MUST be the last handshake message encapsulated in this EAP-Request packet. The certificate message contains a public key certificate chain for either a key exchange public key (such as an RSA or Diffie-Hellman key exchange public key) or a signature public key (such as an RSA or Digital Signature Standard (DSS) signature public key). Does this statement pretty much precludes the certificateless TLS 1.2 ciphersuites, i.e. the extern PSK ones from right? Owen -----Original Message----- From: Emu <emu-boun...@ietf.org> On Behalf Of Alan DeKok Sent: 11 March 2020 19:26 To: John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org> Cc: Mohit Sethi M <mohit.m.se...@ericsson.com>; EMU WG <emu@ietf.org> Subject: Re: [Emu] Late WGLC Comment on draft-ietf-emu-eap-tls13 On Mar 11, 2020, at 4:01 AM, John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org> wrote: > > If I remember correctly, Bernard stated that the indroduction of PSK could > weaken the implementation and violate the security proofs of EAP-TLS. I don't > really agree with Bernard, but I am fine with resticting the type code 0x0D > to certificates only. I am not sure any proofs with TLS 1.1 would apply to > TLS 1.3 anyway as TLS 1.3 is basically a new protocol, reusing encoding and > IANA registers from the old version. For what it's worth, RFC 5216 doesn't make any statement about PSK. So on a first reading, there are currently no restrictions on using PSK with EAP-TLS, and TLS <= 1.2. There are multiple client / server implementations which support PSK for EAP-TLS. That being said, I'm OK with having one EAP type code for EAP-TLS (certs), and another for EAP-TLS (everything else) I would avoid having multiple EAP types. That would bloat implementations. It's better to just let implementors / admins configure TLS parameters for one EAP type, instead of multiple EAP types. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
