Does anyone else have any other thoughts on this? I'm not a TLS expert but similarly value the TLS Fatal Alerts over using close_notify. If we will be losing alerts then I would favor switching back to 0x00.
Jorge Vergara -----Original Message----- From: Alan DeKok <al...@deployingradius.com> Sent: Wednesday, September 2, 2020 10:33 AM To: John Mattsson <john.matts...@ericsson.com> Cc: John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org>; Mohit Sethi M <mohit.m.sethi=40ericsson....@dmarc.ietf.org>; Jorge Vergara <jover...@microsoft.com>; Mohit Sethi M <mohit.m.se...@ericsson.com>; Benjamin Kaduk <ka...@mit.edu>; EMU WG <emu@ietf.org> Subject: Re: [Emu] Commitment Message handling in EAP-TLS 1.3 On Sep 1, 2020, at 10:23 AM, John Mattsson <john.matts...@ericsson.com> wrote: > > If the ability to send a descriptive TLS Fatal Alert back to the peer is a > requirement, changing to close_notify seems like a bad idea. It's fine for EAP Success. But having two different code paths is a little surprising. > My understanding is that is would add an extra roundtrip without any clear > benefits compared to sending an encrypted 0x00 application data. That's a reason to stick with sending 0x00, then. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
